From 6923aeb50a50ea5fcf6a3234cef9e01e29e49dd2 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 11:39:50 -0800 Subject: [PATCH 01/17] feat: adds Timoni release type --- cli/pkg/release/providers/github.go | 4 - cli/pkg/release/providers/timoni.go | 106 ++++++++++++++++++++++++ cli/pkg/release/releaser.go | 4 + lib/project/schema/_embed/schema.cue | 28 +++++-- lib/project/schema/providers.go | 10 +++ lib/project/schema/providers_go_gen.cue | 10 +++ 6 files changed, 149 insertions(+), 13 deletions(-) create mode 100644 cli/pkg/release/providers/timoni.go diff --git a/cli/pkg/release/providers/github.go b/cli/pkg/release/providers/github.go index 04622dcf..74b9ebef 100644 --- a/cli/pkg/release/providers/github.go +++ b/cli/pkg/release/providers/github.go @@ -18,10 +18,6 @@ import ( "github.com/spf13/afero" ) -type GithubClient interface { - RepositoriesGetReleaseByTag(ctx context.Context, owner, repo, tag string) (*github.RepositoryRelease, *github.Response, error) -} - type GithubReleaserConfig struct { Prefix string `json:"prefix"` Name string `json:"name"` diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go new file mode 100644 index 00000000..dcbb511b --- /dev/null +++ b/cli/pkg/release/providers/timoni.go @@ -0,0 +1,106 @@ +package providers + +import ( + "fmt" + "log/slog" + + "github.com/input-output-hk/catalyst-forge/cli/pkg/events" + "github.com/input-output-hk/catalyst-forge/cli/pkg/executor" + "github.com/input-output-hk/catalyst-forge/cli/pkg/run" + "github.com/input-output-hk/catalyst-forge/lib/project/project" + "github.com/input-output-hk/catalyst-forge/lib/project/schema" +) + +const ( + TIMONI_BINARY = "timoni" +) + +type TimoniReleaserConfig struct { + Container string `json:"container"` + Tag string `json:"tag"` +} + +type TimoniReleaser struct { + config TimoniReleaserConfig + force bool + handler events.EventHandler + logger *slog.Logger + project project.Project + release schema.Release + releaseName string + timoni executor.WrappedExecuter +} + +func (r *TimoniReleaser) Release() error { + if !r.handler.Firing(&r.project, r.project.GetReleaseEvents(r.releaseName)) && !r.force { + r.logger.Info("No release event is firing, skipping release") + return nil + } + + registries := r.project.Blueprint.Global.CI.Providers.Timoni.Registries + if len(registries) == 0 { + return fmt.Errorf("must specify at least one Timoni registry") + } + + container := r.config.Container + if container == "" { + r.logger.Debug("Defaulting container name") + container = fmt.Sprintf("%s-%s", r.project.Name, "deployment") + } + + var tag string + if r.project.Tag != nil { + tag = r.project.Tag.Version + } else if r.config.Tag != "" { + tag = r.config.Tag + } else { + return fmt.Errorf("no tag found") + } + + for _, registry := range registries { + fullContainer := fmt.Sprintf("oci://%s/%s:%s", registry, container, tag) + + r.logger.Info("Publishing module", "module", fullContainer) + _, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", fullContainer) + if err != nil { + return fmt.Errorf("failed to push module: %w", err) + } + } + + return nil +} + +// NewTimoniReleaser creates a new Timoni release provider. +func NewTimoniReleaser(ctx run.RunContext, + project project.Project, + name string, + force bool, +) (*TimoniReleaser, error) { + release, ok := project.Blueprint.Project.Release[name] + if !ok { + return nil, fmt.Errorf("unknown release: %s", name) + } + + exec := executor.NewLocalExecutor(ctx.Logger) + if _, ok := exec.LookPath(TIMONI_BINARY); ok != nil { + return nil, fmt.Errorf("failed to find Timoni binary: %w", ok) + } + + var config TimoniReleaserConfig + if err := parseConfig(&project, name, &config); err != nil { + return nil, fmt.Errorf("failed to parse release config: %w", err) + } + + timoni := executor.NewLocalWrappedExecutor(exec, "timoni") + handler := events.NewDefaultEventHandler(ctx.Logger) + return &TimoniReleaser{ + config: config, + force: force, + handler: &handler, + logger: ctx.Logger, + project: project, + release: release, + releaseName: name, + timoni: timoni, + }, nil +} diff --git a/cli/pkg/release/releaser.go b/cli/pkg/release/releaser.go index 541aab67..82bb48f5 100644 --- a/cli/pkg/release/releaser.go +++ b/cli/pkg/release/releaser.go @@ -13,6 +13,7 @@ type ReleaserType string const ( ReleaserTypeDocker ReleaserType = "docker" ReleaserTypeGithub ReleaserType = "github" + ReleaserTypeTimoni ReleaserType = "timoni" ) type Releaser interface { @@ -49,6 +50,9 @@ func NewDefaultReleaserStore() *ReleaserStore { ReleaserTypeGithub: func(ctx run.RunContext, project project.Project, name string, force bool) (Releaser, error) { return providers.NewGithubReleaser(ctx, project, name, force) }, + ReleaserTypeTimoni: func(ctx run.RunContext, project project.Project, name string, force bool) (Releaser, error) { + return providers.NewTimoniReleaser(ctx, project, name, force) + }, }, } } diff --git a/lib/project/schema/_embed/schema.cue b/lib/project/schema/_embed/schema.cue index ced22bda..682b843d 100644 --- a/lib/project/schema/_embed/schema.cue +++ b/lib/project/schema/_embed/schema.cue @@ -74,6 +74,10 @@ package schema // Github contains the configuration for the Github provider. // +optional github?: #ProviderGithub @go(Github) + + // Timoni contains the configuration for the Timoni provider. + // +optional + timoni?: #TimoniProvider @go(Timoni) } // ProviderAWS contains the configuration for the AWS provider. @@ -120,6 +124,17 @@ package schema // +optional credentials?: null | #Secret @go(Credentials,*Secret) } + +// ProviderGithub contains the configuration for the Github provider. +#ProviderGithub: { + // Credentials contains the credentials to use for Github + // +optional + credentials?: #Secret @go(Credentials) + + // Registry contains the Github registry to use. + // +optional + registry?: null | string @go(Registry,*string) +} #TagStrategy: string #enumTagStrategy: #TagStrategyGitCommit #TagStrategyGitCommit: #TagStrategy & { @@ -265,15 +280,10 @@ version: "1.0" secrets?: [...#Secret] @go(Secrets,[]Secret) } -// ProviderGithub contains the configuration for the Github provider. -#ProviderGithub: { - // Credentials contains the credentials to use for Github - // +optional - credentials?: #Secret @go(Credentials) - - // Registry contains the Github registry to use. - // +optional - registry?: null | string @go(Registry,*string) +// TimoniProvider contains the configuration for the Timoni provider. +#TimoniProvider: { + // Registries contains the registries to use for publishing Timoni modules + registries: [...string] @go(Registries,[]string) } // Secret contains the secret provider and a list of mappings diff --git a/lib/project/schema/providers.go b/lib/project/schema/providers.go index 1dfd7e04..80be935a 100644 --- a/lib/project/schema/providers.go +++ b/lib/project/schema/providers.go @@ -21,6 +21,10 @@ type Providers struct { // Github contains the configuration for the Github provider. // +optional Github ProviderGithub `json:"github"` + + // Timoni contains the configuration for the Timoni provider. + // +optional + Timoni TimoniProvider `json:"timoni"` } // ProviderAWS contains the configuration for the AWS provider. @@ -78,3 +82,9 @@ type ProviderGithub struct { // +optional Registry *string `json:"registry"` } + +// TimoniProvider contains the configuration for the Timoni provider. +type TimoniProvider struct { + // Registries contains the registries to use for publishing Timoni modules + Registries []string `json:"registries"` +} diff --git a/lib/project/schema/providers_go_gen.cue b/lib/project/schema/providers_go_gen.cue index be5c6397..19a7c655 100644 --- a/lib/project/schema/providers_go_gen.cue +++ b/lib/project/schema/providers_go_gen.cue @@ -25,6 +25,10 @@ package schema // Github contains the configuration for the Github provider. // +optional github?: #ProviderGithub @go(Github) + + // Timoni contains the configuration for the Timoni provider. + // +optional + timoni?: #TimoniProvider @go(Timoni) } // ProviderAWS contains the configuration for the AWS provider. @@ -82,3 +86,9 @@ package schema // +optional registry?: null | string @go(Registry,*string) } + +// TimoniProvider contains the configuration for the Timoni provider. +#TimoniProvider: { + // Registries contains the registries to use for publishing Timoni modules + registries: [...string] @go(Registries,[]string) +} From 3edb1c327ab0cc1c59431d023b4d4c4c27cb5a12 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 12:18:41 -0800 Subject: [PATCH 02/17] wip: testing --- .github/workflows/ci.yml | 22 +- .github/workflows/deploy.yml | 8 +- .github/workflows/docs.yml | 8 +- .github/workflows/release.yml | 8 +- .github/workflows/run.yml | 8 +- actions/setup/action.yml | 28 +- blueprint.cue | 6 + lib/project/schema/_embed/schema.cue | 3 + lib/project/schema/providers.go | 3 + lib/project/schema/providers_go_gen.cue | 3 + test/README.md | 85 + test/blueprint.cue | 13 + .../api/admission/v1/register_go_gen.cue | 7 + .../k8s.io/api/admission/v1/types_go_gen.cue | 172 + .../admissionregistration/v1/doc_go_gen.cue | 9 + .../v1/register_go_gen.cue | 7 + .../admissionregistration/v1/types_go_gen.cue | 645 ++ .../k8s.io/api/apps/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 ++ .../api/authentication/v1/register_go_gen.cue | 7 + .../api/authentication/v1/types_go_gen.cue | 206 + .../api/authorization/v1/register_go_gen.cue | 7 + .../api/authorization/v1/types_go_gen.cue | 262 + .../api/autoscaling/v1/register_go_gen.cue | 7 + .../api/autoscaling/v1/types_go_gen.cue | 542 ++ .../api/autoscaling/v2/register_go_gen.cue | 7 + .../api/autoscaling/v2/types_go_gen.cue | 597 ++ .../k8s.io/api/batch/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/batch/v1/types_go_gen.cue | 693 ++ .../api/certificates/v1/register_go_gen.cue | 7 + .../api/certificates/v1/types_go_gen.cue | 318 + .../api/coordination/v1/register_go_gen.cue | 7 + .../api/coordination/v1/types_go_gen.cue | 61 + .../v1/annotation_key_constants_go_gen.cue | 147 + .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 + .../k8s.io/api/core/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 +++++++++++++++++ .../api/core/v1/well_known_labels_go_gen.cue | 59 + .../api/core/v1/well_known_taints_go_gen.cue | 38 + .../api/discovery/v1/register_go_gen.cue | 7 + .../k8s.io/api/discovery/v1/types_go_gen.cue | 206 + .../discovery/v1/well_known_labels_go_gen.cue | 20 + .../k8s.io/api/events/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/events/v1/types_go_gen.cue | 111 + .../api/networking/v1/register_go_gen.cue | 7 + .../k8s.io/api/networking/v1/types_go_gen.cue | 588 ++ .../v1/well_known_annotations_go_gen.cue | 11 + .../k8s.io/api/node/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/node/v1/types_go_gen.cue | 90 + .../gen/k8s.io/api/policy/v1/doc_go_gen.cue | 8 + .../k8s.io/api/policy/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/policy/v1/types_go_gen.cue | 204 + .../k8s.io/api/rbac/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/rbac/v1/types_go_gen.cue | 207 + .../api/scheduling/v1/register_go_gen.cue | 7 + .../k8s.io/api/scheduling/v1/types_go_gen.cue | 57 + .../k8s.io/api/storage/v1/register_go_gen.cue | 7 + .../k8s.io/api/storage/v1/types_go_gen.cue | 652 ++ .../pkg/apis/apiextensions/v1/doc_go_gen.cue | 6 + .../apis/apiextensions/v1/register_go_gen.cue | 7 + .../apis/apiextensions/v1/types_go_gen.cue | 513 ++ .../v1/types_jsonschema_go_gen.cue | 317 + .../pkg/api/resource/amount_go_gen.cue | 47 + .../pkg/api/resource/math_go_gen.cue | 13 + .../pkg/api/resource/quantity_go_gen.cue | 107 + .../pkg/api/resource/suffix_go_gen.cue | 10 + .../pkg/apis/meta/v1/duration_go_gen.cue | 10 + .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 + .../pkg/apis/meta/v1/meta_go_gen.cue | 33 + .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 + .../pkg/apis/meta/v1/register_go_gen.cue | 9 + .../pkg/apis/meta/v1/time_go_gen.cue | 14 + .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 + .../pkg/apis/meta/v1/types_go_gen.cue | 1561 ++++ .../pkg/apis/meta/v1/watch_go_gen.cue | 30 + .../pkg/runtime/allocator_go_gen.cue | 10 + .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 + .../pkg/runtime/conversion_go_gen.cue | 7 + .../pkg/runtime/converter_go_gen.cue | 9 + .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 + .../pkg/runtime/embedded_go_gen.cue | 7 + .../pkg/runtime/helper_go_gen.cue | 23 + .../pkg/runtime/interfaces_go_gen.cue | 165 + .../pkg/runtime/negotiate_go_gen.cue | 12 + .../pkg/runtime/splice_go_gen.cue | 12 + .../runtime/swagger_doc_generator_go_gen.cue | 14 + .../apimachinery/pkg/runtime/types_go_gen.cue | 97 + .../pkg/runtime/types_proto_go_gen.cue | 9 + .../apimachinery/pkg/types/doc_go_gen.cue | 6 + .../pkg/types/namespacedname_go_gen.cue | 12 + .../pkg/types/nodename_go_gen.cue | 31 + .../apimachinery/pkg/types/patch_go_gen.cue | 21 + .../apimachinery/pkg/types/uid_go_gen.cue | 10 + .../pkg/util/intstr/intstr_go_gen.cue | 31 + .../apimachinery/pkg/watch/doc_go_gen.cue | 7 + .../apimachinery/pkg/watch/filter_go_gen.cue | 10 + .../apimachinery/pkg/watch/mux_go_gen.cue | 25 + .../pkg/watch/streamwatcher_go_gen.cue | 12 + .../apimachinery/pkg/watch/watch_go_gen.cue | 48 + test/cue.mod/module.cue | 2 + .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 + .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 + .../core/v1alpha1/imagepullsecret.cue | 47 + .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 + .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 + .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 + .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 + .../timoni.sh/core/v1alpha1/requirements.cue | 40 + .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 + .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 + test/debug_tool.cue | 35 + test/debug_values.cue | 30 + test/templates/config.cue | 113 + test/templates/configmap.cue | 55 + test/templates/deployment.cue | 104 + test/templates/job.cue | 58 + test/templates/service.cue | 27 + test/templates/serviceaccount.cue | 12 + test/timoni.cue | 47 + test/timoni.ignore | 14 + test/values.cue | 21 + 121 files changed, 19132 insertions(+), 28 deletions(-) create mode 100644 test/README.md create mode 100644 test/blueprint.cue create mode 100644 test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue create mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue create mode 100644 test/cue.mod/module.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue create mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue create mode 100644 test/debug_tool.cue create mode 100644 test/debug_values.cue create mode 100644 test/templates/config.cue create mode 100644 test/templates/configmap.cue create mode 100644 test/templates/deployment.cue create mode 100644 test/templates/job.cue create mode 100644 test/templates/service.cue create mode 100644 test/templates/serviceaccount.cue create mode 100644 test/timoni.cue create mode 100644 test/timoni.ignore create mode 100644 test/values.cue diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 524f5180..5947b9c9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,12 +41,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@master + uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@master + uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -61,14 +61,14 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@master + uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release with: skip_docker: 'true' skip_github: 'true' skip_earthly: ${{ steps.local.outputs.skip }} - name: Discovery id: discovery - uses: input-output-hk/catalyst-forge/actions/discovery@master + uses: input-output-hk/catalyst-forge/actions/discovery@adds-timoni-release with: filters: | ${{ env.FORGE_REGEX_CHECK }} @@ -80,7 +80,7 @@ jobs: ${{ env.FORGE_REGEX_PUBLISH }} check: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release needs: [discover] if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled() with: @@ -92,7 +92,7 @@ jobs: earthly_token: ${{ secrets.earthly_token }} build: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release needs: [discover, check] if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled() with: @@ -104,7 +104,7 @@ jobs: earthly_token: ${{ secrets.earthly_token }} package: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release needs: [discover, check, build] if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled() with: @@ -116,7 +116,7 @@ jobs: earthly_token: ${{ secrets.earthly_token }} test: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release needs: [discover, check, build, package] if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled() with: @@ -128,7 +128,7 @@ jobs: earthly_token: ${{ secrets.earthly_token }} docs: - uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@adds-timoni-release needs: [discover, check, build, test] if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled() with: @@ -138,7 +138,7 @@ jobs: earthly_token: ${{ secrets.earthly_token }} release: - uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@adds-timoni-release needs: [discover, check, build, test] if: (fromJson(needs.discover.outputs.releases)[0] != null) && !failure() && !cancelled() with: @@ -150,7 +150,7 @@ jobs: earthly_token: ${{ secrets.earthly_token }} deploy: - uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@master + uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@adds-timoni-release needs: [discover, check, build, test, release] if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled() with: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 026cd7a4..0977e054 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -41,12 +41,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@master + uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@master + uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -61,11 +61,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@master + uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Deploy - uses: input-output-hk/catalyst-forge/actions/run@master + uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release with: command: deploy push args: ${{ matrix.deployment }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 80361cee..21fb4c0b 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -44,12 +44,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@master + uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@master + uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -64,11 +64,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@master + uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Run - uses: input-output-hk/catalyst-forge/actions/run@master + uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release with: command: run args: --artifact ${{ env.OUTPUT }} ${{ matrix.earthfile }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68f50458..68bbff2f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -45,12 +45,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@master + uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@master + uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -65,11 +65,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@master + uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Release - uses: input-output-hk/catalyst-forge/actions/run@master + uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release with: command: release args: ${{ matrix.release.project }} ${{ matrix.release.name }} diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml index 2556a60c..9efb96f6 100644 --- a/.github/workflows/run.yml +++ b/.github/workflows/run.yml @@ -42,12 +42,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@master + uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@master + uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -62,11 +62,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@master + uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Run - uses: input-output-hk/catalyst-forge/actions/run@master + uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release with: command: run args: ${{ matrix.earthfile }} diff --git a/actions/setup/action.yml b/actions/setup/action.yml index a7fb1b50..04b03f74 100644 --- a/actions/setup/action.yml +++ b/actions/setup/action.yml @@ -19,6 +19,10 @@ inputs: description: If true, skip authenticating to GitHub Container Registry required: false default: "false" + skip_timoni: + description: If true, skips installing Timoni CLI if the provider is configured + required: false + default: "false" runs: using: composite @@ -169,4 +173,26 @@ runs: if: steps.earthly.outputs.token != '' && steps.earthly.conclusion == 'success' shell: bash run: | - earthly org select "${{ steps.earthly.outputs.org }}" \ No newline at end of file + earthly org select "${{ steps.earthly.outputs.org }}" + + # Timoni Provider + - name: Get Timoni provider configuration + id: timoni + if: inputs.skip_timoni == 'false' + shell: bash + run: | + echo "==== Timoni Setup =====" + BP=$(forge dump .) + + TIMONI=$(echo "$BP" | jq -r .global.ci.providers.timoni.install) + if [[ "$TIMONI" != "true" ]]; then + INSTALL=1 + echo "install=$INSTALL" >> $GITHUB_OUTPUT + else + echo "Not installing Timoni CLI" + fi + - name: Install Timoni + uses: stefanprodan/timoni/actions/setup@main + if: steps.timoni.outputs.install && steps.timoni.conclusion == 'success' + with: + version: latest \ No newline at end of file diff --git a/blueprint.cue b/blueprint.cue index 4704ccfc..da98ebaf 100644 --- a/blueprint.cue +++ b/blueprint.cue @@ -44,6 +44,12 @@ global: { } registry: "ghcr.io" } + timoni: { + install: true + registries: [ + aws.registry, + ] + } } secrets: [ { diff --git a/lib/project/schema/_embed/schema.cue b/lib/project/schema/_embed/schema.cue index 682b843d..ea904e6a 100644 --- a/lib/project/schema/_embed/schema.cue +++ b/lib/project/schema/_embed/schema.cue @@ -282,6 +282,9 @@ version: "1.0" // TimoniProvider contains the configuration for the Timoni provider. #TimoniProvider: { + // Install contains whether to install Timoni in the CI environment. + install?: null | bool @go(Install,*bool) + // Registries contains the registries to use for publishing Timoni modules registries: [...string] @go(Registries,[]string) } diff --git a/lib/project/schema/providers.go b/lib/project/schema/providers.go index 80be935a..c70207b9 100644 --- a/lib/project/schema/providers.go +++ b/lib/project/schema/providers.go @@ -85,6 +85,9 @@ type ProviderGithub struct { // TimoniProvider contains the configuration for the Timoni provider. type TimoniProvider struct { + // Install contains whether to install Timoni in the CI environment. + Install *bool `json:"install"` + // Registries contains the registries to use for publishing Timoni modules Registries []string `json:"registries"` } diff --git a/lib/project/schema/providers_go_gen.cue b/lib/project/schema/providers_go_gen.cue index 19a7c655..fa2208d0 100644 --- a/lib/project/schema/providers_go_gen.cue +++ b/lib/project/schema/providers_go_gen.cue @@ -89,6 +89,9 @@ package schema // TimoniProvider contains the configuration for the Timoni provider. #TimoniProvider: { + // Install contains whether to install Timoni in the CI environment. + install?: null | bool @go(Install,*bool) + // Registries contains the registries to use for publishing Timoni modules registries: [...string] @go(Registries,[]string) } diff --git a/test/README.md b/test/README.md new file mode 100644 index 00000000..dfa037b3 --- /dev/null +++ b/test/README.md @@ -0,0 +1,85 @@ +# test + +A [timoni.sh](http://timoni.sh) module for deploying test to Kubernetes clusters. + +## Install + +To create an instance using the default values: + +```shell +timoni -n default apply test oci:// +``` + +To change the [default configuration](#configuration), +create one or more `values.cue` files and apply them to the instance. + +For example, create a file `my-values.cue` with the following content: + +```cue +values: { + resources: requests: { + cpu: "100m" + memory: "128Mi" + } +} +``` + +And apply the values with: + +```shell +timoni -n default apply test oci:// \ +--values ./my-values.cue +``` + +## Uninstall + +To uninstall an instance and delete all its Kubernetes resources: + +```shell +timoni -n default delete test +``` + +## Configuration + +### General values + +| Key | Type | Default | Description | +|------------------------------|-----------------------------------------|----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| +| `image: tag:` | `string` | `` | Container image tag | +| `image: digest:` | `string` | `` | Container image digest, takes precedence over `tag` when specified | +| `image: repository:` | `string` | `cgr.dev/chainguard/nginx` | Container image repository | +| `image: pullPolicy:` | `string` | `IfNotPresent` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | +| `metadata: labels:` | `{[ string]: string}` | `{}` | Common labels for all resources | +| `metadata: annotations:` | `{[ string]: string}` | `{}` | Common annotations for all resources | +| `podAnnotations:` | `{[ string]: string}` | `{}` | Annotations applied to pods | +| `imagePullSecrets:` | `[...timoniv1.ObjectReference]` | `[]` | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) | +| `tolerations:` | `[ ...corev1.#Toleration]` | `[]` | [Kubernetes toleration](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) | +| `affinity:` | `corev1.#Affinity` | `{}` | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | +| `resources:` | `timoniv1.#ResourceRequirements` | `{}` | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| `topologySpreadConstraints:` | `[...corev1.#TopologySpreadConstraint]` | `[]` | [Kubernetes pod topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints) | +| `podSecurityContext:` | `corev1.#PodSecurityContext` | `{}` | [Kubernetes pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | +| `securityContext:` | `corev1.#SecurityContext` | `{}` | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | +| `service: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to the Kubernetes Service | +| `service: port:` | `int` | `80` | Kubernetes Service HTTP port | +| `test: enabled:` | `bool` | `false` | Run end-to-end tests at install and upgrades | + +#### Recommended values + +Comply with the restricted [Kubernetes pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/): + +```cue +values: { + podSecurityContext: { + runAsUser: 65532 + runAsGroup: 65532 + fsGroup: 65532 + } + securityContext: { + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + runAsNonRoot: true + capabilities: drop: ["ALL"] + seccompProfile: type: "RuntimeDefault" + } +} +``` diff --git a/test/blueprint.cue b/test/blueprint.cue new file mode 100644 index 00000000..7d65a2a4 --- /dev/null +++ b/test/blueprint.cue @@ -0,0 +1,13 @@ +version: "1.0" +project: { + name: "timoni-test" + release: { + timoni: { + on: always: {} + config: { + container: "timoni-test" + tag: "v1.0.0" + } + } + } +} diff --git a/test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue new file mode 100644 index 00000000..597f5b0e --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/admission/v1 + +package v1 + +#GroupName: "admission.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue new file mode 100644 index 00000000..af26bd06 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue @@ -0,0 +1,172 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/admission/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + authenticationv1 "k8s.io/api/authentication/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +// AdmissionReview describes an admission review request/response. +#AdmissionReview: { + metav1.#TypeMeta + + // Request describes the attributes for the admission request. + // +optional + request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt) + + // Response describes the attributes for the admission response. + // +optional + response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt) +} + +// AdmissionRequest describes the admission.Attributes for the admission request. +#AdmissionRequest: { + // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are + // otherwise identical (parallel requests, requests when earlier requests did not modify etc) + // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. + // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. + uid: types.#UID @go(UID) @protobuf(1,bytes,opt) + + // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) + kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt) + + // Resource is the fully-qualified resource being requested (for example, v1.pods) + resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt) + + // SubResource is the subresource being requested, if any (for example, "status" or "scale") + // +optional + subResource?: string @go(SubResource) @protobuf(4,bytes,opt) + + // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). + // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. + // + // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of + // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, + // an API request to apps/v1beta1 deployments would be converted and sent to the webhook + // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), + // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). + // + // See documentation for the "matchPolicy" field in the webhook configuration type for more details. + // +optional + requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt) + + // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). + // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. + // + // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of + // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, + // an API request to apps/v1beta1 deployments would be converted and sent to the webhook + // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), + // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). + // + // See documentation for the "matchPolicy" field in the webhook configuration type. + // +optional + requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt) + + // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") + // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. + // See documentation for the "matchPolicy" field in the webhook configuration type. + // +optional + requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt) + + // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and + // rely on the server to generate the name. If that is the case, this field will contain an empty string. + // +optional + name?: string @go(Name) @protobuf(5,bytes,opt) + + // Namespace is the namespace associated with the request (if any). + // +optional + namespace?: string @go(Namespace) @protobuf(6,bytes,opt) + + // Operation is the operation being performed. This may be different than the operation + // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. + operation: #Operation @go(Operation) @protobuf(7,bytes,opt) + + // UserInfo is information about the requesting user + userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt) + + // Object is the object from the incoming request. + // +optional + object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt) + + // OldObject is the existing object. Only populated for DELETE and UPDATE requests. + // +optional + oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt) + + // DryRun indicates that modifications will definitely not be persisted for this request. + // Defaults to false. + // +optional + dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt) + + // Options is the operation option structure of the operation being performed. + // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be + // different than the options the caller provided. e.g. for a patch request the performed + // Operation might be a CREATE, in which case the Options will a + // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. + // +optional + options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt) +} + +// AdmissionResponse describes an admission response. +#AdmissionResponse: { + // UID is an identifier for the individual request/response. + // This must be copied over from the corresponding AdmissionRequest. + uid: types.#UID @go(UID) @protobuf(1,bytes,opt) + + // Allowed indicates whether or not the admission request was permitted. + allowed: bool @go(Allowed) @protobuf(2,varint,opt) + + // Result contains extra details into why an admission request was denied. + // This field IS NOT consulted in any way if "Allowed" is "true". + // +optional + status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt) + + // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. + // +optional + patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt) + + // The type of Patch. Currently we only allow "JSONPatch". + // +optional + patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt) + + // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). + // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with + // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by + // the admission webhook to add additional context to the audit log for this request. + // +optional + auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt) + + // warnings is a list of warning messages to return to the requesting API client. + // Warning messages describe a problem the client making the API request should correct or be aware of. + // Limit warnings to 120 characters if possible. + // Warnings over 256 characters and large numbers of warnings may be truncated. + // +optional + warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep) +} + +// PatchType is the type of patch being used to represent the mutated object +#PatchType: string // #enumPatchType + +#enumPatchType: + #PatchTypeJSONPatch + +#PatchTypeJSONPatch: #PatchType & "JSONPatch" + +// Operation is the type of resource operation being checked for admission control +#Operation: string // #enumOperation + +#enumOperation: + #Create | + #Update | + #Delete | + #Connect + +#Create: #Operation & "CREATE" +#Update: #Operation & "UPDATE" +#Delete: #Operation & "DELETE" +#Connect: #Operation & "CONNECT" diff --git a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue new file mode 100644 index 00000000..5d30100e --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/admissionregistration/v1 + +// Package v1 is the v1 version of the API. +// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration +// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the +// new dynamic admission controller configuration. +package v1 diff --git a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue new file mode 100644 index 00000000..93348e91 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/admissionregistration/v1 + +package v1 + +#GroupName: "admissionregistration.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue new file mode 100644 index 00000000..7038db05 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue @@ -0,0 +1,645 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/admissionregistration/v1 + +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended +// to make sure that all the tuple expansions are valid. +#Rule: { + // APIGroups is the API groups the resources belong to. '*' is all groups. + // If '*' is present, the length of the slice must be one. + // Required. + // +listType=atomic + apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep) + + // APIVersions is the API versions the resources belong to. '*' is all versions. + // If '*' is present, the length of the slice must be one. + // Required. + // +listType=atomic + apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep) + + // Resources is a list of resources this rule applies to. + // + // For example: + // 'pods' means pods. + // 'pods/log' means the log subresource of pods. + // '*' means all resources, but not subresources. + // 'pods/*' means all subresources of pods. + // '*/scale' means all scale subresources. + // '*/*' means all resources and their subresources. + // + // If wildcard is present, the validation rule will ensure resources do not + // overlap with each other. + // + // Depending on the enclosing object, subresources might not be allowed. + // Required. + // +listType=atomic + resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) + + // scope specifies the scope of this rule. + // Valid values are "Cluster", "Namespaced", and "*" + // "Cluster" means that only cluster-scoped resources will match this rule. + // Namespace API objects are cluster-scoped. + // "Namespaced" means that only namespaced resources will match this rule. + // "*" means that there are no scope restrictions. + // Subresources match the scope of their parent resource. + // Default is "*". + // + // +optional + scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep) +} + +// ScopeType specifies a scope for a Rule. +// +enum +#ScopeType: string // #enumScopeType + +#enumScopeType: + #ClusterScope | + #NamespacedScope | + #AllScopes + +// ClusterScope means that scope is limited to cluster-scoped objects. +// Namespace objects are cluster-scoped. +#ClusterScope: #ScopeType & "Cluster" + +// NamespacedScope means that scope is limited to namespaced objects. +#NamespacedScope: #ScopeType & "Namespaced" + +// AllScopes means that all scopes are included. +#AllScopes: #ScopeType & "*" + +// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled. +// +enum +#FailurePolicyType: string // #enumFailurePolicyType + +#enumFailurePolicyType: + #Ignore | + #Fail + +// Ignore means that an error calling the webhook is ignored. +#Ignore: #FailurePolicyType & "Ignore" + +// Fail means that an error calling the webhook causes the admission to fail. +#Fail: #FailurePolicyType & "Fail" + +// MatchPolicyType specifies the type of match policy. +// +enum +#MatchPolicyType: string // #enumMatchPolicyType + +#enumMatchPolicyType: + #Exact | + #Equivalent + +// Exact means requests should only be sent to the webhook if they exactly match a given rule. +#Exact: #MatchPolicyType & "Exact" + +// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. +#Equivalent: #MatchPolicyType & "Equivalent" + +// SideEffectClass specifies the types of side effects a webhook may have. +// +enum +#SideEffectClass: string // #enumSideEffectClass + +#enumSideEffectClass: + #SideEffectClassUnknown | + #SideEffectClassNone | + #SideEffectClassSome | + #SideEffectClassNoneOnDryRun + +// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook. +// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. +#SideEffectClassUnknown: #SideEffectClass & "Unknown" + +// SideEffectClassNone means that calling the webhook will have no side effects. +#SideEffectClassNone: #SideEffectClass & "None" + +// SideEffectClassSome means that calling the webhook will possibly have side effects. +// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. +#SideEffectClassSome: #SideEffectClass & "Some" + +// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the +// request being reviewed has the dry-run attribute, the side effects will be suppressed. +#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun" + +// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it. +#ValidatingWebhookConfiguration: { + metav1.#TypeMeta + + // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Webhooks is a list of webhooks and the affected resources and operations. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) +} + +// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration. +#ValidatingWebhookConfigurationList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ValidatingWebhookConfiguration. + items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep) +} + +// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. +#MutatingWebhookConfiguration: { + metav1.#TypeMeta + + // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Webhooks is a list of webhooks and the affected resources and operations. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) +} + +// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration. +#MutatingWebhookConfigurationList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of MutatingWebhookConfiguration. + items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep) +} + +// ValidatingWebhook describes an admission webhook and the resources and operations it applies to. +#ValidatingWebhook: { + // The name of the admission webhook. + // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where + // "imagepolicy" is the name of the webhook, and kubernetes.io is the name + // of the organization. + // Required. + name: string @go(Name) @protobuf(1,bytes,opt) + + // ClientConfig defines how to communicate with the hook. + // Required + clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) + + // Rules describes what operations on what resources/subresources the webhook cares about. + // The webhook cares about an operation if it matches _any_ Rule. + // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks + // from putting the cluster in a state which cannot be recovered from without completely + // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called + // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. + rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) + + // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - + // allowed values are Ignore or Fail. Defaults to Fail. + // +optional + failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) + + // matchPolicy defines how the "rules" list is used to match incoming requests. + // Allowed values are "Exact" or "Equivalent". + // + // - Exact: match a request only if it exactly matches a specified rule. + // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, + // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, + // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. + // + // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. + // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, + // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, + // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. + // + // Defaults to "Equivalent" + // +optional + matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) + + // NamespaceSelector decides whether to run the webhook on an object based + // on whether the namespace for that object matches the selector. If the + // object itself is a namespace, the matching is performed on + // object.metadata.labels. If the object is another cluster scoped resource, + // it never skips the webhook. + // + // For example, to run the webhook on any objects whose namespace is not + // associated with "runlevel" of "0" or "1"; you will set the selector as + // follows: + // "namespaceSelector": { + // "matchExpressions": [ + // { + // "key": "runlevel", + // "operator": "NotIn", + // "values": [ + // "0", + // "1" + // ] + // } + // ] + // } + // + // If instead you want to only run the webhook on any objects whose + // namespace is associated with the "environment" of "prod" or "staging"; + // you will set the selector as follows: + // "namespaceSelector": { + // "matchExpressions": [ + // { + // "key": "environment", + // "operator": "In", + // "values": [ + // "prod", + // "staging" + // ] + // } + // ] + // } + // + // See + // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // for more examples of label selectors. + // + // Default to the empty LabelSelector, which matches everything. + // +optional + namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) + + // ObjectSelector decides whether to run the webhook based on if the + // object has matching labels. objectSelector is evaluated against both + // the oldObject and newObject that would be sent to the webhook, and + // is considered to match if either object matches the selector. A null + // object (oldObject in the case of create, or newObject in the case of + // delete) or an object that cannot have labels (like a + // DeploymentRollback or a PodProxyOptions object) is not considered to + // match. + // Use the object selector only if the webhook is opt-in, because end + // users may skip the admission webhook by setting the labels. + // Default to the empty LabelSelector, which matches everything. + // +optional + objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt) + + // SideEffects states whether this webhook has side effects. + // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). + // Webhooks with side effects MUST implement a reconciliation system, since a request may be + // rejected by a future step in the admission chain and the side effects therefore need to be undone. + // Requests with the dryRun attribute will be auto-rejected if they match a webhook with + // sideEffects == Unknown or Some. + sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) + + // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, + // the webhook call will be ignored or the API call will fail based on the + // failure policy. + // The timeout value must be between 1 and 30 seconds. + // Default to 10 seconds. + // +optional + timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) + + // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` + // versions the Webhook expects. API server will try to use first version in + // the list which it supports. If none of the versions specified in this list + // supported by API server, validation will fail for this object. + // If a persisted webhook configuration specifies allowed versions and does not + // include any versions known to the API Server, calls to the webhook will fail + // and be subject to the failure policy. + admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) + + // MatchConditions is a list of conditions that must be met for a request to be sent to this + // webhook. Match conditions filter requests that have already been matched by the rules, + // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. + // There are a maximum of 64 match conditions allowed. + // + // The exact matching logic is (in order): + // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. + // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. + // 3. If any matchCondition evaluates to an error (but none are FALSE): + // - If failurePolicy=Fail, reject the request + // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped + // + // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. + // + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name + // +featureGate=AdmissionWebhookMatchConditions + // +optional + matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(11,bytes,opt) +} + +// MutatingWebhook describes an admission webhook and the resources and operations it applies to. +#MutatingWebhook: { + // The name of the admission webhook. + // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where + // "imagepolicy" is the name of the webhook, and kubernetes.io is the name + // of the organization. + // Required. + name: string @go(Name) @protobuf(1,bytes,opt) + + // ClientConfig defines how to communicate with the hook. + // Required + clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) + + // Rules describes what operations on what resources/subresources the webhook cares about. + // The webhook cares about an operation if it matches _any_ Rule. + // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks + // from putting the cluster in a state which cannot be recovered from without completely + // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called + // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. + rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) + + // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - + // allowed values are Ignore or Fail. Defaults to Fail. + // +optional + failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) + + // matchPolicy defines how the "rules" list is used to match incoming requests. + // Allowed values are "Exact" or "Equivalent". + // + // - Exact: match a request only if it exactly matches a specified rule. + // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, + // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, + // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. + // + // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. + // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, + // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, + // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. + // + // Defaults to "Equivalent" + // +optional + matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) + + // NamespaceSelector decides whether to run the webhook on an object based + // on whether the namespace for that object matches the selector. If the + // object itself is a namespace, the matching is performed on + // object.metadata.labels. If the object is another cluster scoped resource, + // it never skips the webhook. + // + // For example, to run the webhook on any objects whose namespace is not + // associated with "runlevel" of "0" or "1"; you will set the selector as + // follows: + // "namespaceSelector": { + // "matchExpressions": [ + // { + // "key": "runlevel", + // "operator": "NotIn", + // "values": [ + // "0", + // "1" + // ] + // } + // ] + // } + // + // If instead you want to only run the webhook on any objects whose + // namespace is associated with the "environment" of "prod" or "staging"; + // you will set the selector as follows: + // "namespaceSelector": { + // "matchExpressions": [ + // { + // "key": "environment", + // "operator": "In", + // "values": [ + // "prod", + // "staging" + // ] + // } + // ] + // } + // + // See + // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + // for more examples of label selectors. + // + // Default to the empty LabelSelector, which matches everything. + // +optional + namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) + + // ObjectSelector decides whether to run the webhook based on if the + // object has matching labels. objectSelector is evaluated against both + // the oldObject and newObject that would be sent to the webhook, and + // is considered to match if either object matches the selector. A null + // object (oldObject in the case of create, or newObject in the case of + // delete) or an object that cannot have labels (like a + // DeploymentRollback or a PodProxyOptions object) is not considered to + // match. + // Use the object selector only if the webhook is opt-in, because end + // users may skip the admission webhook by setting the labels. + // Default to the empty LabelSelector, which matches everything. + // +optional + objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt) + + // SideEffects states whether this webhook has side effects. + // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). + // Webhooks with side effects MUST implement a reconciliation system, since a request may be + // rejected by a future step in the admission chain and the side effects therefore need to be undone. + // Requests with the dryRun attribute will be auto-rejected if they match a webhook with + // sideEffects == Unknown or Some. + sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) + + // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, + // the webhook call will be ignored or the API call will fail based on the + // failure policy. + // The timeout value must be between 1 and 30 seconds. + // Default to 10 seconds. + // +optional + timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) + + // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` + // versions the Webhook expects. API server will try to use first version in + // the list which it supports. If none of the versions specified in this list + // supported by API server, validation will fail for this object. + // If a persisted webhook configuration specifies allowed versions and does not + // include any versions known to the API Server, calls to the webhook will fail + // and be subject to the failure policy. + admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) + + // reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. + // Allowed values are "Never" and "IfNeeded". + // + // Never: the webhook will not be called more than once in a single admission evaluation. + // + // IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation + // if the object being admitted is modified by other admission plugins after the initial webhook call. + // Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. + // Note: + // * the number of additional invocations is not guaranteed to be exactly one. + // * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. + // * webhooks that use this option may be reordered to minimize the number of additional invocations. + // * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. + // + // Defaults to "Never". + // +optional + reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType) + + // MatchConditions is a list of conditions that must be met for a request to be sent to this + // webhook. Match conditions filter requests that have already been matched by the rules, + // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. + // There are a maximum of 64 match conditions allowed. + // + // The exact matching logic is (in order): + // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. + // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. + // 3. If any matchCondition evaluates to an error (but none are FALSE): + // - If failurePolicy=Fail, reject the request + // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped + // + // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. + // + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name + // +featureGate=AdmissionWebhookMatchConditions + // +optional + matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(12,bytes,opt) +} + +// ReinvocationPolicyType specifies what type of policy the admission hook uses. +// +enum +#ReinvocationPolicyType: string // #enumReinvocationPolicyType + +#enumReinvocationPolicyType: + #NeverReinvocationPolicy | + #IfNeededReinvocationPolicy + +// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a +// single admission evaluation. +#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never" + +// IfNeededReinvocationPolicy indicates that the webhook may be called at least one +// additional time as part of the admission evaluation if the object being admitted is +// modified by other admission plugins after the initial webhook call. +#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded" + +// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make +// sure that all the tuple expansions are valid. +#RuleWithOperations: { + // Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * + // for all of those operations and any future admission operations that are added. + // If '*' is present, the length of the slice must be one. + // Required. + // +listType=atomic + operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType) + + #Rule +} + +// OperationType specifies an operation for a request. +// +enum +#OperationType: string // #enumOperationType + +#enumOperationType: + #OperationAll | + #Create | + #Update | + #Delete | + #Connect + +#OperationAll: #OperationType & "*" +#Create: #OperationType & "CREATE" +#Update: #OperationType & "UPDATE" +#Delete: #OperationType & "DELETE" +#Connect: #OperationType & "CONNECT" + +// WebhookClientConfig contains the information to make a TLS +// connection with the webhook +#WebhookClientConfig: { + // `url` gives the location of the webhook, in standard URL form + // (`scheme://host:port/path`). Exactly one of `url` or `service` + // must be specified. + // + // The `host` should not refer to a service running in the cluster; use + // the `service` field instead. The host might be resolved via external + // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve + // in-cluster DNS as that would be a layering violation). `host` may + // also be an IP address. + // + // Please note that using `localhost` or `127.0.0.1` as a `host` is + // risky unless you take great care to run this webhook on all hosts + // which run an apiserver which might need to make calls to this + // webhook. Such installs are likely to be non-portable, i.e., not easy + // to turn up in a new cluster. + // + // The scheme must be "https"; the URL must begin with "https://". + // + // A path is optional, and if present may be any string permissible in + // a URL. You may use the path to pass an arbitrary string to the + // webhook, for example, a cluster identifier. + // + // Attempting to use a user or basic auth e.g. "user:password@" is not + // allowed. Fragments ("#...") and query parameters ("?...") are not + // allowed, either. + // + // +optional + url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) + + // `service` is a reference to the service for this webhook. Either + // `service` or `url` must be specified. + // + // If the webhook is running within the cluster, then you should use `service`. + // + // +optional + service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) + + // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. + // If unspecified, system trust roots on the apiserver are used. + // +optional + caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) +} + +// ServiceReference holds a reference to Service.legacy.k8s.io +#ServiceReference: { + // `namespace` is the namespace of the service. + // Required + namespace: string @go(Namespace) @protobuf(1,bytes,opt) + + // `name` is the name of the service. + // Required + name: string @go(Name) @protobuf(2,bytes,opt) + + // `path` is an optional URL path which will be sent in any request to + // this service. + // +optional + path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) + + // If specified, the port on the service that hosting webhook. + // Default to 443 for backward compatibility. + // `port` should be a valid port number (1-65535, inclusive). + // +optional + port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) +} + +// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. +#MatchCondition: { + // Name is an identifier for this match condition, used for strategic merging of MatchConditions, + // as well as providing an identifier for logging purposes. A good name should be descriptive of + // the associated expression. + // Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and + // must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or + // '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an + // optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') + // + // Required. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. + // CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: + // + // 'object' - The object from the incoming request. The value is null for DELETE requests. + // 'oldObject' - The existing object. The value is null for CREATE requests. + // 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). + // 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. + // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz + // 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the + // request resource. + // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ + // + // Required. + expression: string @go(Expression) @protobuf(2,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue new file mode 100644 index 00000000..c2497a51 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/apps/v1 + +package v1 + +#GroupName: "apps" diff --git a/test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue new file mode 100644 index 00000000..d3ecc834 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue @@ -0,0 +1,946 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/apps/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +#ControllerRevisionHashLabelKey: "controller-revision-hash" +#StatefulSetRevisionLabel: "controller-revision-hash" +#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" +#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" +#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" +#PodIndexLabel: "apps.kubernetes.io/pod-index" + +// StatefulSet represents a set of pods with consistent identities. +// Identities are defined as: +// - Network: A single stable DNS and hostname. +// - Storage: As many VolumeClaims as requested. +// +// The StatefulSet guarantees that a given network identity will always +// map to the same storage identity. +#StatefulSet: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the desired identities of pods in this set. + // +optional + spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is the current status of Pods in this StatefulSet. This data + // may be out of date by some window of time. + // +optional + status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PodManagementPolicyType defines the policy for creating pods under a stateful set. +// +enum +#PodManagementPolicyType: string // #enumPodManagementPolicyType + +#enumPodManagementPolicyType: + #OrderedReadyPodManagement | + #ParallelPodManagement + +// OrderedReadyPodManagement will create pods in strictly increasing order on +// scale up and strictly decreasing order on scale down, progressing only when +// the previous pod is ready or terminated. At most one pod will be changed +// at any time. +#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" + +// ParallelPodManagement will create and delete pods as soon as the stateful set +// replica count is changed, and will not wait for pods to be ready or complete +// termination. +#ParallelPodManagement: #PodManagementPolicyType & "Parallel" + +// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet +// controller will use to perform updates. It includes any additional parameters +// necessary to perform the update for the indicated strategy. +#StatefulSetUpdateStrategy: { + // Type indicates the type of the StatefulSetUpdateStrategy. + // Default is RollingUpdate. + // +optional + type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) + + // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. + // +optional + rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) +} + +// StatefulSetUpdateStrategyType is a string enumeration type that enumerates +// all possible update strategies for the StatefulSet controller. +// +enum +#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType + +#enumStatefulSetUpdateStrategyType: + #RollingUpdateStatefulSetStrategyType | + #OnDeleteStatefulSetStrategyType + +// RollingUpdateStatefulSetStrategyType indicates that update will be +// applied to all Pods in the StatefulSet with respect to the StatefulSet +// ordering constraints. When a scale operation is performed with this +// strategy, new Pods will be created from the specification version indicated +// by the StatefulSet's updateRevision. +#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" + +// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version +// tracking and ordered rolling restarts are disabled. Pods are recreated +// from the StatefulSetSpec when they are manually deleted. When a scale +// operation is performed with this strategy,specification version indicated +// by the StatefulSet's currentRevision. +#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" + +// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. +#RollingUpdateStatefulSetStrategy: { + // Partition indicates the ordinal at which the StatefulSet should be partitioned + // for updates. During a rolling update, all pods from ordinal Replicas-1 to + // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. + // This is helpful in being able to do a canary based deployment. The default value is 0. + // +optional + partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) + + // The maximum number of pods that can be unavailable during the update. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // Absolute number is calculated from percentage by rounding up. This can not be 0. + // Defaults to 1. This field is alpha-level and is only honored by servers that enable the + // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to + // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it + // will be counted towards MaxUnavailable. + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) +} + +// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine +// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is +// deleted or scaled down. +#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType + +#enumPersistentVolumeClaimRetentionPolicyType: + #RetainPersistentVolumeClaimRetentionPolicyType | + #DeletePersistentVolumeClaimRetentionPolicyType + +// RetainPersistentVolumeClaimRetentionPolicyType is the default +// PersistentVolumeClaimRetentionPolicy and specifies that +// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates +// will not be deleted. +#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" + +// RetentionPersistentVolumeClaimRetentionPolicyType specifies that +// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates +// will be deleted in the scenario specified in +// StatefulSetPersistentVolumeClaimRetentionPolicy. +#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" + +// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs +// created from the StatefulSet VolumeClaimTemplates. +#StatefulSetPersistentVolumeClaimRetentionPolicy: { + // WhenDeleted specifies what happens to PVCs created from StatefulSet + // VolumeClaimTemplates when the StatefulSet is deleted. The default policy + // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + // `Delete` policy causes those PVCs to be deleted. + whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) + + // WhenScaled specifies what happens to PVCs created from StatefulSet + // VolumeClaimTemplates when the StatefulSet is scaled down. The default + // policy of `Retain` causes PVCs to not be affected by a scaledown. The + // `Delete` policy causes the associated PVCs for any excess pods above + // the replica count to be deleted. + whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) +} + +// StatefulSetOrdinals describes the policy used for replica ordinal assignment +// in this StatefulSet. +#StatefulSetOrdinals: { + // start is the number representing the first replica's index. It may be used + // to number replicas from an alternate index (eg: 1-indexed) over the default + // 0-indexed names, or to orchestrate progressive movement of replicas from + // one StatefulSet to another. + // If set, replica indices will be in the range: + // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). + // If unset, defaults to 0. Replica indices will be in the range: + // [0, .spec.replicas). + // +optional + start: int32 @go(Start) @protobuf(1,varint,opt) +} + +// A StatefulSetSpec is the specification of a StatefulSet. +#StatefulSetSpec: { + // replicas is the desired number of replicas of the given Template. + // These are replicas in the sense that they are instantiations of the + // same Template, but individual replicas also have a consistent identity. + // If unspecified, defaults to 1. + // TODO: Consider a rename of this field. + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // selector is a label query over pods that should match the replica count. + // It must match the pod template's labels. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // template is the object that describes the pod that will be created if + // insufficient replicas are detected. Each pod stamped out by the StatefulSet + // will fulfill this Template, but have a unique identity from the rest + // of the StatefulSet. Each pod will be named with the format + // -. For example, a pod in a StatefulSet named + // "web" with index number "3" would be named "web-3". + // The only allowed template.spec.restartPolicy value is "Always". + template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) + + // volumeClaimTemplates is a list of claims that pods are allowed to reference. + // The StatefulSet controller is responsible for mapping network identities to + // claims in a way that maintains the identity of a pod. Every claim in + // this list must have at least one matching (by name) volumeMount in one + // container in the template. A claim in this list takes precedence over + // any volumes in the template, with the same name. + // TODO: Define the behavior if a claim already exists with the same name. + // +optional + volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) + + // serviceName is the name of the service that governs this StatefulSet. + // This service must exist before the StatefulSet, and is responsible for + // the network identity of the set. Pods get DNS/hostnames that follow the + // pattern: pod-specific-string.serviceName.default.svc.cluster.local + // where "pod-specific-string" is managed by the StatefulSet controller. + serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) + + // podManagementPolicy controls how pods are created during initial scale up, + // when replacing pods on nodes, or when scaling down. The default policy is + // `OrderedReady`, where pods are created in increasing order (pod-0, then + // pod-1, etc) and the controller will wait until each pod is ready before + // continuing. When scaling down, the pods are removed in the opposite order. + // The alternative policy is `Parallel` which will create pods in parallel + // to match the desired scale without waiting, and on scale down will delete + // all pods at once. + // +optional + podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) + + // updateStrategy indicates the StatefulSetUpdateStrategy that will be + // employed to update Pods in the StatefulSet when a revision is made to + // Template. + updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) + + // revisionHistoryLimit is the maximum number of revisions that will + // be maintained in the StatefulSet's revision history. The revision history + // consists of all revisions not represented by a currently applied + // StatefulSetSpec version. The default value is 10. + revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) + + // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent + // volume claims created from volumeClaimTemplates. By default, all persistent + // volume claims are created as needed and retained until manually deleted. This + // policy allows the lifecycle to be altered, for example by deleting persistent + // volume claims when their stateful set is deleted, or when their pod is scaled + // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, + // which is alpha. +optional + persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) + + // ordinals controls the numbering of replica indices in a StatefulSet. The + // default ordinals behavior assigns a "0" index to the first replica and + // increments the index by one for each additional replica requested. Using + // the ordinals field requires the StatefulSetStartOrdinal feature gate to be + // enabled, which is beta. + // +optional + ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) +} + +// StatefulSetStatus represents the current state of a StatefulSet. +#StatefulSetStatus: { + // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the + // StatefulSet's generation, which is updated on mutation by the API Server. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) + + // replicas is the number of Pods created by the StatefulSet controller. + replicas: int32 @go(Replicas) @protobuf(2,varint,opt) + + // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) + + // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version + // indicated by currentRevision. + currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) + + // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version + // indicated by updateRevision. + updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) + + // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the + // sequence [0,currentReplicas). + currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) + + // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence + // [replicas-updatedReplicas,replicas) + updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) + + // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller + // uses this field as a collision avoidance mechanism when it needs to create the name for the + // newest ControllerRevision. + // +optional + collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) + + // Represents the latest available observations of a statefulset's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) + + // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. + // +optional + availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) +} + +#StatefulSetConditionType: string + +// StatefulSetCondition describes the state of a statefulset at a certain point. +#StatefulSetCondition: { + // Type of statefulset condition. + type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // Last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// StatefulSetList is a collection of StatefulSets. +#StatefulSetList: { + metav1.#TypeMeta + + // Standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of stateful sets. + items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) +} + +// Deployment enables declarative updates for Pods and ReplicaSets. +#Deployment: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the Deployment. + // +optional + spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the Deployment. + // +optional + status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) +} + +// DeploymentSpec is the specification of the desired behavior of the Deployment. +#DeploymentSpec: { + // Number of desired pods. This is a pointer to distinguish between explicit + // zero and not specified. Defaults to 1. + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // Label selector for pods. Existing ReplicaSets whose pods are + // selected by this will be the ones affected by this deployment. + // It must match the pod template's labels. + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // Template describes the pods that will be created. + // The only allowed template.spec.restartPolicy value is "Always". + template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) + + // The deployment strategy to use to replace existing pods with new ones. + // +optional + // +patchStrategy=retainKeys + strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing, for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) + + // The number of old ReplicaSets to retain to allow rollback. + // This is a pointer to distinguish between explicit zero and not specified. + // Defaults to 10. + // +optional + revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) + + // Indicates that the deployment is paused. + // +optional + paused?: bool @go(Paused) @protobuf(7,varint,opt) + + // The maximum time in seconds for a deployment to make progress before it + // is considered to be failed. The deployment controller will continue to + // process failed deployments and a condition with a ProgressDeadlineExceeded + // reason will be surfaced in the deployment status. Note that progress will + // not be estimated during the time a deployment is paused. Defaults to 600s. + progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) +} + +// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added +// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets +// to select new pods (and old pods being select by new ReplicaSet). +#DefaultDeploymentUniqueLabelKey: "pod-template-hash" + +// DeploymentStrategy describes how to replace existing pods with new ones. +#DeploymentStrategy: { + // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + // +optional + type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) + + // Rolling update config params. Present only if DeploymentStrategyType = + // RollingUpdate. + //--- + // TODO: Update this to follow our convention for oneOf, whatever we decide it + // to be. + // +optional + rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) +} + +// +enum +#DeploymentStrategyType: string // #enumDeploymentStrategyType + +#enumDeploymentStrategyType: + #RecreateDeploymentStrategyType | + #RollingUpdateDeploymentStrategyType + +// Kill all existing pods before creating new ones. +#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" + +// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. +#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" + +// Spec to control the desired behavior of rolling update. +#RollingUpdateDeployment: { + // The maximum number of pods that can be unavailable during the update. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // Absolute number is calculated from percentage by rounding down. + // This can not be 0 if MaxSurge is 0. + // Defaults to 25%. + // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + // that the total number of pods available at all times during the update is at + // least 70% of desired pods. + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) + + // The maximum number of pods that can be scheduled above the desired number of + // pods. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // This can not be 0 if MaxUnavailable is 0. + // Absolute number is calculated from percentage by rounding up. + // Defaults to 25%. + // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + // the rolling update starts, such that the total number of old and new pods do not exceed + // 130% of desired pods. Once old pods have been killed, + // new ReplicaSet can be scaled up further, ensuring that total number of pods running + // at any time during the update is at most 130% of desired pods. + // +optional + maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) +} + +// DeploymentStatus is the most recently observed status of the Deployment. +#DeploymentStatus: { + // The generation observed by the deployment controller. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) + + // Total number of non-terminated pods targeted by this deployment (their labels match the selector). + // +optional + replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) + + // Total number of non-terminated pods targeted by this deployment that have the desired template spec. + // +optional + updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) + + // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + // +optional + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) + + // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + // +optional + availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) + + // Total number of unavailable pods targeted by this deployment. This is the total number of + // pods that are still required for the deployment to have 100% available capacity. They may + // either be pods that are running but not yet available or pods that still have not been created. + // +optional + unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) + + // Represents the latest available observations of a deployment's current state. + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) + + // Count of hash collisions for the Deployment. The Deployment controller uses this + // field as a collision avoidance mechanism when it needs to create the name for the + // newest ReplicaSet. + // +optional + collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) +} + +#DeploymentConditionType: string // #enumDeploymentConditionType + +#enumDeploymentConditionType: + #DeploymentAvailable | + #DeploymentProgressing | + #DeploymentReplicaFailure + +// Available means the deployment is available, ie. at least the minimum available +// replicas required are up and running for at least minReadySeconds. +#DeploymentAvailable: #DeploymentConditionType & "Available" + +// Progressing means the deployment is progressing. Progress for a deployment is +// considered when a new replica set is created or adopted, and when new pods scale +// up or old pods scale down. Progress is not estimated for paused deployments or +// when progressDeadlineSeconds is not specified. +#DeploymentProgressing: #DeploymentConditionType & "Progressing" + +// ReplicaFailure is added in a deployment when one of its pods fails to be created +// or deleted. +#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" + +// DeploymentCondition describes the state of a deployment at a certain point. +#DeploymentCondition: { + // Type of deployment condition. + type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // The last time this condition was updated. + lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) + + // Last time the condition transitioned from one status to another. + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) + + // The reason for the condition's last transition. + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// DeploymentList is a list of Deployments. +#DeploymentList: { + metav1.#TypeMeta + + // Standard list metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of Deployments. + items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) +} + +// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. +#DaemonSetUpdateStrategy: { + // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. + // +optional + type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) + + // Rolling update config params. Present only if type = "RollingUpdate". + //--- + // TODO: Update this to follow our convention for oneOf, whatever we decide it + // to be. Same as Deployment `strategy.rollingUpdate`. + // See https://github.com/kubernetes/kubernetes/issues/35345 + // +optional + rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) +} + +// +enum +#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType + +#enumDaemonSetUpdateStrategyType: + #RollingUpdateDaemonSetStrategyType | + #OnDeleteDaemonSetStrategyType + +// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. +#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" + +// Replace the old daemons only when it's killed +#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" + +// Spec to control the desired behavior of daemon set rolling update. +#RollingUpdateDaemonSet: { + // The maximum number of DaemonSet pods that can be unavailable during the + // update. Value can be an absolute number (ex: 5) or a percentage of total + // number of DaemonSet pods at the start of the update (ex: 10%). Absolute + // number is calculated from percentage by rounding up. + // This cannot be 0 if MaxSurge is 0 + // Default value is 1. + // Example: when this is set to 30%, at most 30% of the total number of nodes + // that should be running the daemon pod (i.e. status.desiredNumberScheduled) + // can have their pods stopped for an update at any given time. The update + // starts by stopping at most 30% of those DaemonSet pods and then brings + // up new DaemonSet pods in their place. Once the new pods are available, + // it then proceeds onto other DaemonSet pods, thus ensuring that at least + // 70% of original number of DaemonSet pods are available at all times during + // the update. + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) + + // The maximum number of nodes with an existing available DaemonSet pod that + // can have an updated DaemonSet pod during during an update. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // This can not be 0 if MaxUnavailable is 0. + // Absolute number is calculated from percentage by rounding up to a minimum of 1. + // Default value is 0. + // Example: when this is set to 30%, at most 30% of the total number of nodes + // that should be running the daemon pod (i.e. status.desiredNumberScheduled) + // can have their a new pod created before the old pod is marked as deleted. + // The update starts by launching new pods on 30% of nodes. Once an updated + // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod + // on that node is marked deleted. If the old pod becomes unavailable for any + // reason (Ready transitions to false, is evicted, or is drained) an updated + // pod is immediatedly created on that node without considering surge limits. + // Allowing surge implies the possibility that the resources consumed by the + // daemonset on any given node can double if the readiness check fails, and + // so resource intensive daemonsets should take into account that they may + // cause evictions during disruption. + // +optional + maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) +} + +// DaemonSetSpec is the specification of a daemon set. +#DaemonSetSpec: { + // A label query over pods that are managed by the daemon set. + // Must match in order to be controlled. + // It must match the pod template's labels. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) + + // An object that describes the pod that will be created. + // The DaemonSet will create exactly one copy of this pod on every node + // that matches the template's node selector (or on every node if no node + // selector is specified). + // The only allowed template.spec.restartPolicy value is "Always". + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template + template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) + + // An update strategy to replace existing DaemonSet pods with new pods. + // +optional + updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) + + // The minimum number of seconds for which a newly created DaemonSet pod should + // be ready without any of its container crashing, for it to be considered + // available. Defaults to 0 (pod will be considered available as soon as it + // is ready). + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) + + // The number of old history to retain to allow rollback. + // This is a pointer to distinguish between explicit zero and not specified. + // Defaults to 10. + // +optional + revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) +} + +// DaemonSetStatus represents the current status of a daemon set. +#DaemonSetStatus: { + // The number of nodes that are running at least 1 + // daemon pod and are supposed to run the daemon pod. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ + currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) + + // The number of nodes that are running the daemon pod, but are + // not supposed to run the daemon pod. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ + numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) + + // The total number of nodes that should be running the daemon + // pod (including nodes correctly running the daemon pod). + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ + desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) + + // numberReady is the number of nodes that should be running the daemon pod and have one + // or more of the daemon pod running with a Ready Condition. + numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) + + // The most recent generation observed by the daemon set controller. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) + + // The total number of nodes that are running updated daemon pod + // +optional + updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) + + // The number of nodes that should be running the + // daemon pod and have one or more of the daemon pod running and + // available (ready for at least spec.minReadySeconds) + // +optional + numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) + + // The number of nodes that should be running the + // daemon pod and have none of the daemon pod running and available + // (ready for at least spec.minReadySeconds) + // +optional + numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) + + // Count of hash collisions for the DaemonSet. The DaemonSet controller + // uses this field as a collision avoidance mechanism when it needs to + // create the name for the newest ControllerRevision. + // +optional + collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) + + // Represents the latest available observations of a DaemonSet's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) +} + +#DaemonSetConditionType: string + +// DaemonSetCondition describes the state of a DaemonSet at a certain point. +#DaemonSetCondition: { + // Type of DaemonSet condition. + type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // Last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// DaemonSet represents the configuration of a daemon set. +#DaemonSet: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The desired behavior of this daemon set. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) + + // The current status of this daemon set. This data may be + // out of date by some window of time. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// DefaultDaemonSetUniqueLabelKey is the default label key that is added +// to existing DaemonSet pods to distinguish between old and new +// DaemonSet pods during DaemonSet template updates. +#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" + +// DaemonSetList is a collection of daemon sets. +#DaemonSetList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // A list of daemon sets. + items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) +} + +// ReplicaSet ensures that a specified number of pod replicas are running at any given time. +#ReplicaSet: { + metav1.#TypeMeta + + // If the Labels of a ReplicaSet are empty, they are defaulted to + // be the same as the Pod(s) that the ReplicaSet manages. + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the specification of the desired behavior of the ReplicaSet. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is the most recently observed status of the ReplicaSet. + // This data may be out of date by some window of time. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ReplicaSetList is a collection of ReplicaSets. +#ReplicaSetList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ReplicaSets. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller + items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) +} + +// ReplicaSetSpec is the specification of a ReplicaSet. +#ReplicaSetSpec: { + // Replicas is the number of desired replicas. + // This is a pointer to distinguish between explicit zero and unspecified. + // Defaults to 1. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing, for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) + + // Selector is a label query over pods that should match the replica count. + // Label keys and values that must match in order to be controlled by this replica set. + // It must match the pod template's labels. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // Template is the object that describes the pod that will be created if + // insufficient replicas are detected. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template + // +optional + template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) +} + +// ReplicaSetStatus represents the current status of a ReplicaSet. +#ReplicaSetStatus: { + // Replicas is the most recently observed number of replicas. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller + replicas: int32 @go(Replicas) @protobuf(1,varint,opt) + + // The number of pods that have labels matching the labels of the pod template of the replicaset. + // +optional + fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) + + // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. + // +optional + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) + + // The number of available replicas (ready for at least minReadySeconds) for this replica set. + // +optional + availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) + + // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) + + // Represents the latest available observations of a replica set's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) +} + +#ReplicaSetConditionType: string // #enumReplicaSetConditionType + +#enumReplicaSetConditionType: + #ReplicaSetReplicaFailure + +// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created +// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted +// due to kubelet being down or finalizers are failing. +#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" + +// ReplicaSetCondition describes the state of a replica set at a certain point. +#ReplicaSetCondition: { + // Type of replica set condition. + type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // The last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// ControllerRevision implements an immutable snapshot of state data. Clients +// are responsible for serializing and deserializing the objects that contain +// their internal state. +// Once a ControllerRevision has been successfully created, it can not be updated. +// The API Server will fail validation of all requests that attempt to mutate +// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both +// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, +// it may be subject to name and representation changes in future releases, and clients should not +// depend on its stability. It is primarily for internal use by controllers. +#ControllerRevision: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Data is the serialized representation of the state. + data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) + + // Revision indicates the revision of the state represented by Data. + revision: int64 @go(Revision) @protobuf(3,varint,opt) +} + +// ControllerRevisionList is a resource containing a list of ControllerRevision objects. +#ControllerRevisionList: { + metav1.#TypeMeta + + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of ControllerRevisions + items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue new file mode 100644 index 00000000..08256009 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/authentication/v1 + +package v1 + +#GroupName: "authentication.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue new file mode 100644 index 00000000..5f0127a6 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue @@ -0,0 +1,206 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/authentication/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" +) + +// ImpersonateUserHeader is used to impersonate a particular user during an API server request +#ImpersonateUserHeader: "Impersonate-User" + +// ImpersonateGroupHeader is used to impersonate a particular group during an API server request. +// It can be repeated multiplied times for multiple groups. +#ImpersonateGroupHeader: "Impersonate-Group" + +// ImpersonateUIDHeader is used to impersonate a particular UID during an API server request +#ImpersonateUIDHeader: "Impersonate-Uid" + +// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the +// extra map[string][]string for user.Info. The key will be every after the prefix. +// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple +// times to have multiple elements in the slice under a single key +#ImpersonateUserExtraHeaderPrefix: "Impersonate-Extra-" + +// TokenReview attempts to authenticate a token to a known user. +// Note: TokenReview requests may be cached by the webhook token authenticator +// plugin in the kube-apiserver. +#TokenReview: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec holds information about the request being evaluated + spec: #TokenReviewSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is filled in by the server and indicates whether the request can be authenticated. + // +optional + status?: #TokenReviewStatus @go(Status) @protobuf(3,bytes,opt) +} + +// TokenReviewSpec is a description of the token authentication request. +#TokenReviewSpec: { + // Token is the opaque bearer token. + // +optional + token?: string @go(Token) @protobuf(1,bytes,opt) + + // Audiences is a list of the identifiers that the resource server presented + // with the token identifies as. Audience-aware token authenticators will + // verify that the token was intended for at least one of the audiences in + // this list. If no audiences are provided, the audience will default to the + // audience of the Kubernetes apiserver. + // +optional + audiences?: [...string] @go(Audiences,[]string) @protobuf(2,bytes,rep) +} + +// TokenReviewStatus is the result of the token authentication request. +#TokenReviewStatus: { + // Authenticated indicates that the token was associated with a known user. + // +optional + authenticated?: bool @go(Authenticated) @protobuf(1,varint,opt) + + // User is the UserInfo associated with the provided token. + // +optional + user?: #UserInfo @go(User) @protobuf(2,bytes,opt) + + // Audiences are audience identifiers chosen by the authenticator that are + // compatible with both the TokenReview and token. An identifier is any + // identifier in the intersection of the TokenReviewSpec audiences and the + // token's audiences. A client of the TokenReview API that sets the + // spec.audiences field should validate that a compatible audience identifier + // is returned in the status.audiences field to ensure that the TokenReview + // server is audience aware. If a TokenReview returns an empty + // status.audience field where status.authenticated is "true", the token is + // valid against the audience of the Kubernetes API server. + // +optional + audiences?: [...string] @go(Audiences,[]string) @protobuf(4,bytes,rep) + + // Error indicates that the token couldn't be checked + // +optional + error?: string @go(Error) @protobuf(3,bytes,opt) +} + +// UserInfo holds the information about the user needed to implement the +// user.Info interface. +#UserInfo: { + // The name that uniquely identifies this user among all active users. + // +optional + username?: string @go(Username) @protobuf(1,bytes,opt) + + // A unique value that identifies this user across time. If this user is + // deleted and another user by the same name is added, they will have + // different UIDs. + // +optional + uid?: string @go(UID) @protobuf(2,bytes,opt) + + // The names of groups this user is a part of. + // +optional + groups?: [...string] @go(Groups,[]string) @protobuf(3,bytes,rep) + + // Any additional information provided by the authenticator. + // +optional + extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(4,bytes,rep) +} + +// ExtraValue masks the value so protobuf can generate +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +#ExtraValue: [...string] + +// TokenRequest requests a token for a given service account. +#TokenRequest: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec holds information about the request being evaluated + spec: #TokenRequestSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is filled in by the server and indicates whether the token can be authenticated. + // +optional + status?: #TokenRequestStatus @go(Status) @protobuf(3,bytes,opt) +} + +// TokenRequestSpec contains client provided parameters of a token request. +#TokenRequestSpec: { + // Audiences are the intendend audiences of the token. A recipient of a + // token must identify themself with an identifier in the list of + // audiences of the token, and otherwise should reject the token. A + // token issued for multiple audiences may be used to authenticate + // against any of the audiences listed but implies a high degree of + // trust between the target audiences. + audiences: [...string] @go(Audiences,[]string) @protobuf(1,bytes,rep) + + // ExpirationSeconds is the requested duration of validity of the request. The + // token issuer may return a token with a different validity duration so a + // client needs to check the 'expiration' field in a response. + // +optional + expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(4,varint,opt) + + // BoundObjectRef is a reference to an object that the token will be bound to. + // The token will only be valid for as long as the bound object exists. + // NOTE: The API server's TokenReview endpoint will validate the + // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds + // small if you want prompt revocation. + // +optional + boundObjectRef?: null | #BoundObjectReference @go(BoundObjectRef,*BoundObjectReference) @protobuf(3,bytes,opt) +} + +// TokenRequestStatus is the result of a token request. +#TokenRequestStatus: { + // Token is the opaque bearer token. + token: string @go(Token) @protobuf(1,bytes,opt) + + // ExpirationTimestamp is the time of expiration of the returned token. + expirationTimestamp: metav1.#Time @go(ExpirationTimestamp) @protobuf(2,bytes,opt) +} + +// BoundObjectReference is a reference to an object that a token is bound to. +#BoundObjectReference: { + // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. + // +optional + kind?: string @go(Kind) @protobuf(1,bytes,opt) + + // API version of the referent. + // +optional + apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) + + // Name of the referent. + // +optional + name?: string @go(Name) @protobuf(3,bytes,opt) + + // UID of the referent. + // +optional + uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID) +} + +// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. +// When using impersonation, users will receive the user info of the user being impersonated. If impersonation or +// request header authentication is used, any extra keys will have their case ignored and returned as lowercase. +#SelfSubjectReview: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Status is filled in by the server with the user attributes. + status?: #SelfSubjectReviewStatus @go(Status) @protobuf(2,bytes,opt) +} + +// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user. +#SelfSubjectReviewStatus: { + // User attributes of the user making this request. + // +optional + userInfo?: #UserInfo @go(UserInfo) @protobuf(1,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue new file mode 100644 index 00000000..afd54ec0 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/authorization/v1 + +package v1 + +#GroupName: "authorization.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue new file mode 100644 index 00000000..6eaf8187 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue @@ -0,0 +1,262 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/authorization/v1 + +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// SubjectAccessReview checks whether or not a user or group can perform an action. +#SubjectAccessReview: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec holds information about the request being evaluated + spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is filled in by the server and indicates whether the request is allowed or not + // +optional + status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) +} + +// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a +// spec.namespace means "in all namespaces". Self is a special case, because users should always be able +// to check whether they can perform an action +#SelfSubjectAccessReview: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec holds information about the request being evaluated. user and groups must be empty + spec: #SelfSubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is filled in by the server and indicates whether the request is allowed or not + // +optional + status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) +} + +// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. +// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions +// checking. +#LocalSubjectAccessReview: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace + // you made the request against. If empty, it is defaulted. + spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is filled in by the server and indicates whether the request is allowed or not + // +optional + status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface +#ResourceAttributes: { + // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces + // "" (empty) is defaulted for LocalSubjectAccessReviews + // "" (empty) is empty for cluster-scoped resources + // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview + // +optional + namespace?: string @go(Namespace) @protobuf(1,bytes,opt) + + // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. + // +optional + verb?: string @go(Verb) @protobuf(2,bytes,opt) + + // Group is the API Group of the Resource. "*" means all. + // +optional + group?: string @go(Group) @protobuf(3,bytes,opt) + + // Version is the API Version of the Resource. "*" means all. + // +optional + version?: string @go(Version) @protobuf(4,bytes,opt) + + // Resource is one of the existing resource types. "*" means all. + // +optional + resource?: string @go(Resource) @protobuf(5,bytes,opt) + + // Subresource is one of the existing resource types. "" means none. + // +optional + subresource?: string @go(Subresource) @protobuf(6,bytes,opt) + + // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. + // +optional + name?: string @go(Name) @protobuf(7,bytes,opt) +} + +// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface +#NonResourceAttributes: { + // Path is the URL path of the request + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) + + // Verb is the standard HTTP verb + // +optional + verb?: string @go(Verb) @protobuf(2,bytes,opt) +} + +// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes +// and NonResourceAuthorizationAttributes must be set +#SubjectAccessReviewSpec: { + // ResourceAuthorizationAttributes describes information for a resource access request + // +optional + resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) + + // NonResourceAttributes describes information for a non-resource access request + // +optional + nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) + + // User is the user you're testing for. + // If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups + // +optional + user?: string @go(User) @protobuf(3,bytes,opt) + + // Groups is the groups you're testing for. + // +optional + groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) + + // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer + // it needs a reflection here. + // +optional + extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(5,bytes,rep) + + // UID information about the requesting user. + // +optional + uid?: string @go(UID) @protobuf(6,bytes,opt) +} + +// ExtraValue masks the value so protobuf can generate +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +#ExtraValue: [...string] + +// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes +// and NonResourceAuthorizationAttributes must be set +#SelfSubjectAccessReviewSpec: { + // ResourceAuthorizationAttributes describes information for a resource access request + // +optional + resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) + + // NonResourceAttributes describes information for a non-resource access request + // +optional + nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) +} + +// SubjectAccessReviewStatus +#SubjectAccessReviewStatus: { + // Allowed is required. True if the action would be allowed, false otherwise. + allowed: bool @go(Allowed) @protobuf(1,varint,opt) + + // Denied is optional. True if the action would be denied, otherwise + // false. If both allowed is false and denied is false, then the + // authorizer has no opinion on whether to authorize the action. Denied + // may not be true if Allowed is true. + // +optional + denied?: bool @go(Denied) @protobuf(4,varint,opt) + + // Reason is optional. It indicates why a request was allowed or denied. + // +optional + reason?: string @go(Reason) @protobuf(2,bytes,opt) + + // EvaluationError is an indication that some error occurred during the authorization check. + // It is entirely possible to get an error and be able to continue determine authorization status in spite of it. + // For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request. + // +optional + evaluationError?: string @go(EvaluationError) @protobuf(3,bytes,opt) +} + +// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. +// The returned list of actions may be incomplete depending on the server's authorization mode, +// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, +// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to +// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. +// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. +#SelfSubjectRulesReview: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec holds information about the request being evaluated. + spec: #SelfSubjectRulesReviewSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is filled in by the server and indicates the set of actions a user can perform. + // +optional + status?: #SubjectRulesReviewStatus @go(Status) @protobuf(3,bytes,opt) +} + +// SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview. +#SelfSubjectRulesReviewSpec: { + // Namespace to evaluate rules for. Required. + namespace?: string @go(Namespace) @protobuf(1,bytes,opt) +} + +// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on +// the set of authorizers the server is configured with and any errors experienced during evaluation. +// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, +// even if that list is incomplete. +#SubjectRulesReviewStatus: { + // ResourceRules is the list of actions the subject is allowed to perform on resources. + // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. + resourceRules: [...#ResourceRule] @go(ResourceRules,[]ResourceRule) @protobuf(1,bytes,rep) + + // NonResourceRules is the list of actions the subject is allowed to perform on non-resources. + // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. + nonResourceRules: [...#NonResourceRule] @go(NonResourceRules,[]NonResourceRule) @protobuf(2,bytes,rep) + + // Incomplete is true when the rules returned by this call are incomplete. This is most commonly + // encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation. + incomplete: bool @go(Incomplete) @protobuf(3,bytes,rep) + + // EvaluationError can appear in combination with Rules. It indicates an error occurred during + // rule evaluation, such as an authorizer that doesn't support rule evaluation, and that + // ResourceRules and/or NonResourceRules may be incomplete. + // +optional + evaluationError?: string @go(EvaluationError) @protobuf(4,bytes,opt) +} + +// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, +// may contain duplicates, and possibly be incomplete. +#ResourceRule: { + // Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all. + verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) + + // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + // the enumerated resources in any API group will be allowed. "*" means all. + // +optional + apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) + + // Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. + // "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups. + // +optional + resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) + + // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all. + // +optional + resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) +} + +// NonResourceRule holds information that describes a rule for the non-resource +#NonResourceRule: { + // Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all. + verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) + + // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, + // final step in the path. "*" means all. + // +optional + nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue new file mode 100644 index 00000000..0a7f3423 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/autoscaling/v1 + +package v1 + +#GroupName: "autoscaling" diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue new file mode 100644 index 00000000..6e873a35 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue @@ -0,0 +1,542 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/autoscaling/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/api/core/v1" +) + +// CrossVersionObjectReference contains enough information to let you identify the referred resource. +// +structType=atomic +#CrossVersionObjectReference: { + // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + kind: string @go(Kind) @protobuf(1,bytes,opt) + + // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + name: string @go(Name) @protobuf(2,bytes,opt) + + // apiVersion is the API version of the referent + // +optional + apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) +} + +// specification of a horizontal pod autoscaler. +#HorizontalPodAutoscalerSpec: { + // reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption + // and will set the desired number of pods by using its Scale subresource. + scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) + + // minReplicas is the lower limit for the number of replicas to which the autoscaler + // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the + // alpha feature gate HPAScaleToZero is enabled and at least one Object or External + // metric is configured. Scaling is active as long as at least one metric value is + // available. + // +optional + minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) + + // maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas. + maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) + + // targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods; + // if not specified the default autoscaling policy will be used. + // +optional + targetCPUUtilizationPercentage?: null | int32 @go(TargetCPUUtilizationPercentage,*int32) @protobuf(4,varint,opt) +} + +// current status of a horizontal pod autoscaler +#HorizontalPodAutoscalerStatus: { + // observedGeneration is the most recent generation observed by this autoscaler. + // +optional + observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) + + // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods; + // used by the autoscaler to control how often the number of pods is changed. + // +optional + lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) + + // currentReplicas is the current number of replicas of pods managed by this autoscaler. + currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) + + // desiredReplicas is the desired number of replicas of pods managed by this autoscaler. + desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) + + // currentCPUUtilizationPercentage is the current average CPU utilization over all pods, represented as a percentage of requested CPU, + // e.g. 70 means that an average pod is using now 70% of its requested CPU. + // +optional + currentCPUUtilizationPercentage?: null | int32 @go(CurrentCPUUtilizationPercentage,*int32) @protobuf(5,varint,opt) +} + +// configuration of a horizontal pod autoscaler. +#HorizontalPodAutoscaler: { + metav1.#TypeMeta + + // Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + // +optional + spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) + + // status is the current information about the autoscaler. + // +optional + status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) +} + +// list of horizontal pod autoscaler objects. +#HorizontalPodAutoscalerList: { + metav1.#TypeMeta + + // Standard list metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of horizontal pod autoscaler objects. + items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) +} + +// Scale represents a scaling request for a resource. +#Scale: { + metav1.#TypeMeta + + // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + // +optional + spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt) + + // status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only. + // +optional + status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ScaleSpec describes the attributes of a scale subresource. +#ScaleSpec: { + // replicas is the desired number of instances for the scaled object. + // +optional + replicas?: int32 @go(Replicas) @protobuf(1,varint,opt) +} + +// ScaleStatus represents the current status of a scale subresource. +#ScaleStatus: { + // replicas is the actual number of observed instances of the scaled object. + replicas: int32 @go(Replicas) @protobuf(1,varint,opt) + + // selector is the label query over pods that should match the replicas count. This is same + // as the label selector but in the string format to avoid introspection + // by clients. The string will be in the same format as the query-param syntax. + // More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + // +optional + selector?: string @go(Selector) @protobuf(2,bytes,opt) +} + +// MetricSourceType indicates the type of metric. +// +enum +#MetricSourceType: string // #enumMetricSourceType + +#enumMetricSourceType: + #ObjectMetricSourceType | + #PodsMetricSourceType | + #ResourceMetricSourceType | + #ContainerResourceMetricSourceType | + #ExternalMetricSourceType + +// ObjectMetricSourceType is a metric describing a kubernetes object +// (for example, hits-per-second on an Ingress object). +#ObjectMetricSourceType: #MetricSourceType & "Object" + +// PodsMetricSourceType is a metric describing each pod in the current scale +// target (for example, transactions-processed-per-second). The values +// will be averaged together before being compared to the target value. +#PodsMetricSourceType: #MetricSourceType & "Pods" + +// ResourceMetricSourceType is a resource metric known to Kubernetes, as +// specified in requests and limits, describing each pod in the current +// scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available +// to normal per-pod metrics (the "pods" source). +#ResourceMetricSourceType: #MetricSourceType & "Resource" + +// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as +// specified in requests and limits, describing a single container in each pod in the current +// scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available +// to normal per-pod metrics (the "pods" source). +#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" + +// ExternalMetricSourceType is a global metric that is not associated +// with any Kubernetes object. It allows autoscaling based on information +// coming from components running outside of cluster +// (for example length of queue in cloud messaging service, or +// QPS from loadbalancer running outside of cluster). +#ExternalMetricSourceType: #MetricSourceType & "External" + +// MetricSpec specifies how to scale based on a single metric +// (only `type` and one other matching field should be set at once). +#MetricSpec: { + // type is the type of metric source. It should be one of "ContainerResource", + // "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. + // Note: "ContainerResource" type is available on when the feature-gate + // HPAContainerMetrics is enabled + type: #MetricSourceType @go(Type) @protobuf(1,bytes) + + // object refers to a metric describing a single kubernetes object + // (for example, hits-per-second on an Ingress object). + // +optional + object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) + + // pods refers to a metric describing each pod in the current scale target + // (for example, transactions-processed-per-second). The values will be + // averaged together before being compared to the target value. + // +optional + pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) + + // resource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing each pod in the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // +optional + resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) + + // containerResource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing a single container in each pod of the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + // +optional + containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) + + // external refers to a global metric that is not associated + // with any Kubernetes object. It allows autoscaling based on information + // coming from components running outside of cluster + // (for example length of queue in cloud messaging service, or + // QPS from loadbalancer running outside of cluster). + // +optional + external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) +} + +// ObjectMetricSource indicates how to scale on a metric describing a +// kubernetes object (for example, hits-per-second on an Ingress object). +#ObjectMetricSource: { + // target is the described Kubernetes object. + target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) + + // metricName is the name of the metric in question. + metricName: string @go(MetricName) @protobuf(2,bytes) + + // targetValue is the target value of the metric (as a quantity). + targetValue: resource.#Quantity @go(TargetValue) @protobuf(3,bytes) + + // selector is the string-encoded form of a standard kubernetes label selector for the given metric. + // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping + // When unset, just the metricName will be used to gather metrics. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) + + // averageValue is the target value of the average of the + // metric across all relevant pods (as a quantity) + // +optional + averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) +} + +// PodsMetricSource indicates how to scale on a metric describing each pod in +// the current scale target (for example, transactions-processed-per-second). +// The values will be averaged together before being compared to the target +// value. +#PodsMetricSource: { + // metricName is the name of the metric in question + metricName: string @go(MetricName) @protobuf(1,bytes) + + // targetAverageValue is the target value of the average of the + // metric across all relevant pods (as a quantity) + targetAverageValue: resource.#Quantity @go(TargetAverageValue) @protobuf(2,bytes) + + // selector is the string-encoded form of a standard kubernetes label selector for the given metric + // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping + // When unset, just the metricName will be used to gather metrics. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) +} + +// ResourceMetricSource indicates how to scale on a resource metric known to +// Kubernetes, as specified in requests and limits, describing each pod in the +// current scale target (e.g. CPU or memory). The values will be averaged +// together before being compared to the target. Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. Only one "target" type +// should be set. +#ResourceMetricSource: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // targetAverageUtilization is the target value of the average of the + // resource metric across all relevant pods, represented as a percentage of + // the requested value of the resource for the pods. + // +optional + targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) + + // targetAverageValue is the target value of the average of the + // resource metric across all relevant pods, as a raw value (instead of as + // a percentage of the request), similar to the "pods" metric source type. + // +optional + targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) +} + +// ContainerResourceMetricSource indicates how to scale on a resource metric known to +// Kubernetes, as specified in the requests and limits, describing a single container in +// each of the pods of the current scale target(e.g. CPU or memory). The values will be +// averaged together before being compared to the target. Such metrics are built into +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. Only one "target" type +// should be set. +#ContainerResourceMetricSource: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // targetAverageUtilization is the target value of the average of the + // resource metric across all relevant pods, represented as a percentage of + // the requested value of the resource for the pods. + // +optional + targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) + + // targetAverageValue is the target value of the average of the + // resource metric across all relevant pods, as a raw value (instead of as + // a percentage of the request), similar to the "pods" metric source type. + // +optional + targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) + + // container is the name of the container in the pods of the scaling target. + container: string @go(Container) @protobuf(5,bytes,opt) +} + +// ExternalMetricSource indicates how to scale on a metric not associated with +// any Kubernetes object (for example length of queue in cloud +// messaging service, or QPS from loadbalancer running outside of cluster). +#ExternalMetricSource: { + // metricName is the name of the metric in question. + metricName: string @go(MetricName) @protobuf(1,bytes) + + // metricSelector is used to identify a specific time series + // within a given metric. + // +optional + metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // targetValue is the target value of the metric (as a quantity). + // Mutually exclusive with TargetAverageValue. + // +optional + targetValue?: null | resource.#Quantity @go(TargetValue,*resource.Quantity) @protobuf(3,bytes,opt) + + // targetAverageValue is the target per-pod value of global metric (as a quantity). + // Mutually exclusive with TargetValue. + // +optional + targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) +} + +// MetricStatus describes the last-read state of a single metric. +#MetricStatus: { + // type is the type of metric source. It will be one of "ContainerResource", + // "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. + // Note: "ContainerResource" type is available on when the feature-gate + // HPAContainerMetrics is enabled + type: #MetricSourceType @go(Type) @protobuf(1,bytes) + + // object refers to a metric describing a single kubernetes object + // (for example, hits-per-second on an Ingress object). + // +optional + object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) + + // pods refers to a metric describing each pod in the current scale target + // (for example, transactions-processed-per-second). The values will be + // averaged together before being compared to the target value. + // +optional + pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) + + // resource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing each pod in the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // +optional + resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) + + // containerResource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing a single container in each pod in the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // +optional + containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) + + // external refers to a global metric that is not associated + // with any Kubernetes object. It allows autoscaling based on information + // coming from components running outside of cluster + // (for example length of queue in cloud messaging service, or + // QPS from loadbalancer running outside of cluster). + // +optional + external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) +} + +// HorizontalPodAutoscalerConditionType are the valid conditions of +// a HorizontalPodAutoscaler. +#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType + +#enumHorizontalPodAutoscalerConditionType: + #ScalingActive | + #AbleToScale | + #ScalingLimited + +// ScalingActive indicates that the HPA controller is able to scale if necessary: +// it's correctly configured, can fetch the desired metrics, and isn't disabled. +#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" + +// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, +// such as being in a backoff window, or being unable to access/update the target scale. +#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" + +// ScalingLimited indicates that the calculated scale based on metrics would be above or +// below the range for the HPA, and has thus been capped. +#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" + +// HorizontalPodAutoscalerCondition describes the state of +// a HorizontalPodAutoscaler at a certain point. +#HorizontalPodAutoscalerCondition: { + // type describes the current condition + type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) + + // status is the status of the condition (True, False, Unknown) + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) + + // lastTransitionTime is the last time the condition transitioned from + // one status to another + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // reason is the reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // message is a human-readable explanation containing details about + // the transition + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// ObjectMetricStatus indicates the current value of a metric describing a +// kubernetes object (for example, hits-per-second on an Ingress object). +#ObjectMetricStatus: { + // target is the described Kubernetes object. + target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) + + // metricName is the name of the metric in question. + metricName: string @go(MetricName) @protobuf(2,bytes) + + // currentValue is the current value of the metric (as a quantity). + currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) + + // selector is the string-encoded form of a standard kubernetes label selector for the given metric + // When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + // When unset, just the metricName will be used to gather metrics. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) + + // averageValue is the current value of the average of the + // metric across all relevant pods (as a quantity) + // +optional + averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) +} + +// PodsMetricStatus indicates the current value of a metric describing each pod in +// the current scale target (for example, transactions-processed-per-second). +#PodsMetricStatus: { + // metricName is the name of the metric in question + metricName: string @go(MetricName) @protobuf(1,bytes) + + // currentAverageValue is the current value of the average of the + // metric across all relevant pods (as a quantity) + currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(2,bytes) + + // selector is the string-encoded form of a standard kubernetes label selector for the given metric + // When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + // When unset, just the metricName will be used to gather metrics. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) +} + +// ResourceMetricStatus indicates the current value of a resource metric known to +// Kubernetes, as specified in requests and limits, describing each pod in the +// current scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. +#ResourceMetricStatus: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // currentAverageUtilization is the current value of the average of the + // resource metric across all relevant pods, represented as a percentage of + // the requested value of the resource for the pods. It will only be + // present if `targetAverageValue` was set in the corresponding metric + // specification. + // +optional + currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) + + // currentAverageValue is the current value of the average of the + // resource metric across all relevant pods, as a raw value (instead of as + // a percentage of the request), similar to the "pods" metric source type. + // It will always be set, regardless of the corresponding metric specification. + currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) +} + +// ContainerResourceMetricStatus indicates the current value of a resource metric known to +// Kubernetes, as specified in requests and limits, describing a single container in each pod in the +// current scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. +#ContainerResourceMetricStatus: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // currentAverageUtilization is the current value of the average of the + // resource metric across all relevant pods, represented as a percentage of + // the requested value of the resource for the pods. It will only be + // present if `targetAverageValue` was set in the corresponding metric + // specification. + // +optional + currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) + + // currentAverageValue is the current value of the average of the + // resource metric across all relevant pods, as a raw value (instead of as + // a percentage of the request), similar to the "pods" metric source type. + // It will always be set, regardless of the corresponding metric specification. + currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) + + // container is the name of the container in the pods of the scaling taget + container: string @go(Container) @protobuf(4,bytes,opt) +} + +// ExternalMetricStatus indicates the current value of a global metric +// not associated with any Kubernetes object. +#ExternalMetricStatus: { + // metricName is the name of a metric used for autoscaling in + // metric system. + metricName: string @go(MetricName) @protobuf(1,bytes) + + // metricSelector is used to identify a specific time series + // within a given metric. + // +optional + metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // currentValue is the current value of the metric (as a quantity) + currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) + + // currentAverageValue is the current value of metric averaged over autoscaled pods. + // +optional + currentAverageValue?: null | resource.#Quantity @go(CurrentAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue new file mode 100644 index 00000000..aea0fb26 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/autoscaling/v2 + +package v2 + +#GroupName: "autoscaling" diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue new file mode 100644 index 00000000..76702085 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue @@ -0,0 +1,597 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/autoscaling/v2 + +package v2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" +) + +// HorizontalPodAutoscaler is the configuration for a horizontal pod +// autoscaler, which automatically manages the replica count of any resource +// implementing the scale subresource based on the metrics specified. +#HorizontalPodAutoscaler: { + metav1.#TypeMeta + + // metadata is the standard object metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec is the specification for the behaviour of the autoscaler. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. + // +optional + spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) + + // status is the current information about the autoscaler. + // +optional + status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) +} + +// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler. +#HorizontalPodAutoscalerSpec: { + // scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics + // should be collected, as well as to actually change the replica count. + scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) + + // minReplicas is the lower limit for the number of replicas to which the autoscaler + // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the + // alpha feature gate HPAScaleToZero is enabled and at least one Object or External + // metric is configured. Scaling is active as long as at least one metric value is + // available. + // +optional + minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) + + // maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. + // It cannot be less that minReplicas. + maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) + + // metrics contains the specifications for which to use to calculate the + // desired replica count (the maximum replica count across all metrics will + // be used). The desired replica count is calculated multiplying the + // ratio between the target value and the current value by the current + // number of pods. Ergo, metrics used must decrease as the pod count is + // increased, and vice-versa. See the individual metric source types for + // more information about how each type of metric must respond. + // If not set, the default metric will be set to 80% average CPU utilization. + // +listType=atomic + // +optional + metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep) + + // behavior configures the scaling behavior of the target + // in both Up and Down directions (scaleUp and scaleDown fields respectively). + // If not set, the default HPAScalingRules for scale up and scale down are used. + // +optional + behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt) +} + +// CrossVersionObjectReference contains enough information to let you identify the referred resource. +#CrossVersionObjectReference: { + // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + kind: string @go(Kind) @protobuf(1,bytes,opt) + + // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + name: string @go(Name) @protobuf(2,bytes,opt) + + // apiVersion is the API version of the referent + // +optional + apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) +} + +// MetricSpec specifies how to scale based on a single metric +// (only `type` and one other matching field should be set at once). +#MetricSpec: { + // type is the type of metric source. It should be one of "ContainerResource", "External", + // "Object", "Pods" or "Resource", each mapping to a matching field in the object. + // Note: "ContainerResource" type is available on when the feature-gate + // HPAContainerMetrics is enabled + type: #MetricSourceType @go(Type) @protobuf(1,bytes) + + // object refers to a metric describing a single kubernetes object + // (for example, hits-per-second on an Ingress object). + // +optional + object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) + + // pods refers to a metric describing each pod in the current scale target + // (for example, transactions-processed-per-second). The values will be + // averaged together before being compared to the target value. + // +optional + pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) + + // resource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing each pod in the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // +optional + resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) + + // containerResource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing a single container in + // each pod of the current scale target (e.g. CPU or memory). Such metrics are + // built in to Kubernetes, and have special scaling options on top of those + // available to normal per-pod metrics using the "pods" source. + // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. + // +optional + containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) + + // external refers to a global metric that is not associated + // with any Kubernetes object. It allows autoscaling based on information + // coming from components running outside of cluster + // (for example length of queue in cloud messaging service, or + // QPS from loadbalancer running outside of cluster). + // +optional + external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) +} + +// HorizontalPodAutoscalerBehavior configures the scaling behavior of the target +// in both Up and Down directions (scaleUp and scaleDown fields respectively). +#HorizontalPodAutoscalerBehavior: { + // scaleUp is scaling policy for scaling Up. + // If not set, the default value is the higher of: + // * increase no more than 4 pods per 60 seconds + // * double the number of pods per 60 seconds + // No stabilization is used. + // +optional + scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt) + + // scaleDown is scaling policy for scaling Down. + // If not set, the default value is to allow to scale down to minReplicas pods, with a + // 300 second stabilization window (i.e., the highest recommendation for + // the last 300sec is used). + // +optional + scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt) +} + +// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction +#ScalingPolicySelect: string // #enumScalingPolicySelect + +#enumScalingPolicySelect: + #MaxChangePolicySelect | + #MinChangePolicySelect | + #DisabledPolicySelect + +// MaxChangePolicySelect selects the policy with the highest possible change. +#MaxChangePolicySelect: #ScalingPolicySelect & "Max" + +// MinChangePolicySelect selects the policy with the lowest possible change. +#MinChangePolicySelect: #ScalingPolicySelect & "Min" + +// DisabledPolicySelect disables the scaling in this direction. +#DisabledPolicySelect: #ScalingPolicySelect & "Disabled" + +// HPAScalingRules configures the scaling behavior for one direction. +// These Rules are applied after calculating DesiredReplicas from metrics for the HPA. +// They can limit the scaling velocity by specifying scaling policies. +// They can prevent flapping by specifying the stabilization window, so that the +// number of replicas is not set instantly, instead, the safest value from the stabilization +// window is chosen. +#HPAScalingRules: { + // stabilizationWindowSeconds is the number of seconds for which past recommendations should be + // considered while scaling up or scaling down. + // StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). + // If not set, use the default values: + // - For scale up: 0 (i.e. no stabilization is done). + // - For scale down: 300 (i.e. the stabilization window is 300 seconds long). + // +optional + stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt) + + // selectPolicy is used to specify which policy should be used. + // If not set, the default value Max is used. + // +optional + selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt) + + // policies is a list of potential scaling polices which can be used during scaling. + // At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid + // +listType=atomic + // +optional + policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep) +} + +// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions. +#HPAScalingPolicyType: string // #enumHPAScalingPolicyType + +#enumHPAScalingPolicyType: + #PodsScalingPolicy | + #PercentScalingPolicy + +// PodsScalingPolicy is a policy used to specify a change in absolute number of pods. +#PodsScalingPolicy: #HPAScalingPolicyType & "Pods" + +// PercentScalingPolicy is a policy used to specify a relative amount of change with respect to +// the current number of pods. +#PercentScalingPolicy: #HPAScalingPolicyType & "Percent" + +// HPAScalingPolicy is a single policy which must hold true for a specified past interval. +#HPAScalingPolicy: { + // type is used to specify the scaling policy. + type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType) + + // value contains the amount of change which is permitted by the policy. + // It must be greater than zero + value: int32 @go(Value) @protobuf(2,varint,opt) + + // periodSeconds specifies the window of time for which the policy should hold true. + // PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). + periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt) +} + +// MetricSourceType indicates the type of metric. +#MetricSourceType: string // #enumMetricSourceType + +#enumMetricSourceType: + #ObjectMetricSourceType | + #PodsMetricSourceType | + #ResourceMetricSourceType | + #ContainerResourceMetricSourceType | + #ExternalMetricSourceType + +// ObjectMetricSourceType is a metric describing a kubernetes object +// (for example, hits-per-second on an Ingress object). +#ObjectMetricSourceType: #MetricSourceType & "Object" + +// PodsMetricSourceType is a metric describing each pod in the current scale +// target (for example, transactions-processed-per-second). The values +// will be averaged together before being compared to the target value. +#PodsMetricSourceType: #MetricSourceType & "Pods" + +// ResourceMetricSourceType is a resource metric known to Kubernetes, as +// specified in requests and limits, describing each pod in the current +// scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available +// to normal per-pod metrics (the "pods" source). +#ResourceMetricSourceType: #MetricSourceType & "Resource" + +// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as +// specified in requests and limits, describing a single container in each pod in the current +// scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available +// to normal per-pod metrics (the "pods" source). +#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" + +// ExternalMetricSourceType is a global metric that is not associated +// with any Kubernetes object. It allows autoscaling based on information +// coming from components running outside of cluster +// (for example length of queue in cloud messaging service, or +// QPS from loadbalancer running outside of cluster). +#ExternalMetricSourceType: #MetricSourceType & "External" + +// ObjectMetricSource indicates how to scale on a metric describing a +// kubernetes object (for example, hits-per-second on an Ingress object). +#ObjectMetricSource: { + // describedObject specifies the descriptions of a object,such as kind,name apiVersion + describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes) + + // target specifies the target value for the given metric + target: #MetricTarget @go(Target) @protobuf(2,bytes) + + // metric identifies the target metric by name and selector + metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes) +} + +// PodsMetricSource indicates how to scale on a metric describing each pod in +// the current scale target (for example, transactions-processed-per-second). +// The values will be averaged together before being compared to the target +// value. +#PodsMetricSource: { + // metric identifies the target metric by name and selector + metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) + + // target specifies the target value for the given metric + target: #MetricTarget @go(Target) @protobuf(2,bytes) +} + +// ResourceMetricSource indicates how to scale on a resource metric known to +// Kubernetes, as specified in requests and limits, describing each pod in the +// current scale target (e.g. CPU or memory). The values will be averaged +// together before being compared to the target. Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. Only one "target" type +// should be set. +#ResourceMetricSource: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // target specifies the target value for the given metric + target: #MetricTarget @go(Target) @protobuf(2,bytes) +} + +// ContainerResourceMetricSource indicates how to scale on a resource metric known to +// Kubernetes, as specified in requests and limits, describing each pod in the +// current scale target (e.g. CPU or memory). The values will be averaged +// together before being compared to the target. Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. Only one "target" type +// should be set. +#ContainerResourceMetricSource: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // target specifies the target value for the given metric + target: #MetricTarget @go(Target) @protobuf(2,bytes) + + // container is the name of the container in the pods of the scaling target + container: string @go(Container) @protobuf(3,bytes,opt) +} + +// ExternalMetricSource indicates how to scale on a metric not associated with +// any Kubernetes object (for example length of queue in cloud +// messaging service, or QPS from loadbalancer running outside of cluster). +#ExternalMetricSource: { + // metric identifies the target metric by name and selector + metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) + + // target specifies the target value for the given metric + target: #MetricTarget @go(Target) @protobuf(2,bytes) +} + +// MetricIdentifier defines the name and optionally selector for a metric +#MetricIdentifier: { + // name is the name of the given metric + name: string @go(Name) @protobuf(1,bytes) + + // selector is the string-encoded form of a standard kubernetes label selector for the given metric + // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. + // When unset, just the metricName will be used to gather metrics. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes) +} + +// MetricTarget defines the target value, average value, or average utilization of a specific metric +#MetricTarget: { + // type represents whether the metric type is Utilization, Value, or AverageValue + type: #MetricTargetType @go(Type) @protobuf(1,bytes) + + // value is the target value of the metric (as a quantity). + // +optional + value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt) + + // averageValue is the target value of the average of the + // metric across all relevant pods (as a quantity) + // +optional + averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt) + + // averageUtilization is the target value of the average of the + // resource metric across all relevant pods, represented as a percentage of + // the requested value of the resource for the pods. + // Currently only valid for Resource metric source type + // +optional + averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt) +} + +// MetricTargetType specifies the type of metric being targeted, and should be either +// "Value", "AverageValue", or "Utilization" +#MetricTargetType: string // #enumMetricTargetType + +#enumMetricTargetType: + #UtilizationMetricType | + #ValueMetricType | + #AverageValueMetricType + +// UtilizationMetricType declares a MetricTarget is an AverageUtilization value +#UtilizationMetricType: #MetricTargetType & "Utilization" + +// ValueMetricType declares a MetricTarget is a raw value +#ValueMetricType: #MetricTargetType & "Value" + +// AverageValueMetricType declares a MetricTarget is an +#AverageValueMetricType: #MetricTargetType & "AverageValue" + +// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler. +#HorizontalPodAutoscalerStatus: { + // observedGeneration is the most recent generation observed by this autoscaler. + // +optional + observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) + + // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, + // used by the autoscaler to control how often the number of pods is changed. + // +optional + lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) + + // currentReplicas is current number of replicas of pods managed by this autoscaler, + // as last seen by the autoscaler. + // +optional + currentReplicas?: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) + + // desiredReplicas is the desired number of replicas of pods managed by this autoscaler, + // as last calculated by the autoscaler. + desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) + + // currentMetrics is the last read state of the metrics used by this autoscaler. + // +listType=atomic + // +optional + currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep) + + // conditions is the set of conditions required for this autoscaler to scale its target, + // and indicates whether or not those conditions are met. + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + // +optional + conditions?: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep) +} + +// HorizontalPodAutoscalerConditionType are the valid conditions of +// a HorizontalPodAutoscaler. +#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType + +#enumHorizontalPodAutoscalerConditionType: + #ScalingActive | + #AbleToScale | + #ScalingLimited + +// ScalingActive indicates that the HPA controller is able to scale if necessary: +// it's correctly configured, can fetch the desired metrics, and isn't disabled. +#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" + +// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, +// such as being in a backoff window, or being unable to access/update the target scale. +#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" + +// ScalingLimited indicates that the calculated scale based on metrics would be above or +// below the range for the HPA, and has thus been capped. +#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" + +// HorizontalPodAutoscalerCondition describes the state of +// a HorizontalPodAutoscaler at a certain point. +#HorizontalPodAutoscalerCondition: { + // type describes the current condition + type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) + + // status is the status of the condition (True, False, Unknown) + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) + + // lastTransitionTime is the last time the condition transitioned from + // one status to another + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // reason is the reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // message is a human-readable explanation containing details about + // the transition + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// MetricStatus describes the last-read state of a single metric. +#MetricStatus: { + // type is the type of metric source. It will be one of "ContainerResource", "External", + // "Object", "Pods" or "Resource", each corresponds to a matching field in the object. + // Note: "ContainerResource" type is available on when the feature-gate + // HPAContainerMetrics is enabled + type: #MetricSourceType @go(Type) @protobuf(1,bytes) + + // object refers to a metric describing a single kubernetes object + // (for example, hits-per-second on an Ingress object). + // +optional + object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) + + // pods refers to a metric describing each pod in the current scale target + // (for example, transactions-processed-per-second). The values will be + // averaged together before being compared to the target value. + // +optional + pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) + + // resource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing each pod in the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // +optional + resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) + + // container resource refers to a resource metric (such as those specified in + // requests and limits) known to Kubernetes describing a single container in each pod in the + // current scale target (e.g. CPU or memory). Such metrics are built in to + // Kubernetes, and have special scaling options on top of those available + // to normal per-pod metrics using the "pods" source. + // +optional + containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) + + // external refers to a global metric that is not associated + // with any Kubernetes object. It allows autoscaling based on information + // coming from components running outside of cluster + // (for example length of queue in cloud messaging service, or + // QPS from loadbalancer running outside of cluster). + // +optional + external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) +} + +// ObjectMetricStatus indicates the current value of a metric describing a +// kubernetes object (for example, hits-per-second on an Ingress object). +#ObjectMetricStatus: { + // metric identifies the target metric by name and selector + metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) + + // current contains the current value for the given metric + current: #MetricValueStatus @go(Current) @protobuf(2,bytes) + + // DescribedObject specifies the descriptions of a object,such as kind,name apiVersion + describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes) +} + +// PodsMetricStatus indicates the current value of a metric describing each pod in +// the current scale target (for example, transactions-processed-per-second). +#PodsMetricStatus: { + // metric identifies the target metric by name and selector + metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) + + // current contains the current value for the given metric + current: #MetricValueStatus @go(Current) @protobuf(2,bytes) +} + +// ResourceMetricStatus indicates the current value of a resource metric known to +// Kubernetes, as specified in requests and limits, describing each pod in the +// current scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. +#ResourceMetricStatus: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // current contains the current value for the given metric + current: #MetricValueStatus @go(Current) @protobuf(2,bytes) +} + +// ContainerResourceMetricStatus indicates the current value of a resource metric known to +// Kubernetes, as specified in requests and limits, describing a single container in each pod in the +// current scale target (e.g. CPU or memory). Such metrics are built in to +// Kubernetes, and have special scaling options on top of those available to +// normal per-pod metrics using the "pods" source. +#ContainerResourceMetricStatus: { + // name is the name of the resource in question. + name: v1.#ResourceName @go(Name) @protobuf(1,bytes) + + // current contains the current value for the given metric + current: #MetricValueStatus @go(Current) @protobuf(2,bytes) + + // container is the name of the container in the pods of the scaling target + container: string @go(Container) @protobuf(3,bytes,opt) +} + +// ExternalMetricStatus indicates the current value of a global metric +// not associated with any Kubernetes object. +#ExternalMetricStatus: { + // metric identifies the target metric by name and selector + metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) + + // current contains the current value for the given metric + current: #MetricValueStatus @go(Current) @protobuf(2,bytes) +} + +// MetricValueStatus holds the current value for a metric +#MetricValueStatus: { + // value is the current value of the metric (as a quantity). + // +optional + value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt) + + // averageValue is the current value of the average of the + // metric across all relevant pods (as a quantity) + // +optional + averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt) + + // currentAverageUtilization is the current value of the average of the + // resource metric across all relevant pods, represented as a percentage of + // the requested value of the resource for the pods. + // +optional + averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt) +} + +// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects. +#HorizontalPodAutoscalerList: { + metav1.#TypeMeta + + // metadata is the standard list metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of horizontal pod autoscaler objects. + items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue new file mode 100644 index 00000000..5c489087 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/batch/v1 + +package v1 + +#GroupName: "batch" diff --git a/test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue new file mode 100644 index 00000000..3cbdc66f --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue @@ -0,0 +1,693 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/batch/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" +) + +// All Kubernetes labels need to be prefixed with Kubernetes to distinguish them from end-user labels +// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions +_#labelPrefix: "batch.kubernetes.io/" + +// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job. +// It records the original/expected scheduled timestamp for the running job, represented in RFC3339. +// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled. +#CronJobScheduledTimestampAnnotation: "batch.kubernetes.io/cronjob-scheduled-timestamp" +#JobCompletionIndexAnnotation: "batch.kubernetes.io/job-completion-index" + +// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from +// being deleted before being accounted in the Job status. +// +// Additionally, the apiserver and job controller use this string as a Job +// annotation, to mark Jobs that are being tracked using pod finalizers. +// However, this behavior is deprecated in kubernetes 1.26. This means that, in +// 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the +// apiserver and job controller will ignore this annotation and they will +// always track jobs using finalizers. +#JobTrackingFinalizer: "batch.kubernetes.io/job-tracking" + +// The Job labels will use batch.kubernetes.io as a prefix for all labels +// Historically the job controller uses unprefixed labels for job-name and controller-uid and +// Kubernetes continutes to recognize those unprefixed labels for consistency. +#JobNameLabel: "batch.kubernetes.io/job-name" + +// ControllerUid is used to programatically get pods corresponding to a Job. +// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons. +#ControllerUidLabel: "batch.kubernetes.io/controller-uid" + +// Annotation indicating the number of failures for the index corresponding +// to the pod, which are counted towards the backoff limit. +#JobIndexFailureCountAnnotation: "batch.kubernetes.io/job-index-failure-count" + +// Annotation indicating the number of failures for the index corresponding +// to the pod, which don't count towards the backoff limit, according to the +// pod failure policy. When the annotation is absent zero is implied. +#JobIndexIgnoredFailureCountAnnotation: "batch.kubernetes.io/job-index-ignored-failure-count" + +// Job represents the configuration of a single job. +#Job: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of a job. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) + + // Current status of a job. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #JobStatus @go(Status) @protobuf(3,bytes,opt) +} + +// JobList is a collection of jobs. +#JobList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of Jobs. + items: [...#Job] @go(Items,[]Job) @protobuf(2,bytes,rep) +} + +// CompletionMode specifies how Pod completions of a Job are tracked. +// +enum +#CompletionMode: string // #enumCompletionMode + +#enumCompletionMode: + #NonIndexedCompletion | + #IndexedCompletion + +// NonIndexedCompletion is a Job completion mode. In this mode, the Job is +// considered complete when there have been .spec.completions +// successfully completed Pods. Pod completions are homologous to each other. +#NonIndexedCompletion: #CompletionMode & "NonIndexed" + +// IndexedCompletion is a Job completion mode. In this mode, the Pods of a +// Job get an associated completion index from 0 to (.spec.completions - 1). +// The Job is considered complete when a Pod completes for each completion +// index. +#IndexedCompletion: #CompletionMode & "Indexed" + +// PodFailurePolicyAction specifies how a Pod failure is handled. +// +enum +#PodFailurePolicyAction: string // #enumPodFailurePolicyAction + +#enumPodFailurePolicyAction: + #PodFailurePolicyActionFailJob | + #PodFailurePolicyActionFailIndex | + #PodFailurePolicyActionIgnore | + #PodFailurePolicyActionCount + +// This is an action which might be taken on a pod failure - mark the +// pod's job as Failed and terminate all running pods. +#PodFailurePolicyActionFailJob: #PodFailurePolicyAction & "FailJob" + +// This is an action which might be taken on a pod failure - mark the +// Job's index as failed to avoid restarts within this index. This action +// can only be used when backoffLimitPerIndex is set. +#PodFailurePolicyActionFailIndex: #PodFailurePolicyAction & "FailIndex" + +// This is an action which might be taken on a pod failure - the counter towards +// .backoffLimit, represented by the job's .status.failed field, is not +// incremented and a replacement pod is created. +#PodFailurePolicyActionIgnore: #PodFailurePolicyAction & "Ignore" + +// This is an action which might be taken on a pod failure - the pod failure +// is handled in the default way - the counter towards .backoffLimit, +// represented by the job's .status.failed field, is incremented. +#PodFailurePolicyActionCount: #PodFailurePolicyAction & "Count" + +// +enum +#PodFailurePolicyOnExitCodesOperator: string // #enumPodFailurePolicyOnExitCodesOperator + +#enumPodFailurePolicyOnExitCodesOperator: + #PodFailurePolicyOnExitCodesOpIn | + #PodFailurePolicyOnExitCodesOpNotIn + +#PodFailurePolicyOnExitCodesOpIn: #PodFailurePolicyOnExitCodesOperator & "In" +#PodFailurePolicyOnExitCodesOpNotIn: #PodFailurePolicyOnExitCodesOperator & "NotIn" + +// PodReplacementPolicy specifies the policy for creating pod replacements. +// +enum +#PodReplacementPolicy: string // #enumPodReplacementPolicy + +#enumPodReplacementPolicy: + #TerminatingOrFailed | + #Failed + +// TerminatingOrFailed means that we recreate pods +// when they are terminating (has a metadata.deletionTimestamp) or failed. +#TerminatingOrFailed: #PodReplacementPolicy & "TerminatingOrFailed" + +// Failed means to wait until a previously created Pod is fully terminated (has phase +// Failed or Succeeded) before creating a replacement Pod. +#Failed: #PodReplacementPolicy & "Failed" + +// PodFailurePolicyOnExitCodesRequirement describes the requirement for handling +// a failed pod based on its container exit codes. In particular, it lookups the +// .state.terminated.exitCode for each app container and init container status, +// represented by the .status.containerStatuses and .status.initContainerStatuses +// fields in the Pod status, respectively. Containers completed with success +// (exit code 0) are excluded from the requirement check. +#PodFailurePolicyOnExitCodesRequirement: { + // Restricts the check for exit codes to the container with the + // specified name. When null, the rule applies to all containers. + // When specified, it should match one the container or initContainer + // names in the pod template. + // +optional + containerName?: null | string @go(ContainerName,*string) @protobuf(1,bytes,opt) + + // Represents the relationship between the container exit code(s) and the + // specified values. Containers completed with success (exit code 0) are + // excluded from the requirement check. Possible values are: + // + // - In: the requirement is satisfied if at least one container exit code + // (might be multiple if there are multiple containers not restricted + // by the 'containerName' field) is in the set of specified values. + // - NotIn: the requirement is satisfied if at least one container exit code + // (might be multiple if there are multiple containers not restricted + // by the 'containerName' field) is not in the set of specified values. + // Additional values are considered to be added in the future. Clients should + // react to an unknown operator by assuming the requirement is not satisfied. + operator: #PodFailurePolicyOnExitCodesOperator @go(Operator) @protobuf(2,bytes,req) + + // Specifies the set of values. Each returned container exit code (might be + // multiple in case of multiple containers) is checked against this set of + // values with respect to the operator. The list of values must be ordered + // and must not contain duplicates. Value '0' cannot be used for the In operator. + // At least one element is required. At most 255 elements are allowed. + // +listType=set + values: [...int32] @go(Values,[]int32) @protobuf(3,varint,rep) +} + +// PodFailurePolicyOnPodConditionsPattern describes a pattern for matching +// an actual pod condition type. +#PodFailurePolicyOnPodConditionsPattern: { + // Specifies the required Pod condition type. To match a pod condition + // it is required that specified type equals the pod condition type. + type: corev1.#PodConditionType @go(Type) @protobuf(1,bytes,req) + + // Specifies the required Pod condition status. To match a pod condition + // it is required that the specified status equals the pod condition status. + // Defaults to True. + status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,req) +} + +// PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. +// One of onExitCodes and onPodConditions, but not both, can be used in each rule. +#PodFailurePolicyRule: { + // Specifies the action taken on a pod failure when the requirements are satisfied. + // Possible values are: + // + // - FailJob: indicates that the pod's job is marked as Failed and all + // running pods are terminated. + // - FailIndex: indicates that the pod's index is marked as Failed and will + // not be restarted. + // This value is alpha-level. It can be used when the + // `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default). + // - Ignore: indicates that the counter towards the .backoffLimit is not + // incremented and a replacement pod is created. + // - Count: indicates that the pod is handled in the default way - the + // counter towards the .backoffLimit is incremented. + // Additional values are considered to be added in the future. Clients should + // react to an unknown action by skipping the rule. + action: #PodFailurePolicyAction @go(Action) @protobuf(1,bytes,req) + + // Represents the requirement on the container exit codes. + // +optional + onExitCodes?: null | #PodFailurePolicyOnExitCodesRequirement @go(OnExitCodes,*PodFailurePolicyOnExitCodesRequirement) @protobuf(2,bytes,opt) + + // Represents the requirement on the pod conditions. The requirement is represented + // as a list of pod condition patterns. The requirement is satisfied if at + // least one pattern matches an actual pod condition. At most 20 elements are allowed. + // +listType=atomic + // +optional + onPodConditions: [...#PodFailurePolicyOnPodConditionsPattern] @go(OnPodConditions,[]PodFailurePolicyOnPodConditionsPattern) @protobuf(3,bytes,opt) +} + +// PodFailurePolicy describes how failed pods influence the backoffLimit. +#PodFailurePolicy: { + // A list of pod failure policy rules. The rules are evaluated in order. + // Once a rule matches a Pod failure, the remaining of the rules are ignored. + // When no rule matches the Pod failure, the default handling applies - the + // counter of pod failures is incremented and it is checked against + // the backoffLimit. At most 20 elements are allowed. + // +listType=atomic + rules: [...#PodFailurePolicyRule] @go(Rules,[]PodFailurePolicyRule) @protobuf(1,bytes,opt) +} + +// JobSpec describes how the job execution will look like. +#JobSpec: { + // Specifies the maximum desired number of pods the job should + // run at any given time. The actual number of pods running in steady state will + // be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), + // i.e. when the work left to do is less than max parallelism. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + // +optional + parallelism?: null | int32 @go(Parallelism,*int32) @protobuf(1,varint,opt) + + // Specifies the desired number of successfully finished pods the + // job should be run with. Setting to null means that the success of any + // pod signals the success of all pods, and allows parallelism to have any positive + // value. Setting to 1 means that parallelism is limited to 1 and the success of that + // pod signals the success of the job. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + // +optional + completions?: null | int32 @go(Completions,*int32) @protobuf(2,varint,opt) + + // Specifies the duration in seconds relative to the startTime that the job + // may be continuously active before the system tries to terminate it; value + // must be positive integer. If a Job is suspended (at creation or through an + // update), this timer will effectively be stopped and reset when the Job is + // resumed again. + // +optional + activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(3,varint,opt) + + // Specifies the policy of handling failed pods. In particular, it allows to + // specify the set of actions and conditions which need to be + // satisfied to take the associated action. + // If empty, the default behaviour applies - the counter of failed pods, + // represented by the jobs's .status.failed field, is incremented and it is + // checked against the backoffLimit. This field cannot be used in combination + // with restartPolicy=OnFailure. + // + // This field is beta-level. It can be used when the `JobPodFailurePolicy` + // feature gate is enabled (enabled by default). + // +optional + podFailurePolicy?: null | #PodFailurePolicy @go(PodFailurePolicy,*PodFailurePolicy) @protobuf(11,bytes,opt) + + // Specifies the number of retries before marking this job failed. + // Defaults to 6 + // +optional + backoffLimit?: null | int32 @go(BackoffLimit,*int32) @protobuf(7,varint,opt) + + // Specifies the limit for the number of retries within an + // index before marking this index as failed. When enabled the number of + // failures per index is kept in the pod's + // batch.kubernetes.io/job-index-failure-count annotation. It can only + // be set when Job's completionMode=Indexed, and the Pod's restart + // policy is Never. The field is immutable. + // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` + // feature gate is enabled (disabled by default). + // +optional + backoffLimitPerIndex?: null | int32 @go(BackoffLimitPerIndex,*int32) @protobuf(12,varint,opt) + + // Specifies the maximal number of failed indexes before marking the Job as + // failed, when backoffLimitPerIndex is set. Once the number of failed + // indexes exceeds this number the entire Job is marked as Failed and its + // execution is terminated. When left as null the job continues execution of + // all of its indexes and is marked with the `Complete` Job condition. + // It can only be specified when backoffLimitPerIndex is set. + // It can be null or up to completions. It is required and must be + // less than or equal to 10^4 when is completions greater than 10^5. + // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` + // feature gate is enabled (disabled by default). + // +optional + maxFailedIndexes?: null | int32 @go(MaxFailedIndexes,*int32) @protobuf(13,varint,opt) + + // A label query over pods that should match the pod count. + // Normally, the system sets this field for you. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) + + // manualSelector controls generation of pod labels and pod selectors. + // Leave `manualSelector` unset unless you are certain what you are doing. + // When false or unset, the system pick labels unique to this job + // and appends those labels to the pod template. When true, + // the user is responsible for picking unique labels and specifying + // the selector. Failure to pick a unique label may cause this + // and other jobs to not function correctly. However, You may see + // `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` + // API. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector + // +optional + manualSelector?: null | bool @go(ManualSelector,*bool) @protobuf(5,varint,opt) + + // Describes the pod that will be created when executing a job. + // The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + template: corev1.#PodTemplateSpec @go(Template) @protobuf(6,bytes,opt) + + // ttlSecondsAfterFinished limits the lifetime of a Job that has finished + // execution (either Complete or Failed). If this field is set, + // ttlSecondsAfterFinished after the Job finishes, it is eligible to be + // automatically deleted. When the Job is being deleted, its lifecycle + // guarantees (e.g. finalizers) will be honored. If this field is unset, + // the Job won't be automatically deleted. If this field is set to zero, + // the Job becomes eligible to be deleted immediately after it finishes. + // +optional + ttlSecondsAfterFinished?: null | int32 @go(TTLSecondsAfterFinished,*int32) @protobuf(8,varint,opt) + + // completionMode specifies how Pod completions are tracked. It can be + // `NonIndexed` (default) or `Indexed`. + // + // `NonIndexed` means that the Job is considered complete when there have + // been .spec.completions successfully completed Pods. Each Pod completion is + // homologous to each other. + // + // `Indexed` means that the Pods of a + // Job get an associated completion index from 0 to (.spec.completions - 1), + // available in the annotation batch.kubernetes.io/job-completion-index. + // The Job is considered complete when there is one successfully completed Pod + // for each index. + // When value is `Indexed`, .spec.completions must be specified and + // `.spec.parallelism` must be less than or equal to 10^5. + // In addition, The Pod name takes the form + // `$(job-name)-$(index)-$(random-string)`, + // the Pod hostname takes the form `$(job-name)-$(index)`. + // + // More completion modes can be added in the future. + // If the Job controller observes a mode that it doesn't recognize, which + // is possible during upgrades due to version skew, the controller + // skips updates for the Job. + // +optional + completionMode?: null | #CompletionMode @go(CompletionMode,*CompletionMode) @protobuf(9,bytes,opt,casttype=CompletionMode) + + // suspend specifies whether the Job controller should create Pods or not. If + // a Job is created with suspend set to true, no Pods are created by the Job + // controller. If a Job is suspended after creation (i.e. the flag goes from + // false to true), the Job controller will delete all active Pods associated + // with this Job. Users must design their workload to gracefully handle this. + // Suspending a Job will reset the StartTime field of the Job, effectively + // resetting the ActiveDeadlineSeconds timer too. Defaults to false. + // + // +optional + suspend?: null | bool @go(Suspend,*bool) @protobuf(10,varint,opt) + + // podReplacementPolicy specifies when to create replacement Pods. + // Possible values are: + // - TerminatingOrFailed means that we recreate pods + // when they are terminating (has a metadata.deletionTimestamp) or failed. + // - Failed means to wait until a previously created Pod is fully terminated (has phase + // Failed or Succeeded) before creating a replacement Pod. + // + // When using podFailurePolicy, Failed is the the only allowed value. + // TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. + // This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field. + // +optional + podReplacementPolicy?: null | #PodReplacementPolicy @go(PodReplacementPolicy,*PodReplacementPolicy) @protobuf(14,bytes,opt,casttype=podReplacementPolicy) +} + +// JobStatus represents the current state of a Job. +#JobStatus: { + // The latest available observations of an object's current state. When a Job + // fails, one of the conditions will have type "Failed" and status true. When + // a Job is suspended, one of the conditions will have type "Suspended" and + // status true; when the Job is resumed, the status of this condition will + // become false. When a Job is completed, one of the conditions will have + // type "Complete" and status true. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=atomic + conditions?: [...#JobCondition] @go(Conditions,[]JobCondition) @protobuf(1,bytes,rep) + + // Represents time when the job controller started processing a job. When a + // Job is created in the suspended state, this field is not set until the + // first time it is resumed. This field is reset every time a Job is resumed + // from suspension. It is represented in RFC3339 form and is in UTC. + // +optional + startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(2,bytes,opt) + + // Represents time when the job was completed. It is not guaranteed to + // be set in happens-before order across separate operations. + // It is represented in RFC3339 form and is in UTC. + // The completion time is only set when the job finishes successfully. + // +optional + completionTime?: null | metav1.#Time @go(CompletionTime,*metav1.Time) @protobuf(3,bytes,opt) + + // The number of pending and running pods. + // +optional + active?: int32 @go(Active) @protobuf(4,varint,opt) + + // The number of pods which reached phase Succeeded. + // +optional + succeeded?: int32 @go(Succeeded) @protobuf(5,varint,opt) + + // The number of pods which reached phase Failed. + // +optional + failed?: int32 @go(Failed) @protobuf(6,varint,opt) + + // The number of pods which are terminating (in phase Pending or Running + // and have a deletionTimestamp). + // + // This field is alpha-level. The job controller populates the field when + // the feature gate JobPodReplacementPolicy is enabled (disabled by default). + // +optional + terminating?: null | int32 @go(Terminating,*int32) @protobuf(11,varint,opt) + + // completedIndexes holds the completed indexes when .spec.completionMode = + // "Indexed" in a text format. The indexes are represented as decimal integers + // separated by commas. The numbers are listed in increasing order. Three or + // more consecutive numbers are compressed and represented by the first and + // last element of the series, separated by a hyphen. + // For example, if the completed indexes are 1, 3, 4, 5 and 7, they are + // represented as "1,3-5,7". + // +optional + completedIndexes?: string @go(CompletedIndexes) @protobuf(7,bytes,opt) + + // FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. + // The indexes are represented in the text format analogous as for the + // `completedIndexes` field, ie. they are kept as decimal integers + // separated by commas. The numbers are listed in increasing order. Three or + // more consecutive numbers are compressed and represented by the first and + // last element of the series, separated by a hyphen. + // For example, if the failed indexes are 1, 3, 4, 5 and 7, they are + // represented as "1,3-5,7". + // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` + // feature gate is enabled (disabled by default). + // +optional + failedIndexes?: null | string @go(FailedIndexes,*string) @protobuf(10,bytes,opt) + + // uncountedTerminatedPods holds the UIDs of Pods that have terminated but + // the job controller hasn't yet accounted for in the status counters. + // + // The job controller creates pods with a finalizer. When a pod terminates + // (succeeded or failed), the controller does three steps to account for it + // in the job status: + // + // 1. Add the pod UID to the arrays in this field. + // 2. Remove the pod finalizer. + // 3. Remove the pod UID from the arrays while increasing the corresponding + // counter. + // + // Old jobs might not be tracked using this field, in which case the field + // remains null. + // +optional + uncountedTerminatedPods?: null | #UncountedTerminatedPods @go(UncountedTerminatedPods,*UncountedTerminatedPods) @protobuf(8,bytes,opt) + + // The number of pods which have a Ready condition. + // + // This field is beta-level. The job controller populates the field when + // the feature gate JobReadyPods is enabled (enabled by default). + // +optional + ready?: null | int32 @go(Ready,*int32) @protobuf(9,varint,opt) +} + +// UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't +// been accounted in Job status counters. +#UncountedTerminatedPods: { + // succeeded holds UIDs of succeeded Pods. + // +listType=set + // +optional + succeeded?: [...types.#UID] @go(Succeeded,[]types.UID) @protobuf(1,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) + + // failed holds UIDs of failed Pods. + // +listType=set + // +optional + failed?: [...types.#UID] @go(Failed,[]types.UID) @protobuf(2,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) +} + +#JobConditionType: string // #enumJobConditionType + +#enumJobConditionType: + #JobSuspended | + #JobComplete | + #JobFailed | + #JobFailureTarget + +// JobSuspended means the job has been suspended. +#JobSuspended: #JobConditionType & "Suspended" + +// JobComplete means the job has completed its execution. +#JobComplete: #JobConditionType & "Complete" + +// JobFailed means the job has failed its execution. +#JobFailed: #JobConditionType & "Failed" + +// FailureTarget means the job is about to fail its execution. +#JobFailureTarget: #JobConditionType & "FailureTarget" + +// JobCondition describes current state of a job. +#JobCondition: { + // Type of job condition, Complete or Failed. + type: #JobConditionType @go(Type) @protobuf(1,bytes,opt,casttype=JobConditionType) + + // Status of the condition, one of True, False, Unknown. + status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // Last time the condition was checked. + // +optional + lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) + + // Last time the condition transit from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // (brief) reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // Human readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// JobTemplateSpec describes the data a Job should have when created from a template +#JobTemplateSpec: { + // Standard object's metadata of the jobs created from this template. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the job. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// CronJob represents the configuration of a single cron job. +#CronJob: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of a cron job, including the schedule. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #CronJobSpec @go(Spec) @protobuf(2,bytes,opt) + + // Current status of a cron job. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #CronJobStatus @go(Status) @protobuf(3,bytes,opt) +} + +// CronJobList is a collection of cron jobs. +#CronJobList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of CronJobs. + items: [...#CronJob] @go(Items,[]CronJob) @protobuf(2,bytes,rep) +} + +// CronJobSpec describes how the job execution will look like and when it will actually run. +#CronJobSpec: { + // The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. + schedule: string @go(Schedule) @protobuf(1,bytes,opt) + + // The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. + // If not specified, this will default to the time zone of the kube-controller-manager process. + // The set of valid time zone names and the time zone offset is loaded from the system-wide time zone + // database by the API server during CronJob validation and the controller manager during execution. + // If no system-wide time zone database can be found a bundled version of the database is used instead. + // If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host + // configuration, the controller will stop creating new new Jobs and will create a system event with the + // reason UnknownTimeZone. + // More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones + // +optional + timeZone?: null | string @go(TimeZone,*string) @protobuf(8,bytes,opt) + + // Optional deadline in seconds for starting the job if it misses scheduled + // time for any reason. Missed jobs executions will be counted as failed ones. + // +optional + startingDeadlineSeconds?: null | int64 @go(StartingDeadlineSeconds,*int64) @protobuf(2,varint,opt) + + // Specifies how to treat concurrent executions of a Job. + // Valid values are: + // + // - "Allow" (default): allows CronJobs to run concurrently; + // - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; + // - "Replace": cancels currently running job and replaces it with a new one + // +optional + concurrencyPolicy?: #ConcurrencyPolicy @go(ConcurrencyPolicy) @protobuf(3,bytes,opt,casttype=ConcurrencyPolicy) + + // This flag tells the controller to suspend subsequent executions, it does + // not apply to already started executions. Defaults to false. + // +optional + suspend?: null | bool @go(Suspend,*bool) @protobuf(4,varint,opt) + + // Specifies the job that will be created when executing a CronJob. + jobTemplate: #JobTemplateSpec @go(JobTemplate) @protobuf(5,bytes,opt) + + // The number of successful finished jobs to retain. Value must be non-negative integer. + // Defaults to 3. + // +optional + successfulJobsHistoryLimit?: null | int32 @go(SuccessfulJobsHistoryLimit,*int32) @protobuf(6,varint,opt) + + // The number of failed finished jobs to retain. Value must be non-negative integer. + // Defaults to 1. + // +optional + failedJobsHistoryLimit?: null | int32 @go(FailedJobsHistoryLimit,*int32) @protobuf(7,varint,opt) +} + +// ConcurrencyPolicy describes how the job will be handled. +// Only one of the following concurrent policies may be specified. +// If none of the following policies is specified, the default one +// is AllowConcurrent. +// +enum +#ConcurrencyPolicy: string // #enumConcurrencyPolicy + +#enumConcurrencyPolicy: + #AllowConcurrent | + #ForbidConcurrent | + #ReplaceConcurrent + +// AllowConcurrent allows CronJobs to run concurrently. +#AllowConcurrent: #ConcurrencyPolicy & "Allow" + +// ForbidConcurrent forbids concurrent runs, skipping next run if previous +// hasn't finished yet. +#ForbidConcurrent: #ConcurrencyPolicy & "Forbid" + +// ReplaceConcurrent cancels currently running job and replaces it with a new one. +#ReplaceConcurrent: #ConcurrencyPolicy & "Replace" + +// CronJobStatus represents the current state of a cron job. +#CronJobStatus: { + // A list of pointers to currently running jobs. + // +optional + // +listType=atomic + active?: [...corev1.#ObjectReference] @go(Active,[]corev1.ObjectReference) @protobuf(1,bytes,rep) + + // Information when was the last time the job was successfully scheduled. + // +optional + lastScheduleTime?: null | metav1.#Time @go(LastScheduleTime,*metav1.Time) @protobuf(4,bytes,opt) + + // Information when was the last time the job successfully completed. + // +optional + lastSuccessfulTime?: null | metav1.#Time @go(LastSuccessfulTime,*metav1.Time) @protobuf(5,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue new file mode 100644 index 00000000..f2ce3436 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/certificates/v1 + +package v1 + +#GroupName: "certificates.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue new file mode 100644 index 00000000..401ca5c9 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue @@ -0,0 +1,318 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/certificates/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/api/core/v1" +) + +// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates +// by submitting a certificate signing request, and having it asynchronously approved and issued. +// +// Kubelets use this API to obtain: +// 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName). +// 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName). +// +// This API can be used to request client certificates to authenticate to kube-apiserver +// (with the "kubernetes.io/kube-apiserver-client" signerName), +// or to obtain certificates from custom non-Kubernetes signers. +#CertificateSigningRequest: { + metav1.#TypeMeta + + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec contains the certificate request, and is immutable after creation. + // Only the request, signerName, expirationSeconds, and usages fields can be set on creation. + // Other fields are derived by Kubernetes and cannot be modified by users. + spec: #CertificateSigningRequestSpec @go(Spec) @protobuf(2,bytes,opt) + + // status contains information about whether the request is approved or denied, + // and the certificate issued by the signer, or the failure condition indicating signer failure. + // +optional + status?: #CertificateSigningRequestStatus @go(Status) @protobuf(3,bytes,opt) +} + +// CertificateSigningRequestSpec contains the certificate request. +#CertificateSigningRequestSpec: { + // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. + // When serialized as JSON or YAML, the data is additionally base64-encoded. + // +listType=atomic + request: bytes @go(Request,[]byte) @protobuf(1,bytes,opt) + + // signerName indicates the requested signer, and is a qualified name. + // + // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. + // + // Well-known Kubernetes signers are: + // 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. + // Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. + // 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. + // Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. + // 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. + // Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. + // + // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers + // + // Custom signerNames can also be specified. The signer defines: + // 1. Trust distribution: how trust (CA bundles) are distributed. + // 2. Permitted subjects: and behavior when a disallowed subject is requested. + // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. + // 4. Required, permitted, or forbidden key usages / extended key usages. + // 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. + // 6. Whether or not requests for CA certificates are allowed. + signerName: string @go(SignerName) @protobuf(7,bytes,opt) + + // expirationSeconds is the requested duration of validity of the issued + // certificate. The certificate signer may issue a certificate with a different + // validity duration so a client must check the delta between the notBefore and + // and notAfter fields in the issued certificate to determine the actual duration. + // + // The v1.22+ in-tree implementations of the well-known Kubernetes signers will + // honor this field as long as the requested duration is not greater than the + // maximum duration they will honor per the --cluster-signing-duration CLI + // flag to the Kubernetes controller manager. + // + // Certificate signers may not honor this field for various reasons: + // + // 1. Old signer that is unaware of the field (such as the in-tree + // implementations prior to v1.22) + // 2. Signer whose configured maximum is shorter than the requested duration + // 3. Signer whose configured minimum is longer than the requested duration + // + // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. + // + // +optional + expirationSeconds?: null | int32 @go(ExpirationSeconds,*int32) @protobuf(8,varint,opt) + + // usages specifies a set of key usages requested in the issued certificate. + // + // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". + // + // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". + // + // Valid values are: + // "signing", "digital signature", "content commitment", + // "key encipherment", "key agreement", "data encipherment", + // "cert sign", "crl sign", "encipher only", "decipher only", "any", + // "server auth", "client auth", + // "code signing", "email protection", "s/mime", + // "ipsec end system", "ipsec tunnel", "ipsec user", + // "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" + // +listType=atomic + usages?: [...#KeyUsage] @go(Usages,[]KeyUsage) @protobuf(5,bytes,opt) + + // username contains the name of the user that created the CertificateSigningRequest. + // Populated by the API server on creation and immutable. + // +optional + username?: string @go(Username) @protobuf(2,bytes,opt) + + // uid contains the uid of the user that created the CertificateSigningRequest. + // Populated by the API server on creation and immutable. + // +optional + uid?: string @go(UID) @protobuf(3,bytes,opt) + + // groups contains group membership of the user that created the CertificateSigningRequest. + // Populated by the API server on creation and immutable. + // +listType=atomic + // +optional + groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) + + // extra contains extra attributes of the user that created the CertificateSigningRequest. + // Populated by the API server on creation and immutable. + // +optional + extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(6,bytes,rep) +} + +// "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver. +// Never auto-approved by kube-controller-manager. +// Can be issued by the "csrsigning" controller in kube-controller-manager. +#KubeAPIServerClientSignerName: "kubernetes.io/kube-apiserver-client" + +// "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver. +// Can be auto-approved by the "csrapproving" controller in kube-controller-manager. +// Can be issued by the "csrsigning" controller in kube-controller-manager. +#KubeAPIServerClientKubeletSignerName: "kubernetes.io/kube-apiserver-client-kubelet" + +// "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, +// which kube-apiserver can connect to securely. +// Never auto-approved by kube-controller-manager. +// Can be issued by the "csrsigning" controller in kube-controller-manager. +#KubeletServingSignerName: "kubernetes.io/kubelet-serving" + +// ExtraValue masks the value so protobuf can generate +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +#ExtraValue: [...string] + +// CertificateSigningRequestStatus contains conditions used to indicate +// approved/denied/failed status of the request, and the issued certificate. +#CertificateSigningRequestStatus: { + // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed". + // +listType=map + // +listMapKey=type + // +optional + conditions?: [...#CertificateSigningRequestCondition] @go(Conditions,[]CertificateSigningRequestCondition) @protobuf(1,bytes,rep) + + // certificate is populated with an issued certificate by the signer after an Approved condition is present. + // This field is set via the /status subresource. Once populated, this field is immutable. + // + // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. + // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. + // + // Validation requirements: + // 1. certificate must contain one or more PEM blocks. + // 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data + // must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280. + // 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated, + // to allow for explanatory text as described in section 5.2 of RFC7468. + // + // If more than one PEM block is present, and the definition of the requested spec.signerName + // does not indicate otherwise, the first block is the issued certificate, + // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. + // + // The certificate is encoded in PEM format. + // + // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of: + // + // base64( + // -----BEGIN CERTIFICATE----- + // ... + // -----END CERTIFICATE----- + // ) + // + // +listType=atomic + // +optional + certificate?: bytes @go(Certificate,[]byte) @protobuf(2,bytes,opt) +} + +// RequestConditionType is the type of a CertificateSigningRequestCondition +#RequestConditionType: string // #enumRequestConditionType + +#enumRequestConditionType: + #CertificateApproved | + #CertificateDenied | + #CertificateFailed + +// Approved indicates the request was approved and should be issued by the signer. +#CertificateApproved: #RequestConditionType & "Approved" + +// Denied indicates the request was denied and should not be issued by the signer. +#CertificateDenied: #RequestConditionType & "Denied" + +// Failed indicates the signer failed to issue the certificate. +#CertificateFailed: #RequestConditionType & "Failed" + +// CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object +#CertificateSigningRequestCondition: { + // type of the condition. Known conditions are "Approved", "Denied", and "Failed". + // + // An "Approved" condition is added via the /approval subresource, + // indicating the request was approved and should be issued by the signer. + // + // A "Denied" condition is added via the /approval subresource, + // indicating the request was denied and should not be issued by the signer. + // + // A "Failed" condition is added via the /status subresource, + // indicating the signer failed to issue the certificate. + // + // Approved and Denied conditions are mutually exclusive. + // Approved, Denied, and Failed conditions cannot be removed once added. + // + // Only one condition of a given type is allowed. + type: #RequestConditionType @go(Type) @protobuf(1,bytes,opt,casttype=RequestConditionType) + + // status of the condition, one of True, False, Unknown. + // Approved, Denied, and Failed conditions may not be "False" or "Unknown". + status: v1.#ConditionStatus @go(Status) @protobuf(6,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // reason indicates a brief reason for the request state + // +optional + reason?: string @go(Reason) @protobuf(2,bytes,opt) + + // message contains a human readable message with details about the request state + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // lastUpdateTime is the time of the last update to this condition + // +optional + lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(4,bytes,opt) + + // lastTransitionTime is the time the condition last transitioned from one status to another. + // If unset, when a new condition type is added or an existing condition's status is changed, + // the server defaults this to the current time. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(5,bytes,opt) +} + +// CertificateSigningRequestList is a collection of CertificateSigningRequest objects +#CertificateSigningRequestList: { + metav1.#TypeMeta + + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a collection of CertificateSigningRequest objects + items: [...#CertificateSigningRequest] @go(Items,[]CertificateSigningRequest) @protobuf(2,bytes,rep) +} + +// KeyUsage specifies valid usage contexts for keys. +// See: +// +// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 +// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 +// +// +enum +#KeyUsage: string // #enumKeyUsage + +#enumKeyUsage: + #UsageSigning | + #UsageDigitalSignature | + #UsageContentCommitment | + #UsageKeyEncipherment | + #UsageKeyAgreement | + #UsageDataEncipherment | + #UsageCertSign | + #UsageCRLSign | + #UsageEncipherOnly | + #UsageDecipherOnly | + #UsageAny | + #UsageServerAuth | + #UsageClientAuth | + #UsageCodeSigning | + #UsageEmailProtection | + #UsageSMIME | + #UsageIPsecEndSystem | + #UsageIPsecTunnel | + #UsageIPsecUser | + #UsageTimestamping | + #UsageOCSPSigning | + #UsageMicrosoftSGC | + #UsageNetscapeSGC + +#UsageSigning: #KeyUsage & "signing" +#UsageDigitalSignature: #KeyUsage & "digital signature" +#UsageContentCommitment: #KeyUsage & "content commitment" +#UsageKeyEncipherment: #KeyUsage & "key encipherment" +#UsageKeyAgreement: #KeyUsage & "key agreement" +#UsageDataEncipherment: #KeyUsage & "data encipherment" +#UsageCertSign: #KeyUsage & "cert sign" +#UsageCRLSign: #KeyUsage & "crl sign" +#UsageEncipherOnly: #KeyUsage & "encipher only" +#UsageDecipherOnly: #KeyUsage & "decipher only" +#UsageAny: #KeyUsage & "any" +#UsageServerAuth: #KeyUsage & "server auth" +#UsageClientAuth: #KeyUsage & "client auth" +#UsageCodeSigning: #KeyUsage & "code signing" +#UsageEmailProtection: #KeyUsage & "email protection" +#UsageSMIME: #KeyUsage & "s/mime" +#UsageIPsecEndSystem: #KeyUsage & "ipsec end system" +#UsageIPsecTunnel: #KeyUsage & "ipsec tunnel" +#UsageIPsecUser: #KeyUsage & "ipsec user" +#UsageTimestamping: #KeyUsage & "timestamping" +#UsageOCSPSigning: #KeyUsage & "ocsp signing" +#UsageMicrosoftSGC: #KeyUsage & "microsoft sgc" +#UsageNetscapeSGC: #KeyUsage & "netscape sgc" diff --git a/test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue new file mode 100644 index 00000000..d0a257d5 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/coordination/v1 + +package v1 + +#GroupName: "coordination.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue new file mode 100644 index 00000000..de2c7412 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue @@ -0,0 +1,61 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/coordination/v1 + +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// Lease defines a lease concept. +#Lease: { + metav1.#TypeMeta + + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec contains the specification of the Lease. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #LeaseSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// LeaseSpec is a specification of a Lease. +#LeaseSpec: { + // holderIdentity contains the identity of the holder of a current lease. + // +optional + holderIdentity?: null | string @go(HolderIdentity,*string) @protobuf(1,bytes,opt) + + // leaseDurationSeconds is a duration that candidates for a lease need + // to wait to force acquire it. This is measure against time of last + // observed renewTime. + // +optional + leaseDurationSeconds?: null | int32 @go(LeaseDurationSeconds,*int32) @protobuf(2,varint,opt) + + // acquireTime is a time when the current lease was acquired. + // +optional + acquireTime?: null | metav1.#MicroTime @go(AcquireTime,*metav1.MicroTime) @protobuf(3,bytes,opt) + + // renewTime is a time when the current holder of a lease has last + // updated the lease. + // +optional + renewTime?: null | metav1.#MicroTime @go(RenewTime,*metav1.MicroTime) @protobuf(4,bytes,opt) + + // leaseTransitions is the number of transitions of a lease between + // holders. + // +optional + leaseTransitions?: null | int32 @go(LeaseTransitions,*int32) @protobuf(5,varint,opt) +} + +// LeaseList is a list of Lease objects. +#LeaseList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of schema objects. + items: [...#Lease] @go(Items,[]Lease) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue new file mode 100644 index 00000000..3a302790 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue @@ -0,0 +1,147 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy +// webhook backend fails. +#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" + +// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods +#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" + +// TolerationsAnnotationKey represents the key of tolerations data (json serialized) +// in the Annotations of a Pod. +#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" + +// TaintsAnnotationKey represents the key of taints data (json serialized) +// in the Annotations of a Node. +#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" + +// SeccompPodAnnotationKey represents the key of a seccomp profile applied +// to all containers of a pod. +// Deprecated: set a pod security context `seccompProfile` field. +#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" + +// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied +// to one container of a pod. +// Deprecated: set a container security context `seccompProfile` field. +#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" + +// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. +// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. +#SeccompProfileRuntimeDefault: "runtime/default" + +// SeccompProfileNameUnconfined is the unconfined seccomp profile. +#SeccompProfileNameUnconfined: "unconfined" + +// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. +#SeccompLocalhostProfileNamePrefix: "localhost/" + +// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. +#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" + +// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. +#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" + +// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. +#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" + +// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. +#AppArmorBetaProfileRuntimeDefault: "runtime/default" + +// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. +#AppArmorBetaProfileNamePrefix: "localhost/" + +// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile +#AppArmorBetaProfileNameUnconfined: "unconfined" + +// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. +// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. +#DeprecatedSeccompProfileDockerDefault: "docker/default" + +// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) +// in the Annotations of a Node. +#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" + +// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache +// an object (e.g. secret, config map) before fetching it again from apiserver. +// This annotation can be attached to node. +#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" + +// annotation key prefix used to identify non-convertible json paths. +#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" +_#kubectlPrefix: "kubectl.kubernetes.io/" + +// LastAppliedConfigAnnotation is the annotation used to store the previous +// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. +#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" + +// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers +// +// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to +// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow +// access only from the CIDRs currently allocated to MIT & the USPS. +// +// Not all cloud providers support this annotation, though AWS & GCE do. +#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" + +// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that +// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') +// of the last change, of some Pod or Service object, that triggered the endpoints object change. +// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints +// controller at T1, and the Endpoints object was changed at T2, the +// EndpointsLastChangeTriggerTime would be set to T0. +// +// The "endpoints change trigger" here means any Pod or Service change that resulted in the +// Endpoints object change. +// +// Given the definition of the "endpoints change trigger", please note that this annotation will +// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the +// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's +// already set). +// +// This annotation will be used to compute the in-cluster network programming latency SLI, see +// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md +#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" + +// EndpointsOverCapacity will be set on an Endpoints resource when it +// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints +// controller will set this annotation with a value of "warning". In a +// future release, the controller may set this annotation with a value of +// "truncated" to indicate that any addresses exceeding the limit of 1000 +// have been truncated from the Endpoints resource. +#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" + +// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated +// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. +// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or +// CSI Backend for a volume plugin on a specific node. +#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" + +// PodDeletionCost can be used to set to an int32 that represent the cost of deleting +// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower +// deletion cost are preferred to be deleted before pods with higher deletion cost. +// Note that this is honored on a best-effort basis, and so it does not offer guarantees on +// pod deletion order. +// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. +// +// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. +#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" + +// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable +// Topology Aware Hints for a Service. This may be set to "Auto" or +// "Disabled". Any other value is treated as "Disabled". This annotation has +// been deprecated in favor of the "service.kubernetes.io/topology-mode" +// annotation. +#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" + +// AnnotationTopologyMode can be used to enable or disable Topology Aware +// Routing for a Service. Well known values are "Auto" and "Disabled". +// Implementations may choose to develop new topology approaches, exposing +// them with domain-prefixed values. For example, "example.com/lowest-rtt" +// could be a valid implementation-specific value for this annotation. These +// heuristics will often populate topology hints on EndpointSlices, but that +// is not a requirement. +#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue new file mode 100644 index 00000000..2bf1afce --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue @@ -0,0 +1,6 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +// Package v1 is the v1 version of the core API. +package v1 diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue new file mode 100644 index 00000000..29c24abc --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +#GroupName: "" diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue new file mode 100644 index 00000000..d87edcff --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue @@ -0,0 +1,7617 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/apimachinery/pkg/types" +) + +// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients +#NamespaceDefault: "default" + +// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces +#NamespaceAll: "" + +// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) +#NamespaceNodeLease: "kube-node-lease" + +// Volume represents a named volume in a pod that may be accessed by any container in the pod. +#Volume: { + // name of the volume. + // Must be a DNS_LABEL and unique within the pod. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + name: string @go(Name) @protobuf(1,bytes,opt) + + #VolumeSource +} + +// Represents the source of a volume to mount. +// Only one of its members may be specified. +#VolumeSource: { + // hostPath represents a pre-existing file or directory on the host + // machine that is directly exposed to the container. This is generally + // used for system agents or other privileged things that are allowed + // to see the host machine. Most containers will NOT need this. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + // --- + // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + // mount host directories as read/write. + // +optional + hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) + + // emptyDir represents a temporary directory that shares a pod's lifetime. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + // +optional + emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) + + // gcePersistentDisk represents a GCE Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) + + // awsElasticBlockStore represents an AWS Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // +optional + awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) + + // gitRepo represents a git repository at a particular revision. + // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + // into the Pod's container. + // +optional + gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) + + // secret represents a secret that should populate this volume. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + // +optional + secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) + + // nfs represents an NFS mount on the host that shares a pod's lifetime + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + // +optional + nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) + + // iscsi represents an ISCSI Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://examples.k8s.io/volumes/iscsi/README.md + // +optional + iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) + + // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md + // +optional + glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) + + // persistentVolumeClaimVolumeSource represents a reference to a + // PersistentVolumeClaim in the same namespace. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + // +optional + persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) + + // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + // More info: https://examples.k8s.io/volumes/rbd/README.md + // +optional + rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) + + // flexVolume represents a generic volume resource that is + // provisioned/attached using an exec based plugin. + // +optional + flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) + + // cinder represents a cinder volume attached and mounted on kubelets host machine. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) + + // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + // +optional + cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) + + // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + // +optional + flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) + + // downwardAPI represents downward API about the pod that should populate this volume + // +optional + downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) + + // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + // +optional + fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) + + // azureFile represents an Azure File Service mount on the host and bind mount to the pod. + // +optional + azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) + + // configMap represents a configMap that should populate this volume + // +optional + configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) + + // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + // +optional + vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) + + // quobyte represents a Quobyte mount on the host that shares a pod's lifetime + // +optional + quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) + + // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + // +optional + azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) + + // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) + + // projected items for all in one resources secrets, configmaps, and downward API + projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) + + // portworxVolume represents a portworx volume attached and mounted on kubelets host machine + // +optional + portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) + + // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + // +optional + scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) + + // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + // +optional + storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) + + // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + // +optional + csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) + + // ephemeral represents a volume that is handled by a cluster storage driver. + // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + // and deleted when the pod is removed. + // + // Use this if: + // a) the volume is only needed while the pod runs, + // b) features of normal volumes like restoring from snapshot or capacity + // tracking are needed, + // c) the storage driver is specified through a storage class, and + // d) the storage driver supports dynamic volume provisioning through + // a PersistentVolumeClaim (see EphemeralVolumeSource for more + // information on the connection between this volume type + // and PersistentVolumeClaim). + // + // Use PersistentVolumeClaim or one of the vendor-specific + // APIs for volumes that persist for longer than the lifecycle + // of an individual pod. + // + // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + // be used that way - see the documentation of the driver for + // more information. + // + // A pod can use both types of ephemeral volumes and + // persistent volumes at the same time. + // + // +optional + ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) +} + +// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. +// This volume finds the bound PV and mounts that volume for the pod. A +// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another +// type of volume that is owned by someone else (the system). +#PersistentVolumeClaimVolumeSource: { + // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + claimName: string @go(ClaimName) @protobuf(1,bytes,opt) + + // readOnly Will force the ReadOnly setting in VolumeMounts. + // Default false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) +} + +// PersistentVolumeSource is similar to VolumeSource but meant for the +// administrator who creates PVs. Exactly one of its members must be set. +#PersistentVolumeSource: { + // gcePersistentDisk represents a GCE Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. Provisioned by an admin. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) + + // awsElasticBlockStore represents an AWS Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // +optional + awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) + + // hostPath represents a directory on the host. + // Provisioned by a developer or tester. + // This is useful for single-node development and testing only! + // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + // +optional + hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) + + // glusterfs represents a Glusterfs volume that is attached to a host and + // exposed to the pod. Provisioned by an admin. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md + // +optional + glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) + + // nfs represents an NFS mount on the host. Provisioned by an admin. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + // +optional + nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) + + // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + // More info: https://examples.k8s.io/volumes/rbd/README.md + // +optional + rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) + + // iscsi represents an ISCSI Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. Provisioned by an admin. + // +optional + iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) + + // cinder represents a cinder volume attached and mounted on kubelets host machine. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) + + // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + // +optional + cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) + + // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + // +optional + fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) + + // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running + // +optional + flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) + + // flexVolume represents a generic volume resource that is + // provisioned/attached using an exec based plugin. + // +optional + flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) + + // azureFile represents an Azure File Service mount on the host and bind mount to the pod. + // +optional + azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) + + // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + // +optional + vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) + + // quobyte represents a Quobyte mount on the host that shares a pod's lifetime + // +optional + quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) + + // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + // +optional + azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) + + // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) + + // portworxVolume represents a portworx volume attached and mounted on kubelets host machine + // +optional + portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) + + // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + // +optional + scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) + + // local represents directly-attached storage with node affinity + // +optional + local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) + + // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod + // More info: https://examples.k8s.io/volumes/storageos/README.md + // +optional + storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) + + // csi represents storage that is handled by an external CSI driver (Beta feature). + // +optional + csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) +} + +// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. +// It's currently still used and will be held for backwards compatibility +#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" + +// MountOptionAnnotation defines mount option annotation used in PVs +#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" + +// PersistentVolume (PV) is a storage resource provisioned by an administrator. +// It is analogous to a node. +// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes +#PersistentVolume: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec defines a specification of a persistent volume owned by the cluster. + // Provisioned by an administrator. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes + // +optional + spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) + + // status represents the current information/status for the persistent volume. + // Populated by the system. + // Read-only. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes + // +optional + status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PersistentVolumeSpec is the specification of a persistent volume. +#PersistentVolumeSpec: { + // capacity is the description of the persistent volume's resources and capacity. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity + // +optional + capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + #PersistentVolumeSource + + // accessModes contains all ways the volume can be mounted. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes + // +optional + accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) + + // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. + // Expected to be non-nil when bound. + // claim.VolumeName is the authoritative bind between PV and PVC. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding + // +optional + // +structType=granular + claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) + + // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. + // Valid options are Retain (default for manually created PersistentVolumes), Delete (default + // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). + // Recycle must be supported by the volume plugin underlying this PersistentVolume. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming + // +optional + persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) + + // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value + // means that this volume does not belong to any StorageClass. + // +optional + storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) + + // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will + // simply fail if one is invalid. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options + // +optional + mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) + + // volumeMode defines if a volume is intended to be used with a formatted filesystem + // or to remain in raw block state. Value of Filesystem is implied when not included in spec. + // +optional + volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) + + // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. + // This field influences the scheduling of pods that use this volume. + // +optional + nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) +} + +// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. +#VolumeNodeAffinity: { + // required specifies hard node constraints that must be met. + required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) +} + +// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. +// +enum +#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy + +#enumPersistentVolumeReclaimPolicy: + #PersistentVolumeReclaimRecycle | + #PersistentVolumeReclaimDelete | + #PersistentVolumeReclaimRetain + +// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. +// The volume plugin must support Recycling. +#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" + +// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. +// The volume plugin must support Deletion. +#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" + +// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. +// The default policy is Retain. +#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" + +// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. +// +enum +#PersistentVolumeMode: string // #enumPersistentVolumeMode + +#enumPersistentVolumeMode: + #PersistentVolumeBlock | + #PersistentVolumeFilesystem + +// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. +#PersistentVolumeBlock: #PersistentVolumeMode & "Block" + +// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. +#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" + +// PersistentVolumeStatus is the current status of a persistent volume. +#PersistentVolumeStatus: { + // phase indicates if a volume is available, bound to a claim, or released by a claim. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase + // +optional + phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) + + // message is a human-readable message indicating details about why the volume is in this state. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) + + // reason is a brief CamelCase string that describes any failure and is meant + // for machine parsing and tidy display in the CLI. + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // lastPhaseTransitionTime is the time the phase transitioned from one to another + // and automatically resets to current time everytime a volume phase transitions. + // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. + // +featureGate=PersistentVolumeLastPhaseTransitionTime + // +optional + lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) +} + +// PersistentVolumeList is a list of PersistentVolume items. +#PersistentVolumeList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of persistent volumes. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes + items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) +} + +// PersistentVolumeClaim is a user's request for and claim to a persistent volume +#PersistentVolumeClaim: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec defines the desired characteristics of a volume requested by a pod author. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + // +optional + spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) + + // status represents the current information/status of a persistent volume claim. + // Read-only. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + // +optional + status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. +#PersistentVolumeClaimList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of persistent volume claims. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) +} + +// PersistentVolumeClaimSpec describes the common attributes of storage devices +// and allows a Source for provider-specific attributes +#PersistentVolumeClaimSpec: { + // accessModes contains the desired access modes the volume should have. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + // +optional + accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) + + // selector is a label query over volumes to consider for binding. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) + + // resources represents the minimum resources the volume should have. + // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + // that are lower than previous value but must still be higher than capacity recorded in the + // status field of the claim. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + // +optional + resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) + + // volumeName is the binding reference to the PersistentVolume backing this claim. + // +optional + volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) + + // storageClassName is the name of the StorageClass required by the claim. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + // +optional + storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) + + // volumeMode defines what type of volume is required by the claim. + // Value of Filesystem is implied when not included in claim spec. + // +optional + volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) + + // dataSource field can be used to specify either: + // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + // * An existing PVC (PersistentVolumeClaim) + // If the provisioner or an external controller can support the specified data source, + // it will create a new volume based on the contents of the specified data source. + // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + // If the namespace is specified, then dataSourceRef will not be copied to dataSource. + // +optional + dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) + + // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + // volume is desired. This may be any object from a non-empty API group (non + // core object) or a PersistentVolumeClaim object. + // When this field is specified, volume binding will only succeed if the type of + // the specified object matches some installed volume populator or dynamic + // provisioner. + // This field will replace the functionality of the dataSource field and as such + // if both fields are non-empty, they must have the same value. For backwards + // compatibility, when namespace isn't specified in dataSourceRef, + // both fields (dataSource and dataSourceRef) will be set to the same + // value automatically if one of them is empty and the other is non-empty. + // When namespace is specified in dataSourceRef, + // dataSource isn't set to the same value and must be empty. + // There are three important differences between dataSource and dataSourceRef: + // * While dataSource only allows two specific types of objects, dataSourceRef + // allows any non-core object, as well as PersistentVolumeClaim objects. + // * While dataSource ignores disallowed values (dropping them), dataSourceRef + // preserves all values, and generates an error if a disallowed value is + // specified. + // * While dataSource only allows local objects, dataSourceRef allows objects + // in any namespaces. + // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + // +optional + dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) +} + +#TypedObjectReference: { + // APIGroup is the group for the resource being referenced. + // If APIGroup is not specified, the specified Kind must be in the core API group. + // For any other third-party types, APIGroup is required. + // +optional + apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) + + // Kind is the type of resource being referenced + kind: string @go(Kind) @protobuf(2,bytes,opt) + + // Name is the name of resource being referenced + name: string @go(Name) @protobuf(3,bytes,opt) + + // Namespace is the namespace of resource being referenced + // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + // +featureGate=CrossNamespaceVolumeDataSource + // +optional + namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) +} + +// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type +#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType + +#enumPersistentVolumeClaimConditionType: + #PersistentVolumeClaimResizing | + #PersistentVolumeClaimFileSystemResizePending + +// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started +#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" + +// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node +#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" + +// +enum +// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource +// that it does not recognizes, then it should ignore that update and let other controllers +// handle it. +#ClaimResourceStatus: string // #enumClaimResourceStatus + +#enumClaimResourceStatus: + #PersistentVolumeClaimControllerResizeInProgress | + #PersistentVolumeClaimControllerResizeFailed | + #PersistentVolumeClaimNodeResizePending | + #PersistentVolumeClaimNodeResizeInProgress | + #PersistentVolumeClaimNodeResizeFailed + +// State set when resize controller starts resizing the volume in control-plane. +#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" + +// State set when resize has failed in resize controller with a terminal error. +// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus +// unmodified, so as resize controller can resume the volume expansion. +#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" + +// State set when resize controller has finished resizing the volume but further resizing of volume +// is needed on the node. +#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" + +// State set when kubelet starts resizing the volume. +#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" + +// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed +#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" + +// PersistentVolumeClaimCondition contains details about state of pvc +#PersistentVolumeClaimCondition: { + type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // lastProbeTime is the time we probed the condition. + // +optional + lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) + + // lastTransitionTime is the time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // reason is a unique, this should be a short, machine understandable string that gives the reason + // for condition's last transition. If it reports "ResizeStarted" that means the underlying + // persistent volume is being resized. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // message is the human-readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// PersistentVolumeClaimStatus is the current status of a persistent volume claim. +#PersistentVolumeClaimStatus: { + // phase represents the current phase of PersistentVolumeClaim. + // +optional + phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) + + // accessModes contains the actual access modes the volume backing the PVC has. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + // +optional + accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) + + // capacity represents the actual resources of the underlying volume. + // +optional + capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + // resized then the Condition will be set to 'ResizeStarted'. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) + + // allocatedResources tracks the resources allocated to a PVC including its capacity. + // Key names follow standard Kubernetes label syntax. Valid values are either: + // * Un-prefixed keys: + // - storage - the capacity of the volume. + // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + // reserved and hence may not be used. + // + // Capacity reported here may be larger than the actual capacity when a volume expansion operation + // is requested. + // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. + // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. + // If a volume expansion capacity request is lowered, allocatedResources is only + // lowered if there are no expansion operations in progress and if the actual volume capacity + // is equal or lower than the requested capacity. + // + // A controller that receives PVC update with previously unknown resourceName + // should ignore the update for the purpose it was designed. For example - a controller that + // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + // resources associated with PVC. + // + // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + // +featureGate=RecoverVolumeExpansionFailure + // +optional + allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // allocatedResourceStatuses stores status of resource being resized for the given PVC. + // Key names follow standard Kubernetes label syntax. Valid values are either: + // * Un-prefixed keys: + // - storage - the capacity of the volume. + // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + // reserved and hence may not be used. + // + // ClaimResourceStatus can be in any of following states: + // - ControllerResizeInProgress: + // State set when resize controller starts resizing the volume in control-plane. + // - ControllerResizeFailed: + // State set when resize has failed in resize controller with a terminal error. + // - NodeResizePending: + // State set when resize controller has finished resizing the volume but further resizing of + // volume is needed on the node. + // - NodeResizeInProgress: + // State set when kubelet starts resizing the volume. + // - NodeResizeFailed: + // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + // NodeResizeFailed. + // For example: if expanding a PVC for more capacity - this field can be one of the following states: + // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" + // When this field is not set, it means that no resize operation is in progress for the given PVC. + // + // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus + // should ignore the update for the purpose it was designed. For example - a controller that + // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + // resources associated with PVC. + // + // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + // +featureGate=RecoverVolumeExpansionFailure + // +mapType=granular + // +optional + allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) +} + +// +enum +#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode + +#enumPersistentVolumeAccessMode: + #ReadWriteOnce | + #ReadOnlyMany | + #ReadWriteMany | + #ReadWriteOncePod + +// can be mounted in read/write mode to exactly 1 host +#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" + +// can be mounted in read-only mode to many hosts +#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" + +// can be mounted in read/write mode to many hosts +#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" + +// can be mounted in read/write mode to exactly 1 pod +// cannot be used in combination with other access modes +#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" + +// +enum +#PersistentVolumePhase: string // #enumPersistentVolumePhase + +#enumPersistentVolumePhase: + #VolumePending | + #VolumeAvailable | + #VolumeBound | + #VolumeReleased | + #VolumeFailed + +// used for PersistentVolumes that are not available +#VolumePending: #PersistentVolumePhase & "Pending" + +// used for PersistentVolumes that are not yet bound +// Available volumes are held by the binder and matched to PersistentVolumeClaims +#VolumeAvailable: #PersistentVolumePhase & "Available" + +// used for PersistentVolumes that are bound +#VolumeBound: #PersistentVolumePhase & "Bound" + +// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted +// released volumes must be recycled before becoming available again +// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource +#VolumeReleased: #PersistentVolumePhase & "Released" + +// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim +#VolumeFailed: #PersistentVolumePhase & "Failed" + +// +enum +#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase + +#enumPersistentVolumeClaimPhase: + #ClaimPending | + #ClaimBound | + #ClaimLost + +// used for PersistentVolumeClaims that are not yet bound +#ClaimPending: #PersistentVolumeClaimPhase & "Pending" + +// used for PersistentVolumeClaims that are bound +#ClaimBound: #PersistentVolumeClaimPhase & "Bound" + +// used for PersistentVolumeClaims that lost their underlying +// PersistentVolume. The claim was bound to a PersistentVolume and this +// volume does not exist any longer and all data on it was lost. +#ClaimLost: #PersistentVolumeClaimPhase & "Lost" + +// +enum +#HostPathType: string // #enumHostPathType + +#enumHostPathType: + #HostPathUnset | + #HostPathDirectoryOrCreate | + #HostPathDirectory | + #HostPathFileOrCreate | + #HostPathFile | + #HostPathSocket | + #HostPathCharDev | + #HostPathBlockDev + +// For backwards compatible, leave it empty if unset +#HostPathUnset: #HostPathType & "" + +// If nothing exists at the given path, an empty directory will be created there +// as needed with file mode 0755, having the same group and ownership with Kubelet. +#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" + +// A directory must exist at the given path +#HostPathDirectory: #HostPathType & "Directory" + +// If nothing exists at the given path, an empty file will be created there +// as needed with file mode 0644, having the same group and ownership with Kubelet. +#HostPathFileOrCreate: #HostPathType & "FileOrCreate" + +// A file must exist at the given path +#HostPathFile: #HostPathType & "File" + +// A UNIX socket must exist at the given path +#HostPathSocket: #HostPathType & "Socket" + +// A character device must exist at the given path +#HostPathCharDev: #HostPathType & "CharDevice" + +// A block device must exist at the given path +#HostPathBlockDev: #HostPathType & "BlockDevice" + +// Represents a host path mapped into a pod. +// Host path volumes do not support ownership management or SELinux relabeling. +#HostPathVolumeSource: { + // path of the directory on the host. + // If the path is a symlink, it will follow the link to the real path. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + path: string @go(Path) @protobuf(1,bytes,opt) + + // type for HostPath Volume + // Defaults to "" + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + // +optional + type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) +} + +// Represents an empty directory for a pod. +// Empty directory volumes support ownership management and SELinux relabeling. +#EmptyDirVolumeSource: { + // medium represents what type of storage medium should back this directory. + // The default is "" which means to use the node's default medium. + // Must be an empty string (default) or Memory. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + // +optional + medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) + + // sizeLimit is the total amount of local storage required for this EmptyDir volume. + // The size limit is also applicable for memory medium. + // The maximum usage on memory medium EmptyDir would be the minimum value between + // the SizeLimit specified here and the sum of memory limits of all containers in a pod. + // The default is nil which means that the limit is undefined. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + // +optional + sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) +} + +// Represents a Glusterfs mount that lasts the lifetime of a pod. +// Glusterfs volumes do not support ownership management or SELinux relabeling. +#GlusterfsVolumeSource: { + // endpoints is the endpoint name that details Glusterfs topology. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) + + // path is the Glusterfs volume path. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + path: string @go(Path) @protobuf(2,bytes,opt) + + // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// Represents a Glusterfs mount that lasts the lifetime of a pod. +// Glusterfs volumes do not support ownership management or SELinux relabeling. +#GlusterfsPersistentVolumeSource: { + // endpoints is the endpoint name that details Glusterfs topology. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) + + // path is the Glusterfs volume path. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + path: string @go(Path) @protobuf(2,bytes,opt) + + // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // endpointsNamespace is the namespace that contains Glusterfs endpoint. + // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + // +optional + endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) +} + +// Represents a Rados Block Device mount that lasts the lifetime of a pod. +// RBD volumes support ownership management and SELinux relabeling. +#RBDVolumeSource: { + // monitors is a collection of Ceph monitors. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) + + // image is the rados image name. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + image: string @go(RBDImage) @protobuf(2,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // pool is the rados pool name. + // Default is rbd. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + pool?: string @go(RBDPool) @protobuf(4,bytes,opt) + + // user is the rados user name. + // Default is admin. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + user?: string @go(RadosUser) @protobuf(5,bytes,opt) + + // keyring is the path to key ring for RBDUser. + // Default is /etc/ceph/keyring. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + keyring?: string @go(Keyring) @protobuf(6,bytes,opt) + + // secretRef is name of the authentication secret for RBDUser. If provided + // overrides keyring. + // Default is nil. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) +} + +// Represents a Rados Block Device mount that lasts the lifetime of a pod. +// RBD volumes support ownership management and SELinux relabeling. +#RBDPersistentVolumeSource: { + // monitors is a collection of Ceph monitors. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) + + // image is the rados image name. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + image: string @go(RBDImage) @protobuf(2,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // pool is the rados pool name. + // Default is rbd. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + pool?: string @go(RBDPool) @protobuf(4,bytes,opt) + + // user is the rados user name. + // Default is admin. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + user?: string @go(RadosUser) @protobuf(5,bytes,opt) + + // keyring is the path to key ring for RBDUser. + // Default is /etc/ceph/keyring. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + keyring?: string @go(Keyring) @protobuf(6,bytes,opt) + + // secretRef is name of the authentication secret for RBDUser. If provided + // overrides keyring. + // Default is nil. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) +} + +// Represents a cinder volume resource in Openstack. +// A Cinder volume must exist before mounting to a container. +// The volume must also be in the same region as the kubelet. +// Cinder volumes support ownership management and SELinux relabeling. +#CinderVolumeSource: { + // volumeID used to identify the volume in cinder. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // secretRef is optional: points to a secret object containing parameters used to connect + // to OpenStack. + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) +} + +// Represents a cinder volume resource in Openstack. +// A Cinder volume must exist before mounting to a container. +// The volume must also be in the same region as the kubelet. +// Cinder volumes support ownership management and SELinux relabeling. +#CinderPersistentVolumeSource: { + // volumeID used to identify the volume in cinder. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fsType Filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // secretRef is Optional: points to a secret object containing parameters used to connect + // to OpenStack. + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) +} + +// Represents a Ceph Filesystem mount that lasts the lifetime of a pod +// Cephfs volumes do not support ownership management or SELinux relabeling. +#CephFSVolumeSource: { + // monitors is Required: Monitors is a collection of Ceph monitors + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) + + // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + // +optional + path?: string @go(Path) @protobuf(2,bytes,opt) + + // user is optional: User is the rados user name, default is admin + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + user?: string @go(User) @protobuf(3,bytes,opt) + + // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) + + // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) +} + +// SecretReference represents a Secret Reference. It has enough information to retrieve secret +// in any namespace +// +structType=atomic +#SecretReference: { + // name is unique within a namespace to reference a secret resource. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // namespace defines the space within which the secret name must be unique. + // +optional + namespace?: string @go(Namespace) @protobuf(2,bytes,opt) +} + +// Represents a Ceph Filesystem mount that lasts the lifetime of a pod +// Cephfs volumes do not support ownership management or SELinux relabeling. +#CephFSPersistentVolumeSource: { + // monitors is Required: Monitors is a collection of Ceph monitors + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) + + // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + // +optional + path?: string @go(Path) @protobuf(2,bytes,opt) + + // user is Optional: User is the rados user name, default is admin + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + user?: string @go(User) @protobuf(3,bytes,opt) + + // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) + + // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) +} + +// Represents a Flocker volume mounted by the Flocker agent. +// One and only one of datasetName and datasetUUID should be set. +// Flocker volumes do not support ownership management or SELinux relabeling. +#FlockerVolumeSource: { + // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + // should be considered as deprecated + // +optional + datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) + + // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + // +optional + datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) +} + +// StorageMedium defines ways that storage can be allocated to a volume. +#StorageMedium: string // #enumStorageMedium + +#enumStorageMedium: + #StorageMediumDefault | + #StorageMediumMemory | + #StorageMediumHugePages | + #StorageMediumHugePagesPrefix + +#StorageMediumDefault: #StorageMedium & "" +#StorageMediumMemory: #StorageMedium & "Memory" +#StorageMediumHugePages: #StorageMedium & "HugePages" +#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" + +// Protocol defines network protocols supported for things like container ports. +// +enum +#Protocol: string // #enumProtocol + +#enumProtocol: + #ProtocolTCP | + #ProtocolUDP | + #ProtocolSCTP + +// ProtocolTCP is the TCP protocol. +#ProtocolTCP: #Protocol & "TCP" + +// ProtocolUDP is the UDP protocol. +#ProtocolUDP: #Protocol & "UDP" + +// ProtocolSCTP is the SCTP protocol. +#ProtocolSCTP: #Protocol & "SCTP" + +// Represents a Persistent Disk resource in Google Compute Engine. +// +// A GCE PD must exist before mounting to a container. The disk must +// also be in the same GCE project and zone as the kubelet. A GCE PD +// can only be mounted as read/write once or read-only many times. GCE +// PDs support ownership management and SELinux relabeling. +#GCEPersistentDiskVolumeSource: { + // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + pdName: string @go(PDName) @protobuf(1,bytes,opt) + + // fsType is filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // partition is the partition in the volume that you want to mount. + // If omitted, the default is to mount by volume name. + // Examples: For volume /dev/sda1, you specify the partition as "1". + // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + partition?: int32 @go(Partition) @protobuf(3,varint,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) +} + +// Represents a Quobyte mount that lasts the lifetime of a pod. +// Quobyte volumes do not support ownership management or SELinux relabeling. +#QuobyteVolumeSource: { + // registry represents a single or multiple Quobyte Registry services + // specified as a string as host:port pair (multiple entries are separated with commas) + // which acts as the central registry for volumes + registry: string @go(Registry) @protobuf(1,bytes,opt) + + // volume is a string that references an already created Quobyte volume by name. + volume: string @go(Volume) @protobuf(2,bytes,opt) + + // readOnly here will force the Quobyte volume to be mounted with read-only permissions. + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // user to map volume access to + // Defaults to serivceaccount user + // +optional + user?: string @go(User) @protobuf(4,bytes,opt) + + // group to map volume access to + // Default is no group + // +optional + group?: string @go(Group) @protobuf(5,bytes,opt) + + // tenant owning the given Quobyte volume in the Backend + // Used with dynamically provisioned Quobyte volumes, value is set by the plugin + // +optional + tenant?: string @go(Tenant) @protobuf(6,bytes,opt) +} + +// FlexPersistentVolumeSource represents a generic persistent volume resource that is +// provisioned/attached using an exec based plugin. +#FlexPersistentVolumeSource: { + // driver is the name of the driver to use for this volume. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // fsType is the Filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // secretRef is Optional: SecretRef is reference to the secret object containing + // sensitive information to pass to the plugin scripts. This may be + // empty if no secret object is specified. If the secret object + // contains more than one secret, all secrets are passed to the plugin + // scripts. + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) + + // readOnly is Optional: defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // options is Optional: this field holds extra command options if any. + // +optional + options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) +} + +// FlexVolume represents a generic volume resource that is +// provisioned/attached using an exec based plugin. +#FlexVolumeSource: { + // driver is the name of the driver to use for this volume. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // secretRef is Optional: secretRef is reference to the secret object containing + // sensitive information to pass to the plugin scripts. This may be + // empty if no secret object is specified. If the secret object + // contains more than one secret, all secrets are passed to the plugin + // scripts. + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) + + // readOnly is Optional: defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // options is Optional: this field holds extra command options if any. + // +optional + options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) +} + +// Represents a Persistent Disk resource in AWS. +// +// An AWS EBS disk must exist before mounting to a container. The disk +// must also be in the same AWS zone as the kubelet. An AWS EBS disk +// can only be mounted as read/write once. AWS EBS volumes support +// ownership management and SELinux relabeling. +#AWSElasticBlockStoreVolumeSource: { + // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // partition is the partition in the volume that you want to mount. + // If omitted, the default is to mount by volume name. + // Examples: For volume /dev/sda1, you specify the partition as "1". + // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + // +optional + partition?: int32 @go(Partition) @protobuf(3,varint,opt) + + // readOnly value true will force the readOnly setting in VolumeMounts. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) +} + +// Represents a volume that is populated with the contents of a git repository. +// Git repo volumes do not support ownership management. +// Git repo volumes support SELinux relabeling. +// +// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +// into the Pod's container. +#GitRepoVolumeSource: { + // repository is the URL + repository: string @go(Repository) @protobuf(1,bytes,opt) + + // revision is the commit hash for the specified revision. + // +optional + revision?: string @go(Revision) @protobuf(2,bytes,opt) + + // directory is the target directory name. + // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + // git repository. Otherwise, if specified, the volume will contain the git repository in + // the subdirectory with the given name. + // +optional + directory?: string @go(Directory) @protobuf(3,bytes,opt) +} + +// Adapts a Secret into a volume. +// +// The contents of the target Secret's Data field will be presented in a volume +// as files using the keys in the Data field as the file names. +// Secret volumes support ownership management and SELinux relabeling. +#SecretVolumeSource: { + // secretName is the name of the secret in the pod's namespace to use. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + // +optional + secretName?: string @go(SecretName) @protobuf(1,bytes,opt) + + // items If unspecified, each key-value pair in the Data field of the referenced + // Secret will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the Secret, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // defaultMode is Optional: mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values + // for mode bits. Defaults to 0644. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) + + // optional field specify whether the Secret or its keys must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +#SecretVolumeSourceDefaultMode: int32 & 0o644 + +// Adapts a secret into a projected volume. +// +// The contents of the target Secret's Data field will be presented in a +// projected volume as files using the keys in the Data field as the file names. +// Note that this is identical to a secret volume source without the default +// mode. +#SecretProjection: { + #LocalObjectReference + + // items if unspecified, each key-value pair in the Data field of the referenced + // Secret will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the Secret, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // optional field specify whether the Secret or its key must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +// Represents an NFS mount that lasts the lifetime of a pod. +// NFS volumes do not support ownership management or SELinux relabeling. +#NFSVolumeSource: { + // server is the hostname or IP address of the NFS server. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + server: string @go(Server) @protobuf(1,bytes,opt) + + // path that is exported by the NFS server. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + path: string @go(Path) @protobuf(2,bytes,opt) + + // readOnly here will force the NFS export to be mounted with read-only permissions. + // Defaults to false. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// Represents an ISCSI disk. +// ISCSI volumes can only be mounted as read/write once. +// ISCSI volumes support ownership management and SELinux relabeling. +#ISCSIVolumeSource: { + // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) + + // iqn is the target iSCSI Qualified Name. + iqn: string @go(IQN) @protobuf(2,bytes,opt) + + // lun represents iSCSI Target Lun number. + lun: int32 @go(Lun) @protobuf(3,varint,opt) + + // iscsiInterface is the interface Name that uses an iSCSI transport. + // Defaults to 'default' (tcp). + // +optional + iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(5,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) + + // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + // +optional + portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) + + // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + // +optional + chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) + + // chapAuthSession defines whether support iSCSI Session CHAP authentication + // +optional + chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) + + // secretRef is the CHAP Secret for iSCSI target and initiator authentication + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) + + // initiatorName is the custom iSCSI Initiator Name. + // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + // : will be created for the connection. + // +optional + initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) +} + +// ISCSIPersistentVolumeSource represents an ISCSI disk. +// ISCSI volumes can only be mounted as read/write once. +// ISCSI volumes support ownership management and SELinux relabeling. +#ISCSIPersistentVolumeSource: { + // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) + + // iqn is Target iSCSI Qualified Name. + iqn: string @go(IQN) @protobuf(2,bytes,opt) + + // lun is iSCSI Target Lun number. + lun: int32 @go(Lun) @protobuf(3,varint,opt) + + // iscsiInterface is the interface Name that uses an iSCSI transport. + // Defaults to 'default' (tcp). + // +optional + iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(5,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) + + // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + // +optional + portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) + + // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + // +optional + chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) + + // chapAuthSession defines whether support iSCSI Session CHAP authentication + // +optional + chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) + + // secretRef is the CHAP Secret for iSCSI target and initiator authentication + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) + + // initiatorName is the custom iSCSI Initiator Name. + // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + // : will be created for the connection. + // +optional + initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) +} + +// Represents a Fibre Channel volume. +// Fibre Channel volumes can only be mounted as read/write once. +// Fibre Channel volumes support ownership management and SELinux relabeling. +#FCVolumeSource: { + // targetWWNs is Optional: FC target worldwide names (WWNs) + // +optional + targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) + + // lun is Optional: FC target lun number + // +optional + lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // wwids Optional: FC volume world wide identifiers (wwids) + // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + // +optional + wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) +} + +// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +#AzureFileVolumeSource: { + // secretName is the name of secret that contains Azure Storage Account Name and Key + secretName: string @go(SecretName) @protobuf(1,bytes,opt) + + // shareName is the azure share Name + shareName: string @go(ShareName) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +#AzureFilePersistentVolumeSource: { + // secretName is the name of secret that contains Azure Storage Account Name and Key + secretName: string @go(SecretName) @protobuf(1,bytes,opt) + + // shareName is the azure Share Name + shareName: string @go(ShareName) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key + // default is the same as the Pod + // +optional + secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) +} + +// Represents a vSphere volume resource. +#VsphereVirtualDiskVolumeSource: { + // volumePath is the path that identifies vSphere volume vmdk + volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) + + // fsType is filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // storagePolicyName is the storage Policy Based Management (SPBM) profile name. + // +optional + storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) + + // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + // +optional + storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) +} + +// Represents a Photon Controller persistent disk resource. +#PhotonPersistentDiskVolumeSource: { + // pdID is the ID that identifies Photon Controller persistent disk + pdID: string @go(PdID) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + fsType?: string @go(FSType) @protobuf(2,bytes,opt) +} + +// +enum +#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode + +#enumAzureDataDiskCachingMode: + #AzureDataDiskCachingNone | + #AzureDataDiskCachingReadOnly | + #AzureDataDiskCachingReadWrite + +// +enum +#AzureDataDiskKind: string // #enumAzureDataDiskKind + +#enumAzureDataDiskKind: + #AzureSharedBlobDisk | + #AzureDedicatedBlobDisk | + #AzureManagedDisk + +#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" +#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" +#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" +#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" +#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" +#AzureManagedDisk: #AzureDataDiskKind & "Managed" + +// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +#AzureDiskVolumeSource: { + // diskName is the Name of the data disk in the blob storage + diskName: string @go(DiskName) @protobuf(1,bytes,opt) + + // diskURI is the URI of data disk in the blob storage + diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) + + // cachingMode is the Host Caching mode: None, Read Only, Read Write. + // +optional + cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) + + // fsType is Filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) + + // readOnly Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) + + // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) +} + +// PortworxVolumeSource represents a Portworx volume resource. +#PortworxVolumeSource: { + // volumeID uniquely identifies a Portworx volume + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fSType represents the filesystem type to mount + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// ScaleIOVolumeSource represents a persistent ScaleIO volume +#ScaleIOVolumeSource: { + // gateway is the host address of the ScaleIO API Gateway. + gateway: string @go(Gateway) @protobuf(1,bytes,opt) + + // system is the name of the storage system as configured in ScaleIO. + system: string @go(System) @protobuf(2,bytes,opt) + + // secretRef references to the secret for ScaleIO user and other + // sensitive information. If this is not provided, Login operation will fail. + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) + + // sslEnabled Flag enable/disable SSL communication with Gateway, default false + // +optional + sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) + + // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + // +optional + protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) + + // storagePool is the ScaleIO Storage Pool associated with the protection domain. + // +optional + storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) + + // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + // Default is ThinProvisioned. + // +optional + storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) + + // volumeName is the name of a volume already created in the ScaleIO system + // that is associated with this volume source. + volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". + // Default is "xfs". + // +optional + fsType?: string @go(FSType) @protobuf(9,bytes,opt) + + // readOnly Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) +} + +// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume +#ScaleIOPersistentVolumeSource: { + // gateway is the host address of the ScaleIO API Gateway. + gateway: string @go(Gateway) @protobuf(1,bytes,opt) + + // system is the name of the storage system as configured in ScaleIO. + system: string @go(System) @protobuf(2,bytes,opt) + + // secretRef references to the secret for ScaleIO user and other + // sensitive information. If this is not provided, Login operation will fail. + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) + + // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false + // +optional + sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) + + // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + // +optional + protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) + + // storagePool is the ScaleIO Storage Pool associated with the protection domain. + // +optional + storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) + + // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + // Default is ThinProvisioned. + // +optional + storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) + + // volumeName is the name of a volume already created in the ScaleIO system + // that is associated with this volume source. + volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". + // Default is "xfs" + // +optional + fsType?: string @go(FSType) @protobuf(9,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) +} + +// Represents a StorageOS persistent volume resource. +#StorageOSVolumeSource: { + // volumeName is the human-readable name of the StorageOS volume. Volume + // names are only unique within a namespace. + volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) + + // volumeNamespace specifies the scope of the volume within StorageOS. If no + // namespace is specified then the Pod's namespace will be used. This allows the + // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + // Set VolumeName to any name to override the default behaviour. + // Set to "default" if you are not using namespaces within StorageOS. + // Namespaces that do not pre-exist within StorageOS will be created. + // +optional + volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // secretRef specifies the secret to use for obtaining the StorageOS API + // credentials. If not specified, default values will be attempted. + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) +} + +// Represents a StorageOS persistent volume resource. +#StorageOSPersistentVolumeSource: { + // volumeName is the human-readable name of the StorageOS volume. Volume + // names are only unique within a namespace. + volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) + + // volumeNamespace specifies the scope of the volume within StorageOS. If no + // namespace is specified then the Pod's namespace will be used. This allows the + // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + // Set VolumeName to any name to override the default behaviour. + // Set to "default" if you are not using namespaces within StorageOS. + // Namespaces that do not pre-exist within StorageOS will be created. + // +optional + volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // secretRef specifies the secret to use for obtaining the StorageOS API + // credentials. If not specified, default values will be attempted. + // +optional + secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) +} + +// Adapts a ConfigMap into a volume. +// +// The contents of the target ConfigMap's Data field will be presented in a +// volume as files using the keys in the Data field as the file names, unless +// the items element is populated with specific mappings of keys to paths. +// ConfigMap volumes support ownership management and SELinux relabeling. +#ConfigMapVolumeSource: { + #LocalObjectReference + + // items if unspecified, each key-value pair in the Data field of the referenced + // ConfigMap will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the ConfigMap, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // defaultMode is optional: mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // Defaults to 0644. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) + + // optional specify whether the ConfigMap or its keys must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 + +// Adapts a ConfigMap into a projected volume. +// +// The contents of the target ConfigMap's Data field will be presented in a +// projected volume as files using the keys in the Data field as the file names, +// unless the items element is populated with specific mappings of keys to paths. +// Note that this is identical to a configmap volume source without the default +// mode. +#ConfigMapProjection: { + #LocalObjectReference + + // items if unspecified, each key-value pair in the Data field of the referenced + // ConfigMap will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the ConfigMap, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // optional specify whether the ConfigMap or its keys must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +// ServiceAccountTokenProjection represents a projected service account token +// volume. This projection can be used to insert a service account token into +// the pods runtime filesystem for use against APIs (Kubernetes API Server or +// otherwise). +#ServiceAccountTokenProjection: { + // audience is the intended audience of the token. A recipient of a token + // must identify itself with an identifier specified in the audience of the + // token, and otherwise should reject the token. The audience defaults to the + // identifier of the apiserver. + // +optional + audience?: string @go(Audience) @protobuf(1,bytes,rep) + + // expirationSeconds is the requested duration of validity of the service + // account token. As the token approaches expiration, the kubelet volume + // plugin will proactively rotate the service account token. The kubelet will + // start trying to rotate the token if the token is older than 80 percent of + // its time to live or if the token is older than 24 hours.Defaults to 1 hour + // and must be at least 10 minutes. + // +optional + expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) + + // path is the path relative to the mount point of the file to project the + // token into. + path: string @go(Path) @protobuf(3,bytes,opt) +} + +// Represents a projected volume source +#ProjectedVolumeSource: { + // sources is the list of volume projections + // +optional + sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) + + // defaultMode are the mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) +} + +// Projection that may be projected along with other supported volume types +#VolumeProjection: { + // secret information about the secret data to project + // +optional + secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) + + // downwardAPI information about the downwardAPI data to project + // +optional + downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) + + // configMap information about the configMap data to project + // +optional + configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) + + // serviceAccountToken is information about the serviceAccountToken data to project + // +optional + serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) +} + +#ProjectedVolumeSourceDefaultMode: int32 & 0o644 + +// Maps a string key to a path within a volume. +#KeyToPath: { + // key is the key to project. + key: string @go(Key) @protobuf(1,bytes,opt) + + // path is the relative path of the file to map the key to. + // May not be an absolute path. + // May not contain the path element '..'. + // May not start with the string '..'. + path: string @go(Path) @protobuf(2,bytes,opt) + + // mode is Optional: mode bits used to set permissions on this file. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // If not specified, the volume defaultMode will be used. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) +} + +// Local represents directly-attached storage with node affinity (Beta feature) +#LocalVolumeSource: { + // path of the full path to the volume on the node. + // It can be either a directory or block device (disk, partition, ...). + path: string @go(Path) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // It applies only when the Path is a block device. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. + // +optional + fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) +} + +// Represents storage that is managed by an external CSI volume driver (Beta feature) +#CSIPersistentVolumeSource: { + // driver is the name of the driver to use for this volume. + // Required. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // volumeHandle is the unique volume name returned by the CSI volume + // plugin’s CreateVolume to refer to the volume on all subsequent calls. + // Required. + volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) + + // readOnly value to pass to ControllerPublishVolumeRequest. + // Defaults to false (read/write). + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // fsType to mount. Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". + // +optional + fsType?: string @go(FSType) @protobuf(4,bytes,opt) + + // volumeAttributes of the volume to publish. + // +optional + volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) + + // controllerPublishSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // ControllerPublishVolume and ControllerUnpublishVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) + + // nodeStageSecretRef is a reference to the secret object containing sensitive + // information to pass to the CSI driver to complete the CSI NodeStageVolume + // and NodeStageVolume and NodeUnstageVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) + + // nodePublishSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // NodePublishVolume and NodeUnpublishVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) + + // controllerExpandSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // ControllerExpandVolume call. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) + + // nodeExpandSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // NodeExpandVolume call. + // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. + // This field is optional, may be omitted if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +featureGate=CSINodeExpandSecret + // +optional + nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) +} + +// Represents a source location of a volume to mount, managed by an external CSI driver +#CSIVolumeSource: { + // driver is the name of the CSI driver that handles this volume. + // Consult with your admin for the correct name as registered in the cluster. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // readOnly specifies a read-only configuration for the volume. + // Defaults to false (read/write). + // +optional + readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) + + // fsType to mount. Ex. "ext4", "xfs", "ntfs". + // If not provided, the empty value is passed to the associated CSI driver + // which will determine the default filesystem to apply. + // +optional + fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) + + // volumeAttributes stores driver-specific properties that are passed to the CSI + // driver. Consult your driver's documentation for supported values. + // +optional + volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) + + // nodePublishSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // NodePublishVolume and NodeUnpublishVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secret references are passed. + // +optional + nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) +} + +// Represents an ephemeral volume that is handled by a normal storage driver. +#EphemeralVolumeSource: { + // Will be used to create a stand-alone PVC to provision the volume. + // The pod in which this EphemeralVolumeSource is embedded will be the + // owner of the PVC, i.e. the PVC will be deleted together with the + // pod. The name of the PVC will be `-` where + // `` is the name from the `PodSpec.Volumes` array + // entry. Pod validation will reject the pod if the concatenated name + // is not valid for a PVC (for example, too long). + // + // An existing PVC with that name that is not owned by the pod + // will *not* be used for the pod to avoid using an unrelated + // volume by mistake. Starting the pod is then blocked until + // the unrelated PVC is removed. If such a pre-created PVC is + // meant to be used by the pod, the PVC has to updated with an + // owner reference to the pod once the pod exists. Normally + // this should not be necessary, but it may be useful when + // manually reconstructing a broken cluster. + // + // This field is read-only and no changes will be made by Kubernetes + // to the PVC after it has been created. + // + // Required, must not be nil. + volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) +} + +// PersistentVolumeClaimTemplate is used to produce +// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. +#PersistentVolumeClaimTemplate: { + // May contain labels and annotations that will be copied into the PVC + // when creating it. No other fields are allowed and will be rejected during + // validation. + // + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The specification for the PersistentVolumeClaim. The entire content is + // copied unchanged into the PVC that gets created from this + // template. The same fields as in a PersistentVolumeClaim + // are also valid here. + spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) +} + +// ContainerPort represents a network port in a single container. +#ContainerPort: { + // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + // named port in a pod must have a unique name. Name for the port that can be + // referred to by services. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // Number of port to expose on the host. + // If specified, this must be a valid port number, 0 < x < 65536. + // If HostNetwork is specified, this must match ContainerPort. + // Most containers do not need this. + // +optional + hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) + + // Number of port to expose on the pod's IP address. + // This must be a valid port number, 0 < x < 65536. + containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) + + // Protocol for port. Must be UDP, TCP, or SCTP. + // Defaults to "TCP". + // +optional + // +default="TCP" + protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) + + // What host IP to bind the external port to. + // +optional + hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) +} + +// VolumeMount describes a mounting of a Volume within a container. +#VolumeMount: { + // This must match the Name of a Volume. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Mounted read-only if true, read-write otherwise (false or unspecified). + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) + + // Path within the container at which the volume should be mounted. Must + // not contain ':'. + mountPath: string @go(MountPath) @protobuf(3,bytes,opt) + + // Path within the volume from which the container's volume should be mounted. + // Defaults to "" (volume's root). + // +optional + subPath?: string @go(SubPath) @protobuf(4,bytes,opt) + + // mountPropagation determines how mounts are propagated from the host + // to container and the other way around. + // When not set, MountPropagationNone is used. + // This field is beta in 1.10. + // +optional + mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) + + // Expanded path within the volume from which the container's volume should be mounted. + // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + // Defaults to "" (volume's root). + // SubPathExpr and SubPath are mutually exclusive. + // +optional + subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) +} + +// MountPropagationMode describes mount propagation. +// +enum +#MountPropagationMode: string // #enumMountPropagationMode + +#enumMountPropagationMode: + #MountPropagationNone | + #MountPropagationHostToContainer | + #MountPropagationBidirectional + +// MountPropagationNone means that the volume in a container will +// not receive new mounts from the host or other containers, and filesystems +// mounted inside the container won't be propagated to the host or other +// containers. +// Note that this mode corresponds to "private" in Linux terminology. +#MountPropagationNone: #MountPropagationMode & "None" + +// MountPropagationHostToContainer means that the volume in a container will +// receive new mounts from the host or other containers, but filesystems +// mounted inside the container won't be propagated to the host or other +// containers. +// Note that this mode is recursively applied to all mounts in the volume +// ("rslave" in Linux terminology). +#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" + +// MountPropagationBidirectional means that the volume in a container will +// receive new mounts from the host or other containers, and its own mounts +// will be propagated from the container to the host or other containers. +// Note that this mode is recursively applied to all mounts in the volume +// ("rshared" in Linux terminology). +#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" + +// volumeDevice describes a mapping of a raw block device within a container. +#VolumeDevice: { + // name must match the name of a persistentVolumeClaim in the pod + name: string @go(Name) @protobuf(1,bytes,opt) + + // devicePath is the path inside of the container that the device will be mapped to. + devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) +} + +// EnvVar represents an environment variable present in a Container. +#EnvVar: { + // Name of the environment variable. Must be a C_IDENTIFIER. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Variable references $(VAR_NAME) are expanded + // using the previously defined environment variables in the container and + // any service environment variables. If a variable cannot be resolved, + // the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + // Escaped references will never be expanded, regardless of whether the variable + // exists or not. + // Defaults to "". + // +optional + value?: string @go(Value) @protobuf(2,bytes,opt) + + // Source for the environment variable's value. Cannot be used if value is not empty. + // +optional + valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) +} + +// EnvVarSource represents a source for the value of an EnvVar. +#EnvVarSource: { + // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + // +optional + fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) + + // Selects a resource of the container: only resources limits and requests + // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + // +optional + resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) + + // Selects a key of a ConfigMap. + // +optional + configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) + + // Selects a key of a secret in the pod's namespace + // +optional + secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) +} + +// ObjectFieldSelector selects an APIVersioned field of an object. +// +structType=atomic +#ObjectFieldSelector: { + // Version of the schema the FieldPath is written in terms of, defaults to "v1". + // +optional + apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) + + // Path of the field to select in the specified API version. + fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) +} + +// ResourceFieldSelector represents container resources (cpu, memory) and their output format +// +structType=atomic +#ResourceFieldSelector: { + // Container name: required for volumes, optional for env vars + // +optional + containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) + + // Required: resource to select + "resource": string @go(Resource) @protobuf(2,bytes,opt) + + // Specifies the output format of the exposed resources, defaults to "1" + // +optional + divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) +} + +// Selects a key from a ConfigMap. +// +structType=atomic +#ConfigMapKeySelector: { + #LocalObjectReference + + // The key to select. + key: string @go(Key) @protobuf(2,bytes,opt) + + // Specify whether the ConfigMap or its key must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) +} + +// SecretKeySelector selects a key of a Secret. +// +structType=atomic +#SecretKeySelector: { + #LocalObjectReference + + // The key of the secret to select from. Must be a valid secret key. + key: string @go(Key) @protobuf(2,bytes,opt) + + // Specify whether the Secret or its key must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) +} + +// EnvFromSource represents the source of a set of ConfigMaps +#EnvFromSource: { + // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + // +optional + prefix?: string @go(Prefix) @protobuf(1,bytes,opt) + + // The ConfigMap to select from + // +optional + configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) + + // The Secret to select from + // +optional + secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) +} + +// ConfigMapEnvSource selects a ConfigMap to populate the environment +// variables with. +// +// The contents of the target ConfigMap's Data field will represent the +// key-value pairs as environment variables. +#ConfigMapEnvSource: { + #LocalObjectReference + + // Specify whether the ConfigMap must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) +} + +// SecretEnvSource selects a Secret to populate the environment +// variables with. +// +// The contents of the target Secret's Data field will represent the +// key-value pairs as environment variables. +#SecretEnvSource: { + #LocalObjectReference + + // Specify whether the Secret must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) +} + +// HTTPHeader describes a custom header to be used in HTTP probes +#HTTPHeader: { + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. + name: string @go(Name) @protobuf(1,bytes,opt) + + // The header field value + value: string @go(Value) @protobuf(2,bytes,opt) +} + +// HTTPGetAction describes an action based on HTTP Get requests. +#HTTPGetAction: { + // Path to access on the HTTP server. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) + + // Name or number of the port to access on the container. + // Number must be in the range 1 to 65535. + // Name must be an IANA_SVC_NAME. + port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) + + // Host name to connect to, defaults to the pod IP. You probably want to set + // "Host" in httpHeaders instead. + // +optional + host?: string @go(Host) @protobuf(3,bytes,opt) + + // Scheme to use for connecting to the host. + // Defaults to HTTP. + // +optional + scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) + + // Custom headers to set in the request. HTTP allows repeated headers. + // +optional + httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) +} + +// URIScheme identifies the scheme used for connection to a host for Get actions +// +enum +#URIScheme: string // #enumURIScheme + +#enumURIScheme: + #URISchemeHTTP | + #URISchemeHTTPS + +// URISchemeHTTP means that the scheme used will be http:// +#URISchemeHTTP: #URIScheme & "HTTP" + +// URISchemeHTTPS means that the scheme used will be https:// +#URISchemeHTTPS: #URIScheme & "HTTPS" + +// TCPSocketAction describes an action based on opening a socket +#TCPSocketAction: { + // Number or name of the port to access on the container. + // Number must be in the range 1 to 65535. + // Name must be an IANA_SVC_NAME. + port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) + + // Optional: Host name to connect to, defaults to the pod IP. + // +optional + host?: string @go(Host) @protobuf(2,bytes,opt) +} + +#GRPCAction: { + // Port number of the gRPC service. Number must be in the range 1 to 65535. + port: int32 @go(Port) @protobuf(1,bytes,opt) + + // Service is the name of the service to place in the gRPC HealthCheckRequest + // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + // + // If this is not specified, the default behavior is defined by gRPC. + // +optional + // +default="" + service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) +} + +// ExecAction describes a "run in container" action. +#ExecAction: { + // Command is the command line to execute inside the container, the working directory for the + // command is root ('/') in the container's filesystem. The command is simply exec'd, it is + // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + // a shell, you need to explicitly call out to that shell. + // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + // +optional + command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) +} + +// Probe describes a health check to be performed against a container to determine whether it is +// alive or ready to receive traffic. +#Probe: { + #ProbeHandler + + // Number of seconds after the container has started before liveness probes are initiated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) + + // Number of seconds after which the probe times out. + // Defaults to 1 second. Minimum value is 1. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) + + // How often (in seconds) to perform the probe. + // Default to 10 seconds. Minimum value is 1. + // +optional + periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) + + // Minimum consecutive successes for the probe to be considered successful after having failed. + // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + // +optional + successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) + + // Minimum consecutive failures for the probe to be considered failed after having succeeded. + // Defaults to 3. Minimum value is 1. + // +optional + failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) + + // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + // The grace period is the duration in seconds after the processes running in the pod are sent + // a termination signal and the time when the processes are forcibly halted with a kill signal. + // Set this value longer than the expected cleanup time for your process. + // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + // value overrides the value provided by the pod spec. + // Value must be non-negative integer. The value zero indicates stop immediately via + // the kill signal (no opportunity to shut down). + // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + // +optional + terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) +} + +// PullPolicy describes a policy for if/when to pull a container image +// +enum +#PullPolicy: string // #enumPullPolicy + +#enumPullPolicy: + #PullAlways | + #PullNever | + #PullIfNotPresent + +// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. +#PullAlways: #PullPolicy & "Always" + +// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present +#PullNever: #PullPolicy & "Never" + +// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. +#PullIfNotPresent: #PullPolicy & "IfNotPresent" + +// ResourceResizeRestartPolicy specifies how to handle container resource resize. +#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy + +#enumResourceResizeRestartPolicy: + #NotRequired | + #RestartContainer + +// 'NotRequired' means Kubernetes will try to resize the container +// without restarting it, if possible. Kubernetes may however choose to +// restart the container if it is unable to actuate resize without a +// restart. For e.g. the runtime doesn't support restart-free resizing. +#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" + +// 'RestartContainer' means Kubernetes will resize the container in-place +// by stopping and starting the container when new resources are applied. +// This is needed for legacy applications. For e.g. java apps using the +// -xmxN flag which are unable to use resized memory without restarting. +#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" + +// ContainerResizePolicy represents resource resize policy for the container. +#ContainerResizePolicy: { + // Name of the resource to which this resource resize policy applies. + // Supported values: cpu, memory. + resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) + + // Restart policy to apply when specified resource is resized. + // If not specified, it defaults to NotRequired. + restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) +} + +// PreemptionPolicy describes a policy for if/when to preempt a pod. +// +enum +#PreemptionPolicy: string // #enumPreemptionPolicy + +#enumPreemptionPolicy: + #PreemptLowerPriority | + #PreemptNever + +// PreemptLowerPriority means that pod can preempt other pods with lower priority. +#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" + +// PreemptNever means that pod never preempts other pods with lower priority. +#PreemptNever: #PreemptionPolicy & "Never" + +// TerminationMessagePolicy describes how termination messages are retrieved from a container. +// +enum +#TerminationMessagePolicy: string // #enumTerminationMessagePolicy + +#enumTerminationMessagePolicy: + #TerminationMessageReadFile | + #TerminationMessageFallbackToLogsOnError + +// TerminationMessageReadFile is the default behavior and will set the container status message to +// the contents of the container's terminationMessagePath when the container exits. +#TerminationMessageReadFile: #TerminationMessagePolicy & "File" + +// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs +// for the container status message when the container exits with an error and the +// terminationMessagePath has no contents. +#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" + +// Capability represent POSIX capabilities type +#Capability: string + +// Adds and removes POSIX capabilities from running containers. +#Capabilities: { + // Added capabilities + // +optional + add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) + + // Removed capabilities + // +optional + drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) +} + +// ResourceRequirements describes the compute resource requirements. +#ResourceRequirements: { + // Limits describes the maximum amount of compute resources allowed. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Requests describes the minimum amount of compute resources required. + // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + // otherwise to an implementation-defined value. Requests cannot exceed Limits. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Claims lists the names of resources, defined in spec.resourceClaims, + // that are used by this container. + // + // This is an alpha field and requires enabling the + // DynamicResourceAllocation feature gate. + // + // This field is immutable. It can only be set for containers. + // + // +listType=map + // +listMapKey=name + // +featureGate=DynamicResourceAllocation + // +optional + claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) +} + +// ResourceClaim references one entry in PodSpec.ResourceClaims. +#ResourceClaim: { + // Name must match the name of one entry in pod.spec.resourceClaims of + // the Pod where this field is used. It makes that resource available + // inside a container. + name: string @go(Name) @protobuf(1,bytes,opt) +} + +// TerminationMessagePathDefault means the default path to capture the application termination message running in a container +#TerminationMessagePathDefault: "/dev/termination-log" + +// A single application container that you want to run within a pod. +#Container: { + // Name of the container specified as a DNS_LABEL. + // Each container in a pod must have a unique name (DNS_LABEL). + // Cannot be updated. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Container image name. + // More info: https://kubernetes.io/docs/concepts/containers/images + // This field is optional to allow higher level config management to default or override + // container images in workload controllers like Deployments and StatefulSets. + // +optional + image?: string @go(Image) @protobuf(2,bytes,opt) + + // Entrypoint array. Not executed within a shell. + // The container image's ENTRYPOINT is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) + + // Arguments to the entrypoint. + // The container image's CMD is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) + + // Container's working directory. + // If not specified, the container runtime's default will be used, which + // might be configured in the container image. + // Cannot be updated. + // +optional + workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) + + // List of ports to expose from the container. Not specifying a port here + // DOES NOT prevent that port from being exposed. Any port which is + // listening on the default "0.0.0.0" address inside a container will be + // accessible from the network. + // Modifying this array with strategic merge patch may corrupt the data. + // For more information See https://github.com/kubernetes/kubernetes/issues/108255. + // Cannot be updated. + // +optional + // +patchMergeKey=containerPort + // +patchStrategy=merge + // +listType=map + // +listMapKey=containerPort + // +listMapKey=protocol + ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) + + // List of sources to populate environment variables in the container. + // The keys defined within a source must be a C_IDENTIFIER. All invalid keys + // will be reported as an event when the container is starting. When a key exists in multiple + // sources, the value associated with the last source will take precedence. + // Values defined by an Env with a duplicate key will take precedence. + // Cannot be updated. + // +optional + envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) + + // List of environment variables to set in the container. + // Cannot be updated. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) + + // Compute Resources required by this container. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) + + // Resources resize policy for the container. + // +featureGate=InPlacePodVerticalScaling + // +optional + // +listType=atomic + resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) + + // RestartPolicy defines the restart behavior of individual containers in a pod. + // This field may only be set for init containers, and the only allowed value is "Always". + // For non-init containers or when this field is not specified, + // the restart behavior is defined by the Pod's restart policy and the container type. + // Setting the RestartPolicy as "Always" for the init container will have the following effect: + // this init container will be continually restarted on + // exit until all regular containers have terminated. Once all regular + // containers have completed, all init containers with restartPolicy "Always" + // will be shut down. This lifecycle differs from normal init containers and + // is often referred to as a "sidecar" container. Although this init + // container still starts in the init container sequence, it does not wait + // for the container to complete before proceeding to the next init + // container. Instead, the next init container starts immediately after this + // init container is started, or after any startupProbe has successfully + // completed. + // +featureGate=SidecarContainers + // +optional + restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) + + // Pod volumes to mount into the container's filesystem. + // Cannot be updated. + // +optional + // +patchMergeKey=mountPath + // +patchStrategy=merge + volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) + + // volumeDevices is the list of block devices to be used by the container. + // +patchMergeKey=devicePath + // +patchStrategy=merge + // +optional + volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) + + // Periodic probe of container liveness. + // Container will be restarted if the probe fails. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) + + // Periodic probe of container service readiness. + // Container will be removed from service endpoints if the probe fails. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) + + // StartupProbe indicates that the Pod has successfully initialized. + // If specified, no other probes are executed until this completes successfully. + // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + // when it might take a long time to load data or warm a cache, than during steady-state operation. + // This cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) + + // Actions that the management system should take in response to container lifecycle events. + // Cannot be updated. + // +optional + lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) + + // Optional: Path at which the file to which the container's termination message + // will be written is mounted into the container's filesystem. + // Message written is intended to be brief final status, such as an assertion failure message. + // Will be truncated by the node if greater than 4096 bytes. The total message length across + // all containers will be limited to 12kb. + // Defaults to /dev/termination-log. + // Cannot be updated. + // +optional + terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) + + // Indicate how the termination message should be populated. File will use the contents of + // terminationMessagePath to populate the container status message on both success and failure. + // FallbackToLogsOnError will use the last chunk of container log output if the termination + // message file is empty and the container exited with an error. + // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + // Defaults to File. + // Cannot be updated. + // +optional + terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) + + // Image pull policy. + // One of Always, Never, IfNotPresent. + // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + // +optional + imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) + + // SecurityContext defines the security options the container should be run with. + // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + // +optional + securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) + + // Whether this container should allocate a buffer for stdin in the container runtime. If this + // is not set, reads from stdin in the container will always result in EOF. + // Default is false. + // +optional + stdin?: bool @go(Stdin) @protobuf(16,varint,opt) + + // Whether the container runtime should close the stdin channel after it has been opened by + // a single attach. When stdin is true the stdin stream will remain open across multiple attach + // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + // first client attaches to stdin, and then remains open and accepts data until the client disconnects, + // at which time stdin is closed and remains closed until the container is restarted. If this + // flag is false, a container processes that reads from stdin will never receive an EOF. + // Default is false + // +optional + stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) + + // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + // Default is false. + // +optional + tty?: bool @go(TTY) @protobuf(18,varint,opt) +} + +// ProbeHandler defines a specific action that should be taken in a probe. +// One and only one of the fields must be specified. +#ProbeHandler: { + // Exec specifies the action to take. + // +optional + exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) + + // HTTPGet specifies the http request to perform. + // +optional + httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) + + // TCPSocket specifies an action involving a TCP port. + // +optional + tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) + + // GRPC specifies an action involving a GRPC port. + // +optional + grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) +} + +// LifecycleHandler defines a specific action that should be taken in a lifecycle +// hook. One and only one of the fields, except TCPSocket must be specified. +#LifecycleHandler: { + // Exec specifies the action to take. + // +optional + exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) + + // HTTPGet specifies the http request to perform. + // +optional + httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) + + // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + // for the backward compatibility. There are no validation of this field and + // lifecycle hooks will fail in runtime when tcp handler is specified. + // +optional + tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) +} + +// Lifecycle describes actions that the management system should take in response to container lifecycle +// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks +// until the action is complete, unless the container process fails, in which case the handler is aborted. +#Lifecycle: { + // PostStart is called immediately after a container is created. If the handler fails, + // the container is terminated and restarted according to its restart policy. + // Other management of the container blocks until the hook completes. + // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + // +optional + postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) + + // PreStop is called immediately before a container is terminated due to an + // API request or management event such as liveness/startup probe failure, + // preemption, resource contention, etc. The handler is not called if the + // container crashes or exits. The Pod's termination grace period countdown begins before the + // PreStop hook is executed. Regardless of the outcome of the handler, the + // container will eventually terminate within the Pod's termination grace + // period (unless delayed by finalizers). Other management of the container blocks until the hook completes + // or until the termination grace period is reached. + // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + // +optional + preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) +} + +#ConditionStatus: string // #enumConditionStatus + +#enumConditionStatus: + #ConditionTrue | + #ConditionFalse | + #ConditionUnknown + +#ConditionTrue: #ConditionStatus & "True" +#ConditionFalse: #ConditionStatus & "False" +#ConditionUnknown: #ConditionStatus & "Unknown" + +// ContainerStateWaiting is a waiting state of a container. +#ContainerStateWaiting: { + // (brief) reason the container is not yet running. + // +optional + reason?: string @go(Reason) @protobuf(1,bytes,opt) + + // Message regarding why the container is not yet running. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) +} + +// ContainerStateRunning is a running state of a container. +#ContainerStateRunning: { + // Time at which the container was last (re-)started + // +optional + startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) +} + +// ContainerStateTerminated is a terminated state of a container. +#ContainerStateTerminated: { + // Exit status from the last termination of the container + exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) + + // Signal from the last termination of the container + // +optional + signal?: int32 @go(Signal) @protobuf(2,varint,opt) + + // (brief) reason from the last termination of the container + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // Message regarding the last termination of the container + // +optional + message?: string @go(Message) @protobuf(4,bytes,opt) + + // Time at which previous execution of the container started + // +optional + startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) + + // Time at which the container last terminated + // +optional + finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) + + // Container's ID in the format '://' + // +optional + containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) +} + +// ContainerState holds a possible state of container. +// Only one of its members may be specified. +// If none of them is specified, the default one is ContainerStateWaiting. +#ContainerState: { + // Details about a waiting container + // +optional + waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) + + // Details about a running container + // +optional + running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) + + // Details about a terminated container + // +optional + terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) +} + +// ContainerStatus contains details for the current status of this container. +#ContainerStatus: { + // Name is a DNS_LABEL representing the unique name of the container. + // Each container in a pod must have a unique name across all container types. + // Cannot be updated. + name: string @go(Name) @protobuf(1,bytes,opt) + + // State holds details about the container's current condition. + // +optional + state?: #ContainerState @go(State) @protobuf(2,bytes,opt) + + // LastTerminationState holds the last termination state of the container to + // help debug container crashes and restarts. This field is not + // populated if the container is still running and RestartCount is 0. + // +optional + lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) + + // Ready specifies whether the container is currently passing its readiness check. + // The value will change as readiness probes keep executing. If no readiness + // probes are specified, this field defaults to true once the container is + // fully started (see Started field). + // + // The value is typically used to determine whether a container is ready to + // accept traffic. + ready: bool @go(Ready) @protobuf(4,varint,opt) + + // RestartCount holds the number of times the container has been restarted. + // Kubelet makes an effort to always increment the value, but there + // are cases when the state may be lost due to node restarts and then the value + // may be reset to 0. The value is never negative. + restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) + + // Image is the name of container image that the container is running. + // The container image may not match the image used in the PodSpec, + // as it may have been resolved by the runtime. + // More info: https://kubernetes.io/docs/concepts/containers/images. + image: string @go(Image) @protobuf(6,bytes,opt) + + // ImageID is the image ID of the container's image. The image ID may not + // match the image ID of the image used in the PodSpec, as it may have been + // resolved by the runtime. + imageID: string @go(ImageID) @protobuf(7,bytes,opt) + + // ContainerID is the ID of the container in the format '://'. + // Where type is a container runtime identifier, returned from Version call of CRI API + // (for example "containerd"). + // +optional + containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) + + // Started indicates whether the container has finished its postStart lifecycle hook + // and passed its startup probe. + // Initialized as false, becomes true after startupProbe is considered + // successful. Resets to false when the container is restarted, or if kubelet + // loses state temporarily. In both cases, startup probes will run again. + // Is always true when no startupProbe is defined and container is running and + // has passed the postStart lifecycle hook. The null value must be treated the + // same as false. + // +optional + started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) + + // AllocatedResources represents the compute resources allocated for this container by the + // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission + // and after successfully admitting desired pod resize. + // +featureGate=InPlacePodVerticalScaling + // +optional + allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Resources represents the compute resource requests and limits that have been successfully + // enacted on the running container after it has been started or has been successfully resized. + // +featureGate=InPlacePodVerticalScaling + // +optional + resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) +} + +// PodPhase is a label for the condition of a pod at the current time. +// +enum +#PodPhase: string // #enumPodPhase + +#enumPodPhase: + #PodPending | + #PodRunning | + #PodSucceeded | + #PodFailed | + #PodUnknown + +// PodPending means the pod has been accepted by the system, but one or more of the containers +// has not been started. This includes time before being bound to a node, as well as time spent +// pulling images onto the host. +#PodPending: #PodPhase & "Pending" + +// PodRunning means the pod has been bound to a node and all of the containers have been started. +// At least one container is still running or is in the process of being restarted. +#PodRunning: #PodPhase & "Running" + +// PodSucceeded means that all containers in the pod have voluntarily terminated +// with a container exit code of 0, and the system is not going to restart any of these containers. +#PodSucceeded: #PodPhase & "Succeeded" + +// PodFailed means that all containers in the pod have terminated, and at least one container has +// terminated in a failure (exited with a non-zero exit code or was stopped by the system). +#PodFailed: #PodPhase & "Failed" + +// PodUnknown means that for some reason the state of the pod could not be obtained, typically due +// to an error in communicating with the host of the pod. +// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) +#PodUnknown: #PodPhase & "Unknown" + +// PodConditionType is a valid value for PodCondition.Type +#PodConditionType: string // #enumPodConditionType + +#enumPodConditionType: + #ContainersReady | + #PodInitialized | + #PodReady | + #PodScheduled | + #DisruptionTarget + +// ContainersReady indicates whether all containers in the pod are ready. +#ContainersReady: #PodConditionType & "ContainersReady" + +// PodInitialized means that all init containers in the pod have started successfully. +#PodInitialized: #PodConditionType & "Initialized" + +// PodReady means the pod is able to service requests and should be added to the +// load balancing pools of all matching services. +#PodReady: #PodConditionType & "Ready" + +// PodScheduled represents status of the scheduling process for this pod. +#PodScheduled: #PodConditionType & "PodScheduled" + +// DisruptionTarget indicates the pod is about to be terminated due to a +// disruption (such as preemption, eviction API or garbage-collection). +#DisruptionTarget: #PodConditionType & "DisruptionTarget" + +// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler +// can't schedule the pod right now, for example due to insufficient resources in the cluster. +#PodReasonUnschedulable: "Unschedulable" + +// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler +// skips scheduling the pod because one or more scheduling gates are still present. +#PodReasonSchedulingGated: "SchedulingGated" + +// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens +// during scheduling, for example due to nodeAffinity parsing errors. +#PodReasonSchedulerError: "SchedulerError" + +// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination +// is initiated by kubelet +#PodReasonTerminationByKubelet: "TerminationByKubelet" + +// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the +// disruption was initiated by scheduler's preemption. +#PodReasonPreemptionByScheduler: "PreemptionByScheduler" + +// PodCondition contains details for the current condition of this pod. +#PodCondition: { + // Type is the type of the condition. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) + + // Status is the status of the condition. + // Can be True, False, Unknown. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // Last time we probed the condition. + // +optional + lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) + + // Last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // Unique, one-word, CamelCase reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // Human-readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// PodResizeStatus shows status of desired resize of a pod's containers. +#PodResizeStatus: string // #enumPodResizeStatus + +#enumPodResizeStatus: + #PodResizeStatusProposed | + #PodResizeStatusInProgress | + #PodResizeStatusDeferred | + #PodResizeStatusInfeasible + +// Pod resources resize has been requested and will be evaluated by node. +#PodResizeStatusProposed: #PodResizeStatus & "Proposed" + +// Pod resources resize has been accepted by node and is being actuated. +#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" + +// Node cannot resize the pod at this time and will keep retrying. +#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" + +// Requested pod resize is not feasible and will not be re-evaluated. +#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" + +// RestartPolicy describes how the container should be restarted. +// Only one of the following restart policies may be specified. +// If none of the following policies is specified, the default one +// is RestartPolicyAlways. +// +enum +#RestartPolicy: string // #enumRestartPolicy + +#enumRestartPolicy: + #RestartPolicyAlways | + #RestartPolicyOnFailure | + #RestartPolicyNever + +#RestartPolicyAlways: #RestartPolicy & "Always" +#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" +#RestartPolicyNever: #RestartPolicy & "Never" + +// ContainerRestartPolicy is the restart policy for a single container. +// This may only be set for init containers and only allowed value is "Always". +#ContainerRestartPolicy: string // #enumContainerRestartPolicy + +#enumContainerRestartPolicy: + #ContainerRestartPolicyAlways + +#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" + +// DNSPolicy defines how a pod's DNS will be configured. +// +enum +#DNSPolicy: string // #enumDNSPolicy + +#enumDNSPolicy: + #DNSClusterFirstWithHostNet | + #DNSClusterFirst | + #DNSDefault | + #DNSNone + +// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS +// first, if it is available, then fall back on the default +// (as determined by kubelet) DNS settings. +#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" + +// DNSClusterFirst indicates that the pod should use cluster DNS +// first unless hostNetwork is true, if it is available, then +// fall back on the default (as determined by kubelet) DNS settings. +#DNSClusterFirst: #DNSPolicy & "ClusterFirst" + +// DNSDefault indicates that the pod should use the default (as +// determined by kubelet) DNS settings. +#DNSDefault: #DNSPolicy & "Default" + +// DNSNone indicates that the pod should use empty DNS settings. DNS +// parameters such as nameservers and search paths should be defined via +// DNSConfig. +#DNSNone: #DNSPolicy & "None" + +// DefaultTerminationGracePeriodSeconds indicates the default duration in +// seconds a pod needs to terminate gracefully. +#DefaultTerminationGracePeriodSeconds: 30 + +// A node selector represents the union of the results of one or more label queries +// over a set of nodes; that is, it represents the OR of the selectors represented +// by the node selector terms. +// +structType=atomic +#NodeSelector: { + // Required. A list of node selector terms. The terms are ORed. + nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) +} + +// A null or empty node selector term matches no objects. The requirements of +// them are ANDed. +// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +// +structType=atomic +#NodeSelectorTerm: { + // A list of node selector requirements by node's labels. + // +optional + matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) + + // A list of node selector requirements by node's fields. + // +optional + matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) +} + +// A node selector requirement is a selector that contains values, a key, and an operator +// that relates the key and values. +#NodeSelectorRequirement: { + // The label key that the selector applies to. + key: string @go(Key) @protobuf(1,bytes,opt) + + // Represents a key's relationship to a set of values. + // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) + + // An array of string values. If the operator is In or NotIn, + // the values array must be non-empty. If the operator is Exists or DoesNotExist, + // the values array must be empty. If the operator is Gt or Lt, the values + // array must have a single element, which will be interpreted as an integer. + // This array is replaced during a strategic merge patch. + // +optional + values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) +} + +// A node selector operator is the set of operators that can be used in +// a node selector requirement. +// +enum +#NodeSelectorOperator: string // #enumNodeSelectorOperator + +#enumNodeSelectorOperator: + #NodeSelectorOpIn | + #NodeSelectorOpNotIn | + #NodeSelectorOpExists | + #NodeSelectorOpDoesNotExist | + #NodeSelectorOpGt | + #NodeSelectorOpLt + +#NodeSelectorOpIn: #NodeSelectorOperator & "In" +#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" +#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" +#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" +#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" +#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" + +// A topology selector term represents the result of label queries. +// A null or empty topology selector term matches no objects. +// The requirements of them are ANDed. +// It provides a subset of functionality as NodeSelectorTerm. +// This is an alpha feature and may change in the future. +// +structType=atomic +#TopologySelectorTerm: { + // A list of topology selector requirements by labels. + // +optional + matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) +} + +// A topology selector requirement is a selector that matches given label. +// This is an alpha feature and may change in the future. +#TopologySelectorLabelRequirement: { + // The label key that the selector applies to. + key: string @go(Key) @protobuf(1,bytes,opt) + + // An array of string values. One value must match the label to be selected. + // Each entry in Values is ORed. + values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) +} + +// Affinity is a group of affinity scheduling rules. +#Affinity: { + // Describes node affinity scheduling rules for the pod. + // +optional + nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) + + // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + // +optional + podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) + + // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + // +optional + podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) +} + +// Pod affinity is a group of inter pod affinity scheduling rules. +#PodAffinity: { + // If the affinity requirements specified by this field are not met at + // scheduling time, the pod will not be scheduled onto the node. + // If the affinity requirements specified by this field cease to be met + // at some point during pod execution (e.g. due to a pod label update), the + // system may or may not try to eventually evict the pod from its node. + // When there are multiple elements, the lists of nodes corresponding to each + // podAffinityTerm are intersected, i.e. all terms must be satisfied. + // +optional + requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) + + // The scheduler will prefer to schedule pods to nodes that satisfy + // the affinity expressions specified by this field, but it may choose + // a node that violates one or more of the expressions. The node that is + // most preferred is the one with the greatest sum of weights, i.e. + // for each node that meets all of the scheduling requirements (resource + // request, requiredDuringScheduling affinity expressions, etc.), + // compute a sum by iterating through the elements of this field and adding + // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + // node(s) with the highest sum are the most preferred. + // +optional + preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) +} + +// Pod anti affinity is a group of inter pod anti affinity scheduling rules. +#PodAntiAffinity: { + // If the anti-affinity requirements specified by this field are not met at + // scheduling time, the pod will not be scheduled onto the node. + // If the anti-affinity requirements specified by this field cease to be met + // at some point during pod execution (e.g. due to a pod label update), the + // system may or may not try to eventually evict the pod from its node. + // When there are multiple elements, the lists of nodes corresponding to each + // podAffinityTerm are intersected, i.e. all terms must be satisfied. + // +optional + requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) + + // The scheduler will prefer to schedule pods to nodes that satisfy + // the anti-affinity expressions specified by this field, but it may choose + // a node that violates one or more of the expressions. The node that is + // most preferred is the one with the greatest sum of weights, i.e. + // for each node that meets all of the scheduling requirements (resource + // request, requiredDuringScheduling anti-affinity expressions, etc.), + // compute a sum by iterating through the elements of this field and adding + // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + // node(s) with the highest sum are the most preferred. + // +optional + preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) +} + +// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#WeightedPodAffinityTerm: { + // weight associated with matching the corresponding podAffinityTerm, + // in the range 1-100. + weight: int32 @go(Weight) @protobuf(1,varint,opt) + + // Required. A pod affinity term, associated with the corresponding weight. + podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) +} + +// Defines a set of pods (namely those matching the labelSelector +// relative to the given namespace(s)) that this pod should be +// co-located (affinity) or not co-located (anti-affinity) with, +// where co-located is defined as running on a node whose value of +// the label with key matches that of any node on which +// a pod of the set of pods is running +#PodAffinityTerm: { + // A label query over a set of resources, in this case pods. + // +optional + labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) + + // namespaces specifies a static list of namespace names that the term applies to. + // The term is applied to the union of the namespaces listed in this field + // and the ones selected by namespaceSelector. + // null or empty namespaces list and null namespaceSelector means "this pod's namespace". + // +optional + namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) + + // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + // the labelSelector in the specified namespaces, where co-located is defined as running on a node + // whose value of the label with key topologyKey matches that of any node on which any of the + // selected pods is running. + // Empty topologyKey is not allowed. + topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) + + // A label query over the set of namespaces that the term applies to. + // The term is applied to the union of the namespaces selected by this field + // and the ones listed in the namespaces field. + // null selector and null or empty namespaces list means "this pod's namespace". + // An empty selector ({}) matches all namespaces. + // +optional + namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) +} + +// Node affinity is a group of node affinity scheduling rules. +#NodeAffinity: { + // If the affinity requirements specified by this field are not met at + // scheduling time, the pod will not be scheduled onto the node. + // If the affinity requirements specified by this field cease to be met + // at some point during pod execution (e.g. due to an update), the system + // may or may not try to eventually evict the pod from its node. + // +optional + requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) + + // The scheduler will prefer to schedule pods to nodes that satisfy + // the affinity expressions specified by this field, but it may choose + // a node that violates one or more of the expressions. The node that is + // most preferred is the one with the greatest sum of weights, i.e. + // for each node that meets all of the scheduling requirements (resource + // request, requiredDuringScheduling affinity expressions, etc.), + // compute a sum by iterating through the elements of this field and adding + // "weight" to the sum if the node matches the corresponding matchExpressions; the + // node(s) with the highest sum are the most preferred. + // +optional + preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) +} + +// An empty preferred scheduling term matches all objects with implicit weight 0 +// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#PreferredSchedulingTerm: { + // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + weight: int32 @go(Weight) @protobuf(1,varint,opt) + + // A node selector term, associated with the corresponding weight. + preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) +} + +// The node this Taint is attached to has the "effect" on +// any pod that does not tolerate the Taint. +#Taint: { + // Required. The taint key to be applied to a node. + key: string @go(Key) @protobuf(1,bytes,opt) + + // The taint value corresponding to the taint key. + // +optional + value?: string @go(Value) @protobuf(2,bytes,opt) + + // Required. The effect of the taint on pods + // that do not tolerate the taint. + // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) + + // TimeAdded represents the time at which the taint was added. + // It is only written for NoExecute taints. + // +optional + timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) +} + +// +enum +#TaintEffect: string // #enumTaintEffect + +#enumTaintEffect: + #TaintEffectNoSchedule | + #TaintEffectPreferNoSchedule | + #TaintEffectNoExecute + +// Do not allow new pods to schedule onto the node unless they tolerate the taint, +// but allow all pods submitted to Kubelet without going through the scheduler +// to start, and allow all already-running pods to continue running. +// Enforced by the scheduler. +#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" + +// Like TaintEffectNoSchedule, but the scheduler tries not to schedule +// new pods onto the node, rather than prohibiting new pods from scheduling +// onto the node entirely. Enforced by the scheduler. +#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" + +// Evict any already-running pods that do not tolerate the taint. +// Currently enforced by NodeController. +#TaintEffectNoExecute: #TaintEffect & "NoExecute" + +// The pod this Toleration is attached to tolerates any taint that matches +// the triple using the matching operator . +#Toleration: { + // Key is the taint key that the toleration applies to. Empty means match all taint keys. + // If the key is empty, operator must be Exists; this combination means to match all values and all keys. + // +optional + key?: string @go(Key) @protobuf(1,bytes,opt) + + // Operator represents a key's relationship to the value. + // Valid operators are Exists and Equal. Defaults to Equal. + // Exists is equivalent to wildcard for value, so that a pod can + // tolerate all taints of a particular category. + // +optional + operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) + + // Value is the taint value the toleration matches to. + // If the operator is Exists, the value should be empty, otherwise just a regular string. + // +optional + value?: string @go(Value) @protobuf(3,bytes,opt) + + // Effect indicates the taint effect to match. Empty means match all taint effects. + // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + // +optional + effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) + + // TolerationSeconds represents the period of time the toleration (which must be + // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + // it is not set, which means tolerate the taint forever (do not evict). Zero and + // negative values will be treated as 0 (evict immediately) by the system. + // +optional + tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) +} + +// A toleration operator is the set of operators that can be used in a toleration. +// +enum +#TolerationOperator: string // #enumTolerationOperator + +#enumTolerationOperator: + #TolerationOpExists | + #TolerationOpEqual + +#TolerationOpExists: #TolerationOperator & "Exists" +#TolerationOpEqual: #TolerationOperator & "Equal" + +// PodReadinessGate contains the reference to a pod condition +#PodReadinessGate: { + // ConditionType refers to a condition in the pod's condition list with matching type. + conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) +} + +// PodSpec is a description of a pod. +#PodSpec: { + // List of volumes that can be mounted by containers belonging to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes + // +optional + // +patchMergeKey=name + // +patchStrategy=merge,retainKeys + volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) + + // List of initialization containers belonging to the pod. + // Init containers are executed in order prior to containers being started. If any + // init container fails, the pod is considered to have failed and is handled according + // to its restartPolicy. The name for an init container or normal container must be + // unique among all containers. + // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + // The resourceRequirements of an init container are taken into account during scheduling + // by finding the highest request/limit for each resource type, and then using the max of + // of that value or the sum of the normal containers. Limits are applied to init containers + // in a similar fashion. + // Init containers cannot currently be added or removed. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + // +patchMergeKey=name + // +patchStrategy=merge + initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) + + // List of containers belonging to the pod. + // Containers cannot currently be added or removed. + // There must be at least one container in a Pod. + // Cannot be updated. + // +patchMergeKey=name + // +patchStrategy=merge + containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) + + // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + // pod to perform user-initiated actions such as debugging. This list cannot be specified when + // creating a pod, and it cannot be modified by updating the pod spec. In order to add an + // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) + + // Restart policy for all containers within the pod. + // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + // Default to Always. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + // +optional + restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) + + // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + // Value must be non-negative integer. The value zero indicates stop immediately via + // the kill signal (no opportunity to shut down). + // If this value is nil, the default grace period will be used instead. + // The grace period is the duration in seconds after the processes running in the pod are sent + // a termination signal and the time when the processes are forcibly halted with a kill signal. + // Set this value longer than the expected cleanup time for your process. + // Defaults to 30 seconds. + // +optional + terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) + + // Optional duration in seconds the pod may be active on the node relative to + // StartTime before the system will actively try to mark it failed and kill associated containers. + // Value must be a positive integer. + // +optional + activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) + + // Set DNS policy for the pod. + // Defaults to "ClusterFirst". + // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + // To have DNS options set along with hostNetwork, you have to specify DNS policy + // explicitly to 'ClusterFirstWithHostNet'. + // +optional + dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) + + // NodeSelector is a selector which must be true for the pod to fit on a node. + // Selector which must match a node's labels for the pod to be scheduled on that node. + // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + // +optional + // +mapType=atomic + nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) + + // ServiceAccountName is the name of the ServiceAccount to use to run this pod. + // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + // +optional + serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) + + // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + // Deprecated: Use serviceAccountName instead. + // +k8s:conversion-gen=false + // +optional + serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) + + // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + // +optional + automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) + + // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + // the scheduler simply schedules this pod onto that node, assuming that it fits resource + // requirements. + // +optional + nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) + + // Host networking requested for this pod. Use the host's network namespace. + // If this option is set, the ports that will be used must be specified. + // Default to false. + // +k8s:conversion-gen=false + // +optional + hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) + + // Use the host's pid namespace. + // Optional: Default to false. + // +k8s:conversion-gen=false + // +optional + hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) + + // Use the host's ipc namespace. + // Optional: Default to false. + // +k8s:conversion-gen=false + // +optional + hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) + + // Share a single process namespace between all of the containers in a pod. + // When this is set containers will be able to view and signal processes from other containers + // in the same pod, and the first process in each container will not be assigned PID 1. + // HostPID and ShareProcessNamespace cannot both be set. + // Optional: Default to false. + // +k8s:conversion-gen=false + // +optional + shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) + + // SecurityContext holds pod-level security attributes and common container settings. + // Optional: Defaults to empty. See type description for default values of each field. + // +optional + securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) + + // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + // If specified, these secrets will be passed to individual puller implementations for them to use. + // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) + + // Specifies the hostname of the Pod + // If not specified, the pod's hostname will be set to a system-defined value. + // +optional + hostname?: string @go(Hostname) @protobuf(16,bytes,opt) + + // If specified, the fully qualified Pod hostname will be "...svc.". + // If not specified, the pod will not have a domainname at all. + // +optional + subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) + + // If specified, the pod's scheduling constraints + // +optional + affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) + + // If specified, the pod will be dispatched by specified scheduler. + // If not specified, the pod will be dispatched by default scheduler. + // +optional + schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) + + // If specified, the pod's tolerations. + // +optional + tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) + + // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + // file if specified. This is only valid for non-hostNetwork pods. + // +optional + // +patchMergeKey=ip + // +patchStrategy=merge + hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) + + // If specified, indicates the pod's priority. "system-node-critical" and + // "system-cluster-critical" are two special keywords which indicate the + // highest priorities with the former being the highest priority. Any other + // name must be defined by creating a PriorityClass object with that name. + // If not specified, the pod priority will be default or zero if there is no + // default. + // +optional + priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) + + // The priority value. Various system components use this field to find the + // priority of the pod. When Priority Admission Controller is enabled, it + // prevents users from setting this field. The admission controller populates + // this field from PriorityClassName. + // The higher the value, the higher the priority. + // +optional + priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) + + // Specifies the DNS parameters of a pod. + // Parameters specified here will be merged to the generated DNS + // configuration based on DNSPolicy. + // +optional + dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) + + // If specified, all readiness gates will be evaluated for pod readiness. + // A pod is ready when all its containers are ready AND + // all conditions specified in the readiness gates have status equal to "True" + // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + // +optional + readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) + + // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + // empty definition that uses the default runtime handler. + // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + // +optional + runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) + + // EnableServiceLinks indicates whether information about services should be injected into pod's + // environment variables, matching the syntax of Docker links. + // Optional: Defaults to true. + // +optional + enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) + + // PreemptionPolicy is the Policy for preempting pods with lower priority. + // One of Never, PreemptLowerPriority. + // Defaults to PreemptLowerPriority if unset. + // +optional + preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) + + // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + // This field will be autopopulated at admission time by the RuntimeClass admission controller. If + // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + // The RuntimeClass admission controller will reject Pod create requests which have the overhead already + // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + // +optional + overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) + + // TopologySpreadConstraints describes how a group of pods ought to spread across topology + // domains. Scheduler will schedule pods in a way which abides by the constraints. + // All topologySpreadConstraints are ANDed. + // +optional + // +patchMergeKey=topologyKey + // +patchStrategy=merge + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) + + // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + // If a pod does not have FQDN, this has no effect. + // Default to false. + // +optional + setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) + + // Specifies the OS of the containers in the pod. + // Some pod and container fields are restricted if this is set. + // + // If the OS field is set to linux, the following fields must be unset: + // -securityContext.windowsOptions + // + // If the OS field is set to windows, following fields must be unset: + // - spec.hostPID + // - spec.hostIPC + // - spec.hostUsers + // - spec.securityContext.seLinuxOptions + // - spec.securityContext.seccompProfile + // - spec.securityContext.fsGroup + // - spec.securityContext.fsGroupChangePolicy + // - spec.securityContext.sysctls + // - spec.shareProcessNamespace + // - spec.securityContext.runAsUser + // - spec.securityContext.runAsGroup + // - spec.securityContext.supplementalGroups + // - spec.containers[*].securityContext.seLinuxOptions + // - spec.containers[*].securityContext.seccompProfile + // - spec.containers[*].securityContext.capabilities + // - spec.containers[*].securityContext.readOnlyRootFilesystem + // - spec.containers[*].securityContext.privileged + // - spec.containers[*].securityContext.allowPrivilegeEscalation + // - spec.containers[*].securityContext.procMount + // - spec.containers[*].securityContext.runAsUser + // - spec.containers[*].securityContext.runAsGroup + // +optional + os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) + + // Use the host's user namespace. + // Optional: Default to true. + // If set to true or not present, the pod will be run in the host user namespace, useful + // for when the pod needs a feature only available to the host user namespace, such as + // loading a kernel module with CAP_SYS_MODULE. + // When set to false, a new userns is created for the pod. Setting false is useful for + // mitigating container breakout vulnerabilities even allowing users to run their + // containers as root without actually having root privileges on the host. + // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + // +k8s:conversion-gen=false + // +optional + hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) + + // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + // scheduler will not attempt to schedule the pod. + // + // SchedulingGates can only be set at pod creation time, and be removed only afterwards. + // + // This is a beta feature enabled by the PodSchedulingReadiness feature gate. + // + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name + // +featureGate=PodSchedulingReadiness + // +optional + schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) + + // ResourceClaims defines which ResourceClaims must be allocated + // and reserved before the Pod is allowed to start. The resources + // will be made available to those containers which consume them + // by name. + // + // This is an alpha field and requires enabling the + // DynamicResourceAllocation feature gate. + // + // This field is immutable. + // + // +patchMergeKey=name + // +patchStrategy=merge,retainKeys + // +listType=map + // +listMapKey=name + // +featureGate=DynamicResourceAllocation + // +optional + resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) +} + +// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. +// Containers that need access to the ResourceClaim reference it with this name. +#PodResourceClaim: { + // Name uniquely identifies this resource claim inside the pod. + // This must be a DNS_LABEL. + name: string @go(Name) @protobuf(1,bytes) + + // Source describes where to find the ResourceClaim. + source?: #ClaimSource @go(Source) @protobuf(2,bytes) +} + +// ClaimSource describes a reference to a ResourceClaim. +// +// Exactly one of these fields should be set. Consumers of this type must +// treat an empty object as if it has an unknown value. +#ClaimSource: { + // ResourceClaimName is the name of a ResourceClaim object in the same + // namespace as this pod. + resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) + + // ResourceClaimTemplateName is the name of a ResourceClaimTemplate + // object in the same namespace as this pod. + // + // The template will be used to create a new ResourceClaim, which will + // be bound to this pod. When this pod is deleted, the ResourceClaim + // will also be deleted. The pod name and resource name, along with a + // generated component, will be used to form a unique name for the + // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + // + // This field is immutable and no changes will be made to the + // corresponding ResourceClaim by the control plane after creating the + // ResourceClaim. + resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) +} + +// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim +// which references a ResourceClaimTemplate. It stores the generated name for +// the corresponding ResourceClaim. +#PodResourceClaimStatus: { + // Name uniquely identifies this resource claim inside the pod. + // This must match the name of an entry in pod.spec.resourceClaims, + // which implies that the string must be a DNS_LABEL. + name: string @go(Name) @protobuf(1,bytes) + + // ResourceClaimName is the name of the ResourceClaim that was + // generated for the Pod in the namespace of the Pod. It this is + // unset, then generating a ResourceClaim was not necessary. The + // pod.spec.resourceClaims entry can be ignored in this case. + // + // +optional + resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) +} + +// OSName is the set of OS'es that can be used in OS. +#OSName: string // #enumOSName + +#enumOSName: + #Linux | + #Windows + +#Linux: #OSName & "linux" +#Windows: #OSName & "windows" + +// PodOS defines the OS parameters of a pod. +#PodOS: { + // Name is the name of the operating system. The currently supported values are linux and windows. + // Additional value may be defined in future and can be one of: + // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + // Clients should expect to handle additional values and treat unrecognized values in this field as os: null + name: #OSName @go(Name) @protobuf(1,bytes,opt) +} + +// PodSchedulingGate is associated to a Pod to guard its scheduling. +#PodSchedulingGate: { + // Name of the scheduling gate. + // Each scheduling gate must have a unique name field. + name: string @go(Name) @protobuf(1,bytes,opt) +} + +// +enum +#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction + +#enumUnsatisfiableConstraintAction: + #DoNotSchedule | + #ScheduleAnyway + +// DoNotSchedule instructs the scheduler not to schedule the pod +// when constraints are not satisfied. +#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" + +// ScheduleAnyway instructs the scheduler to schedule the pod +// even if constraints are not satisfied. +#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" + +// NodeInclusionPolicy defines the type of node inclusion policy +// +enum +#NodeInclusionPolicy: string // #enumNodeInclusionPolicy + +#enumNodeInclusionPolicy: + #NodeInclusionPolicyIgnore | + #NodeInclusionPolicyHonor + +// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. +#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" + +// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. +#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" + +// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#TopologySpreadConstraint: { + // MaxSkew describes the degree to which pods may be unevenly distributed. + // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + // between the number of matching pods in the target topology and the global minimum. + // The global minimum is the minimum number of matching pods in an eligible domain + // or zero if the number of eligible domains is less than MinDomains. + // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + // labelSelector spread as 2/2/1: + // In this case, the global minimum is 1. + // +-------+-------+-------+ + // | zone1 | zone2 | zone3 | + // +-------+-------+-------+ + // | P P | P P | P | + // +-------+-------+-------+ + // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + // violate MaxSkew(1). + // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + // to topologies that satisfy it. + // It's a required field. Default value is 1 and 0 is not allowed. + maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) + + // TopologyKey is the key of node labels. Nodes that have a label with this key + // and identical values are considered to be in the same topology. + // We consider each as a "bucket", and try to put balanced number + // of pods into each bucket. + // We define a domain as a particular instance of a topology. + // Also, we define an eligible domain as a domain whose nodes meet the requirements of + // nodeAffinityPolicy and nodeTaintsPolicy. + // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + // It's a required field. + topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) + + // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + // the spread constraint. + // - DoNotSchedule (default) tells the scheduler not to schedule it. + // - ScheduleAnyway tells the scheduler to schedule the pod in any location, + // but giving higher precedence to topologies that would help reduce the + // skew. + // A constraint is considered "Unsatisfiable" for an incoming pod + // if and only if every possible node assignment for that pod would violate + // "MaxSkew" on some topology. + // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + // labelSelector spread as 3/1/1: + // +-------+-------+-------+ + // | zone1 | zone2 | zone3 | + // +-------+-------+-------+ + // | P P P | P | P | + // +-------+-------+-------+ + // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + // won't make it *more* imbalanced. + // It's a required field. + whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) + + // LabelSelector is used to find matching pods. + // Pods that match this label selector are counted to determine the number of pods + // in their corresponding topology domain. + // +optional + labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) + + // MinDomains indicates a minimum number of eligible domains. + // When the number of eligible domains with matching topology keys is less than minDomains, + // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + // And when the number of eligible domains with matching topology keys equals or greater than minDomains, + // this value has no effect on scheduling. + // As a result, when the number of eligible domains is less than minDomains, + // scheduler won't schedule more than maxSkew Pods to those domains. + // If value is nil, the constraint behaves as if MinDomains is equal to 1. + // Valid values are integers greater than 0. + // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + // + // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + // labelSelector spread as 2/2/2: + // +-------+-------+-------+ + // | zone1 | zone2 | zone3 | + // +-------+-------+-------+ + // | P P | P P | P P | + // +-------+-------+-------+ + // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + // In this situation, new pod with the same labelSelector cannot be scheduled, + // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + // it will violate MaxSkew. + // + // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + // +optional + minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) + + // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + // when calculating pod topology spread skew. Options are: + // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + // + // If this value is nil, the behavior is equivalent to the Honor policy. + // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + // +optional + nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) + + // NodeTaintsPolicy indicates how we will treat node taints when calculating + // pod topology spread skew. Options are: + // - Honor: nodes without taints, along with tainted nodes for which the incoming pod + // has a toleration, are included. + // - Ignore: node taints are ignored. All nodes are included. + // + // If this value is nil, the behavior is equivalent to the Ignore policy. + // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + // +optional + nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) + + // MatchLabelKeys is a set of pod label keys to select the pods over which + // spreading will be calculated. The keys are used to lookup values from the + // incoming pod labels, those key-value labels are ANDed with labelSelector + // to select the group of existing pods over which spreading will be calculated + // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + // MatchLabelKeys cannot be set when LabelSelector isn't set. + // Keys that don't exist in the incoming pod labels will + // be ignored. A null or empty list means only match against labelSelector. + // + // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + // +listType=atomic + // +optional + matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) +} + +// The default value for enableServiceLinks attribute. +#DefaultEnableServiceLinks: true + +// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +// pod's hosts file. +#HostAlias: { + // IP address of the host file entry. + ip?: string @go(IP) @protobuf(1,bytes,opt) + + // Hostnames for the above IP address. + hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) +} + +// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume +// when volume is mounted. +// +enum +#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy + +#enumPodFSGroupChangePolicy: + #FSGroupChangeOnRootMismatch | + #FSGroupChangeAlways + +// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed +// only when permission and ownership of root directory does not match with expected +// permissions on the volume. This can help shorten the time it takes to change +// ownership and permissions of a volume. +#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" + +// FSGroupChangeAlways indicates that volume's ownership and permissions +// should always be changed whenever volume is mounted inside a Pod. This the default +// behavior. +#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" + +// PodSecurityContext holds pod-level security attributes and common container settings. +// Some fields are also present in container.securityContext. Field values of +// container.securityContext take precedence over field values of PodSecurityContext. +#PodSecurityContext: { + // The SELinux context to be applied to all containers. + // If unspecified, the container runtime will allocate a random SELinux context for each + // container. May also be set in SecurityContext. If set in + // both SecurityContext and PodSecurityContext, the value specified in SecurityContext + // takes precedence for that container. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) + + // The Windows specific settings applied to all containers. + // If unspecified, the options within a container's SecurityContext will be used. + // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is linux. + // +optional + windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) + + // The UID to run the entrypoint of the container process. + // Defaults to user specified in image metadata if unspecified. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence + // for that container. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) + + // The GID to run the entrypoint of the container process. + // Uses runtime default if unset. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence + // for that container. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) + + // Indicates that the container must run as a non-root user. + // If true, the Kubelet will validate the image at runtime to ensure that it + // does not run as UID 0 (root) and fail to start the container if it does. + // If unset or false, no such validation will be performed. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // +optional + runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) + + // A list of groups applied to the first process run in each container, in addition + // to the container's primary GID, the fsGroup (if specified), and group memberships + // defined in the container image for the uid of the container process. If unspecified, + // no additional groups are added to any container. Note that group memberships + // defined in the container image for the uid of the container process are still effective, + // even if they are not included in this list. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) + + // A special supplemental group that applies to all containers in a pod. + // Some volume types allow the Kubelet to change the ownership of that volume + // to be owned by the pod: + // + // 1. The owning GID will be the FSGroup + // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + // 3. The permission bits are OR'd with rw-rw---- + // + // If unset, the Kubelet will not modify the ownership and permissions of any volume. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) + + // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + // sysctls (by the container runtime) might fail to launch. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) + + // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + // before being exposed inside Pod. This field will only apply to + // volume types which support fsGroup based ownership(and permissions). + // It will have no effect on ephemeral volume types such as: secret, configmaps + // and emptydir. + // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) + + // The seccomp options to use by the containers in this pod. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) +} + +// SeccompProfile defines a pod/container's seccomp profile settings. +// Only one profile source may be set. +// +union +#SeccompProfile: { + // type indicates which kind of seccomp profile will be applied. + // Valid options are: + // + // Localhost - a profile defined in a file on the node should be used. + // RuntimeDefault - the container runtime default profile should be used. + // Unconfined - no profile should be applied. + // +unionDiscriminator + type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) + + // localhostProfile indicates a profile defined in a file on the node should be used. + // The profile must be preconfigured on the node to work. + // Must be a descending path, relative to the kubelet's configured seccomp profile location. + // Must be set if type is "Localhost". Must NOT be set for any other type. + // +optional + localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) +} + +// SeccompProfileType defines the supported seccomp profile types. +// +enum +#SeccompProfileType: string // #enumSeccompProfileType + +#enumSeccompProfileType: + #SeccompProfileTypeUnconfined | + #SeccompProfileTypeRuntimeDefault | + #SeccompProfileTypeLocalhost + +// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). +#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" + +// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. +#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" + +// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. +// The file's location relative to /seccomp. +#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" + +// PodQOSClass defines the supported qos classes of Pods. +// +enum +#PodQOSClass: string // #enumPodQOSClass + +#enumPodQOSClass: + #PodQOSGuaranteed | + #PodQOSBurstable | + #PodQOSBestEffort + +// PodQOSGuaranteed is the Guaranteed qos class. +#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" + +// PodQOSBurstable is the Burstable qos class. +#PodQOSBurstable: #PodQOSClass & "Burstable" + +// PodQOSBestEffort is the BestEffort qos class. +#PodQOSBestEffort: #PodQOSClass & "BestEffort" + +// PodDNSConfig defines the DNS parameters of a pod in addition to +// those generated from DNSPolicy. +#PodDNSConfig: { + // A list of DNS name server IP addresses. + // This will be appended to the base nameservers generated from DNSPolicy. + // Duplicated nameservers will be removed. + // +optional + nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) + + // A list of DNS search domains for host-name lookup. + // This will be appended to the base search paths generated from DNSPolicy. + // Duplicated search paths will be removed. + // +optional + searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) + + // A list of DNS resolver options. + // This will be merged with the base options generated from DNSPolicy. + // Duplicated entries will be removed. Resolution options given in Options + // will override those that appear in the base DNSPolicy. + // +optional + options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) +} + +// PodDNSConfigOption defines DNS resolver options of a pod. +#PodDNSConfigOption: { + // Required. + name?: string @go(Name) @protobuf(1,bytes,opt) + + // +optional + value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) +} + +// PodIP represents a single IP address allocated to the pod. +#PodIP: { + // IP is the IP address assigned to the pod + ip?: string @go(IP) @protobuf(1,bytes,opt) +} + +// HostIP represents a single IP address allocated to the host. +#HostIP: { + // IP is the IP address assigned to the host + ip?: string @go(IP) @protobuf(1,bytes,opt) +} + +// EphemeralContainerCommon is a copy of all fields in Container to be inlined in +// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer +// to Container and allows separate documentation for the fields of EphemeralContainer. +// When a new field is added to Container it must be added here as well. +#EphemeralContainerCommon: { + // Name of the ephemeral container specified as a DNS_LABEL. + // This name must be unique among all containers, init containers and ephemeral containers. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Container image name. + // More info: https://kubernetes.io/docs/concepts/containers/images + image?: string @go(Image) @protobuf(2,bytes,opt) + + // Entrypoint array. Not executed within a shell. + // The image's ENTRYPOINT is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) + + // Arguments to the entrypoint. + // The image's CMD is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) + + // Container's working directory. + // If not specified, the container runtime's default will be used, which + // might be configured in the container image. + // Cannot be updated. + // +optional + workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) + + // Ports are not allowed for ephemeral containers. + // +optional + // +patchMergeKey=containerPort + // +patchStrategy=merge + // +listType=map + // +listMapKey=containerPort + // +listMapKey=protocol + ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) + + // List of sources to populate environment variables in the container. + // The keys defined within a source must be a C_IDENTIFIER. All invalid keys + // will be reported as an event when the container is starting. When a key exists in multiple + // sources, the value associated with the last source will take precedence. + // Values defined by an Env with a duplicate key will take precedence. + // Cannot be updated. + // +optional + envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) + + // List of environment variables to set in the container. + // Cannot be updated. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) + + // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + // already allocated to the pod. + // +optional + resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) + + // Resources resize policy for the container. + // +featureGate=InPlacePodVerticalScaling + // +optional + // +listType=atomic + resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) + + // Restart policy for the container to manage the restart behavior of each + // container within a pod. + // This may only be set for init containers. You cannot set this field on + // ephemeral containers. + // +featureGate=SidecarContainers + // +optional + restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) + + // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + // Cannot be updated. + // +optional + // +patchMergeKey=mountPath + // +patchStrategy=merge + volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) + + // volumeDevices is the list of block devices to be used by the container. + // +patchMergeKey=devicePath + // +patchStrategy=merge + // +optional + volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) + + // Probes are not allowed for ephemeral containers. + // +optional + livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) + + // Probes are not allowed for ephemeral containers. + // +optional + readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) + + // Probes are not allowed for ephemeral containers. + // +optional + startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) + + // Lifecycle is not allowed for ephemeral containers. + // +optional + lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) + + // Optional: Path at which the file to which the container's termination message + // will be written is mounted into the container's filesystem. + // Message written is intended to be brief final status, such as an assertion failure message. + // Will be truncated by the node if greater than 4096 bytes. The total message length across + // all containers will be limited to 12kb. + // Defaults to /dev/termination-log. + // Cannot be updated. + // +optional + terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) + + // Indicate how the termination message should be populated. File will use the contents of + // terminationMessagePath to populate the container status message on both success and failure. + // FallbackToLogsOnError will use the last chunk of container log output if the termination + // message file is empty and the container exited with an error. + // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + // Defaults to File. + // Cannot be updated. + // +optional + terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) + + // Image pull policy. + // One of Always, Never, IfNotPresent. + // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + // +optional + imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) + + // Optional: SecurityContext defines the security options the ephemeral container should be run with. + // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + // +optional + securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) + + // Whether this container should allocate a buffer for stdin in the container runtime. If this + // is not set, reads from stdin in the container will always result in EOF. + // Default is false. + // +optional + stdin?: bool @go(Stdin) @protobuf(16,varint,opt) + + // Whether the container runtime should close the stdin channel after it has been opened by + // a single attach. When stdin is true the stdin stream will remain open across multiple attach + // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + // first client attaches to stdin, and then remains open and accepts data until the client disconnects, + // at which time stdin is closed and remains closed until the container is restarted. If this + // flag is false, a container processes that reads from stdin will never receive an EOF. + // Default is false + // +optional + stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) + + // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + // Default is false. + // +optional + tty?: bool @go(TTY) @protobuf(18,varint,opt) +} + +// An EphemeralContainer is a temporary container that you may add to an existing Pod for +// user-initiated activities such as debugging. Ephemeral containers have no resource or +// scheduling guarantees, and they will not be restarted when they exit or when a Pod is +// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the +// Pod to exceed its resource allocation. +// +// To add an ephemeral container, use the ephemeralcontainers subresource of an existing +// Pod. Ephemeral containers may not be removed or restarted. +#EphemeralContainer: { + #EphemeralContainerCommon + + // If set, the name of the container from PodSpec that this ephemeral container targets. + // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + // If not set then the ephemeral container uses the namespaces configured in the Pod spec. + // + // The container runtime must implement support for this feature. If the runtime does not + // support namespace targeting then the result of setting this field is undefined. + // +optional + targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) +} + +// PodStatus represents information about the status of a pod. Status may trail the actual +// state of a system, especially if the node that hosts the pod cannot contact the control +// plane. +#PodStatus: { + // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. + // The conditions array, the reason and message fields, and the individual container status + // arrays contain more detail about the pod's status. + // There are five possible phase values: + // + // Pending: The pod has been accepted by the Kubernetes system, but one or more of the + // container images has not been created. This includes time before being scheduled as + // well as time spent downloading images over the network, which could take a while. + // Running: The pod has been bound to a node, and all of the containers have been created. + // At least one container is still running, or is in the process of starting or restarting. + // Succeeded: All containers in the pod have terminated in success, and will not be restarted. + // Failed: All containers in the pod have terminated, and at least one container has + // terminated in failure. The container either exited with non-zero status or was terminated + // by the system. + // Unknown: For some reason the state of the pod could not be obtained, typically due to an + // error in communicating with the host of the pod. + // + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase + // +optional + phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) + + // Current service state of pod. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) + + // A human readable message indicating details about why the pod is in this condition. + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // A brief CamelCase message indicating details about why the pod is in this state. + // e.g. 'Evicted' + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be + // scheduled right away as preemption victims receive their graceful termination periods. + // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide + // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to + // give the resources on this node to a higher priority pod that is created after preemption. + // As a result, this field may be different than PodSpec.nodeName when the pod is + // scheduled. + // +optional + nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) + + // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. + // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will + // not be updated even if there is a node is assigned to pod + // +optional + hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) + + // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must + // match the hostIP field. This list is empty if the pod has not started yet. + // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will + // not be updated even if there is a node is assigned to this pod. + // +optional + // +patchStrategy=merge + // +patchMergeKey=ip + // +listType=atomic + hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) + + // podIP address allocated to the pod. Routable at least within the cluster. + // Empty if not yet allocated. + // +optional + podIP?: string @go(PodIP) @protobuf(6,bytes,opt) + + // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must + // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list + // is empty if no IPs have been allocated yet. + // +optional + // +patchStrategy=merge + // +patchMergeKey=ip + podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) + + // RFC 3339 date and time at which the object was acknowledged by the Kubelet. + // This is before the Kubelet pulled the container image(s) for the pod. + // +optional + startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) + + // The list has one entry per init container in the manifest. The most recent successful + // init container will have ready = true, the most recently started container will have + // startTime set. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status + initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) + + // The list has one entry per container in the manifest. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status + // +optional + containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) + + // The Quality of Service (QOS) classification assigned to the pod based on resource requirements + // See PodQOSClass type for available QOS classes + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes + // +optional + qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) + + // Status for any ephemeral containers that have run in this pod. + // +optional + ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) + + // Status of resources resize desired for pod's containers. + // It is empty if no resources resize is pending. + // Any changes to container resources will automatically set this to "Proposed" + // +featureGate=InPlacePodVerticalScaling + // +optional + resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) + + // Status of resource claims. + // +patchMergeKey=name + // +patchStrategy=merge,retainKeys + // +listType=map + // +listMapKey=name + // +featureGate=DynamicResourceAllocation + // +optional + resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) +} + +// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded +#PodStatusResult: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Most recently observed status of the pod. + // This data may not be up to date. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) +} + +// Pod is a collection of containers that can run on a host. This resource is created +// by clients and scheduled onto hosts. +#Pod: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the pod. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the pod. + // This data may not be up to date. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PodList is a list of Pods. +#PodList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of pods. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) +} + +// PodTemplateSpec describes the data a pod should have when created from a template +#PodTemplateSpec: { + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the pod. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// PodTemplate describes a template for creating copies of a predefined pod. +#PodTemplate: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Template defines the pods that will be created from this pod template. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) +} + +// PodTemplateList is a list of PodTemplates. +#PodTemplateList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of pod templates + items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) +} + +// ReplicationControllerSpec is the specification of a replication controller. +#ReplicationControllerSpec: { + // Replicas is the number of desired replicas. + // This is a pointer to distinguish between explicit zero and unspecified. + // Defaults to 1. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing, for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) + + // Selector is a label query over pods that should match the Replicas count. + // If Selector is empty, it is defaulted to the labels present on the Pod template. + // Label keys and values that must match in order to be controlled by this replication + // controller, if empty defaulted to labels on Pod template. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + // +optional + // +mapType=atomic + selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) + + // Template is the object that describes the pod that will be created if + // insufficient replicas are detected. This takes precedence over a TemplateRef. + // The only allowed template.spec.restartPolicy value is "Always". + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template + // +optional + template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) +} + +// ReplicationControllerStatus represents the current status of a replication +// controller. +#ReplicationControllerStatus: { + // Replicas is the most recently observed number of replicas. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller + replicas: int32 @go(Replicas) @protobuf(1,varint,opt) + + // The number of pods that have labels matching the labels of the pod template of the replication controller. + // +optional + fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) + + // The number of ready replicas for this replication controller. + // +optional + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) + + // The number of available replicas (ready for at least minReadySeconds) for this replication controller. + // +optional + availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) + + // ObservedGeneration reflects the generation of the most recently observed replication controller. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) + + // Represents the latest available observations of a replication controller's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) +} + +#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType + +#enumReplicationControllerConditionType: + #ReplicationControllerReplicaFailure + +// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods +// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, +// etc. or deleted due to kubelet being down or finalizers are failing. +#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" + +// ReplicationControllerCondition describes the state of a replication controller at a certain point. +#ReplicationControllerCondition: { + // Type of replication controller condition. + type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // The last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// ReplicationController represents the configuration of a replication controller. +#ReplicationController: { + metav1.#TypeMeta + + // If the Labels of a ReplicationController are empty, they are defaulted to + // be the same as the Pod(s) that the replication controller manages. + // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the specification of the desired behavior of the replication controller. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is the most recently observed status of the replication controller. + // This data may be out of date by some window of time. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ReplicationControllerList is a collection of replication controllers. +#ReplicationControllerList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of replication controllers. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller + items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) +} + +// Session Affinity Type string +// +enum +#ServiceAffinity: string // #enumServiceAffinity + +#enumServiceAffinity: + #ServiceAffinityClientIP | + #ServiceAffinityNone + +// ServiceAffinityClientIP is the Client IP based. +#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" + +// ServiceAffinityNone - no session affinity. +#ServiceAffinityNone: #ServiceAffinity & "None" + +#DefaultClientIPServiceAffinitySeconds: int32 & 10800 + +// SessionAffinityConfig represents the configurations of session affinity. +#SessionAffinityConfig: { + // clientIP contains the configurations of Client IP based session affinity. + // +optional + clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) +} + +// ClientIPConfig represents the configurations of Client IP based session affinity. +#ClientIPConfig: { + // timeoutSeconds specifies the seconds of ClientIP type session sticky time. + // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + // Default value is 10800(for 3 hours). + // +optional + timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) +} + +// Service Type string describes ingress methods for a service +// +enum +#ServiceType: string // #enumServiceType + +#enumServiceType: + #ServiceTypeClusterIP | + #ServiceTypeNodePort | + #ServiceTypeLoadBalancer | + #ServiceTypeExternalName + +// ServiceTypeClusterIP means a service will only be accessible inside the +// cluster, via the cluster IP. +#ServiceTypeClusterIP: #ServiceType & "ClusterIP" + +// ServiceTypeNodePort means a service will be exposed on one port of +// every node, in addition to 'ClusterIP' type. +#ServiceTypeNodePort: #ServiceType & "NodePort" + +// ServiceTypeLoadBalancer means a service will be exposed via an +// external load balancer (if the cloud provider supports it), in addition +// to 'NodePort' type. +#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" + +// ServiceTypeExternalName means a service consists of only a reference to +// an external name that kubedns or equivalent will return as a CNAME +// record, with no exposing or proxying of any pods involved. +#ServiceTypeExternalName: #ServiceType & "ExternalName" + +// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they +// receive on the ClusterIP. +// +enum +#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy + +#enumServiceInternalTrafficPolicy: + #ServiceInternalTrafficPolicyCluster | + #ServiceInternalTrafficPolicyLocal + +// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. +#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" + +// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same +// node as the client pod (dropping the traffic if there are no local endpoints). +#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" + +// for backwards compat +// +enum +#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType + +#enumServiceInternalTrafficPolicyType: + #ServiceInternalTrafficPolicyCluster | + #ServiceInternalTrafficPolicyLocal + +// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they +// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, +// and LoadBalancer IPs. +// +enum +#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy + +#enumServiceExternalTrafficPolicy: + #ServiceExternalTrafficPolicyCluster | + #ServiceExternalTrafficPolicyLocal | + #ServiceExternalTrafficPolicyTypeLocal | + #ServiceExternalTrafficPolicyTypeCluster + +// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. +#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" + +// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by +// routing only to endpoints on the same node as the traffic was received on +// (dropping the traffic if there are no local endpoints). +#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" + +// for backwards compat +// +enum +#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType + +#enumServiceExternalTrafficPolicyType: + #ServiceExternalTrafficPolicyCluster | + #ServiceExternalTrafficPolicyLocal | + #ServiceExternalTrafficPolicyTypeLocal | + #ServiceExternalTrafficPolicyTypeCluster + +#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" +#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" + +// LoadBalancerPortsError represents the condition of the requested ports +// on the cloud load balancer instance. +#LoadBalancerPortsError: "LoadBalancerPortsError" + +// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError +// means the LoadBalancer was not able to be configured correctly. +#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" + +// ServiceStatus represents the current status of a service. +#ServiceStatus: { + // LoadBalancer contains the current status of the load-balancer, + // if one is present. + // +optional + loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) + + // Current service state + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) +} + +// LoadBalancerStatus represents the status of a load-balancer. +#LoadBalancerStatus: { + // Ingress is a list containing ingress points for the load-balancer. + // Traffic intended for the service should be sent to these ingress points. + // +optional + ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) +} + +// LoadBalancerIngress represents the status of a load-balancer ingress point: +// traffic intended for the service should be sent to an ingress point. +#LoadBalancerIngress: { + // IP is set for load-balancer ingress points that are IP based + // (typically GCE or OpenStack load-balancers) + // +optional + ip?: string @go(IP) @protobuf(1,bytes,opt) + + // Hostname is set for load-balancer ingress points that are DNS based + // (typically AWS load-balancers) + // +optional + hostname?: string @go(Hostname) @protobuf(2,bytes,opt) + + // Ports is a list of records of service ports + // If used, every port defined in the service should have an entry in it + // +listType=atomic + // +optional + ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) +} + +// IPFamily represents the IP Family (IPv4 or IPv6). This type is used +// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). +// +enum +#IPFamily: string // #enumIPFamily + +#enumIPFamily: + #IPv4Protocol | + #IPv6Protocol + +// IPv4Protocol indicates that this IP is IPv4 protocol +#IPv4Protocol: #IPFamily & "IPv4" + +// IPv6Protocol indicates that this IP is IPv6 protocol +#IPv6Protocol: #IPFamily & "IPv6" + +// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service +// +enum +#IPFamilyPolicy: string // #enumIPFamilyPolicy + +#enumIPFamilyPolicy: + #IPFamilyPolicySingleStack | + #IPFamilyPolicyPreferDualStack | + #IPFamilyPolicyRequireDualStack + +// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. +// The IPFamily assigned is based on the default IPFamily used by the cluster +// or as identified by service.spec.ipFamilies field +#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" + +// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when +// the cluster is configured for dual-stack. If the cluster is not configured +// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not +// set in service.spec.ipFamilies then the service will be assigned the default IPFamily +// configured on the cluster +#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" + +// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using +// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The +// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If +// service.spec.ipFamilies was not provided then it will be assigned according to how they are +// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative +// IPFamily will be added by apiserver +#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" + +// for backwards compat +// +enum +#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType + +#enumIPFamilyPolicyType: + #IPFamilyPolicySingleStack | + #IPFamilyPolicyPreferDualStack | + #IPFamilyPolicyRequireDualStack + +// ServiceSpec describes the attributes that a user creates on a service. +#ServiceSpec: { + // The list of ports that are exposed by this service. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +patchMergeKey=port + // +patchStrategy=merge + // +listType=map + // +listMapKey=port + // +listMapKey=protocol + ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) + + // Route service traffic to pods with label keys and values matching this + // selector. If empty or not present, the service is assumed to have an + // external process managing its endpoints, which Kubernetes will not + // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + // Ignored if type is ExternalName. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/ + // +optional + // +mapType=atomic + selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) + + // clusterIP is the IP address of the service and is usually assigned + // randomly. If an address is specified manually, is in-range (as per + // system configuration), and is not in use, it will be allocated to the + // service; otherwise creation of the service will fail. This field may not + // be changed through updates unless the type field is also being changed + // to ExternalName (which requires this field to be blank) or the type + // field is being changed from ExternalName (in which case this field may + // optionally be specified, as describe above). Valid values are "None", + // empty string (""), or a valid IP address. Setting this to "None" makes a + // "headless service" (no virtual IP), which is useful when direct endpoint + // connections are preferred and proxying is not required. Only applies to + // types ClusterIP, NodePort, and LoadBalancer. If this field is specified + // when creating a Service of type ExternalName, creation will fail. This + // field will be wiped when updating a Service to type ExternalName. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +optional + clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) + + // ClusterIPs is a list of IP addresses assigned to this service, and are + // usually assigned randomly. If an address is specified manually, is + // in-range (as per system configuration), and is not in use, it will be + // allocated to the service; otherwise creation of the service will fail. + // This field may not be changed through updates unless the type field is + // also being changed to ExternalName (which requires this field to be + // empty) or the type field is being changed from ExternalName (in which + // case this field may optionally be specified, as describe above). Valid + // values are "None", empty string (""), or a valid IP address. Setting + // this to "None" makes a "headless service" (no virtual IP), which is + // useful when direct endpoint connections are preferred and proxying is + // not required. Only applies to types ClusterIP, NodePort, and + // LoadBalancer. If this field is specified when creating a Service of type + // ExternalName, creation will fail. This field will be wiped when updating + // a Service to type ExternalName. If this field is not specified, it will + // be initialized from the clusterIP field. If this field is specified, + // clients must ensure that clusterIPs[0] and clusterIP have the same + // value. + // + // This field may hold a maximum of two entries (dual-stack IPs, in either order). + // These IPs must correspond to the values of the ipFamilies field. Both + // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +listType=atomic + // +optional + clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) + + // type determines how the Service is exposed. Defaults to ClusterIP. Valid + // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + // "ClusterIP" allocates a cluster-internal IP address for load-balancing + // to endpoints. Endpoints are determined by the selector or if that is not + // specified, by manual construction of an Endpoints object or + // EndpointSlice objects. If clusterIP is "None", no virtual IP is + // allocated and the endpoints are published as a set of endpoints rather + // than a virtual IP. + // "NodePort" builds on ClusterIP and allocates a port on every node which + // routes to the same endpoints as the clusterIP. + // "LoadBalancer" builds on NodePort and creates an external load-balancer + // (if supported in the current cloud) which routes to the same endpoints + // as the clusterIP. + // "ExternalName" aliases this service to the specified externalName. + // Several other fields do not apply to ExternalName services. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + // +optional + type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) + + // externalIPs is a list of IP addresses for which nodes in the cluster + // will also accept traffic for this service. These IPs are not managed by + // Kubernetes. The user is responsible for ensuring that traffic arrives + // at a node with this IP. A common example is external load-balancers + // that are not part of the Kubernetes system. + // +optional + externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) + + // Supports "ClientIP" and "None". Used to maintain session affinity. + // Enable client IP based session affinity. + // Must be ClientIP or None. + // Defaults to None. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +optional + sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) + + // Only applies to Service Type: LoadBalancer. + // This feature depends on whether the underlying cloud-provider supports specifying + // the loadBalancerIP when a load balancer is created. + // This field will be ignored if the cloud-provider does not support the feature. + // Deprecated: This field was under-specified and its meaning varies across implementations. + // Using it is non-portable and it may not support dual-stack. + // Users are encouraged to use implementation-specific annotations when available. + // +optional + loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) + + // If specified and supported by the platform, this will restrict traffic through the cloud-provider + // load-balancer will be restricted to the specified client IPs. This field will be ignored if the + // cloud-provider does not support the feature." + // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + // +optional + loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) + + // externalName is the external reference that discovery mechanisms will + // return as an alias for this service (e.g. a DNS CNAME record). No + // proxying will be involved. Must be a lowercase RFC-1123 hostname + // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + // +optional + externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) + + // externalTrafficPolicy describes how nodes distribute service traffic they + // receive on one of the Service's "externally-facing" addresses (NodePorts, + // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + // the service in a way that assumes that external load balancers will take care + // of balancing the service traffic between nodes, and so each node will deliver + // traffic only to the node-local endpoints of the service, without masquerading + // the client source IP. (Traffic mistakenly sent to a node with no endpoints will + // be dropped.) The default value, "Cluster", uses the standard behavior of + // routing to all endpoints evenly (possibly modified by topology and other + // features). Note that traffic sent to an External IP or LoadBalancer IP from + // within the cluster will always get "Cluster" semantics, but clients sending to + // a NodePort from within the cluster may need to take traffic policy into account + // when picking a node. + // +optional + externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) + + // healthCheckNodePort specifies the healthcheck nodePort for the service. + // This only applies when type is set to LoadBalancer and + // externalTrafficPolicy is set to Local. If a value is specified, is + // in-range, and is not in use, it will be used. If not specified, a value + // will be automatically allocated. External systems (e.g. load-balancers) + // can use this port to determine if a given node holds endpoints for this + // service or not. If this field is specified when creating a Service + // which does not need it, creation will fail. This field will be wiped + // when updating a Service to no longer need it (e.g. changing type). + // This field cannot be updated once set. + // +optional + healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) + + // publishNotReadyAddresses indicates that any agent which deals with endpoints for this + // Service should disregard any indications of ready/not-ready. + // The primary use case for setting this field is for a StatefulSet's Headless Service to + // propagate SRV DNS records for its Pods for the purpose of peer discovery. + // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + // Services interpret this to mean that all endpoints are considered "ready" even if the + // Pods themselves are not. Agents which consume only Kubernetes generated endpoints + // through the Endpoints or EndpointSlice resources can safely assume this behavior. + // +optional + publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) + + // sessionAffinityConfig contains the configurations of session affinity. + // +optional + sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) + + // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + // service. This field is usually assigned automatically based on cluster + // configuration and the ipFamilyPolicy field. If this field is specified + // manually, the requested family is available in the cluster, + // and ipFamilyPolicy allows it, it will be used; otherwise creation of + // the service will fail. This field is conditionally mutable: it allows + // for adding or removing a secondary IP family, but it does not allow + // changing the primary IP family of the Service. Valid values are "IPv4" + // and "IPv6". This field only applies to Services of types ClusterIP, + // NodePort, and LoadBalancer, and does apply to "headless" services. + // This field will be wiped when updating a Service to type ExternalName. + // + // This field may hold a maximum of two entries (dual-stack families, in + // either order). These families must correspond to the values of the + // clusterIPs field, if specified. Both clusterIPs and ipFamilies are + // governed by the ipFamilyPolicy field. + // +listType=atomic + // +optional + ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) + + // IPFamilyPolicy represents the dual-stack-ness requested or required by + // this Service. If there is no value provided, then this field will be set + // to SingleStack. Services can be "SingleStack" (a single IP family), + // "PreferDualStack" (two IP families on dual-stack configured clusters or + // a single IP family on single-stack clusters), or "RequireDualStack" + // (two IP families on dual-stack configured clusters, otherwise fail). The + // ipFamilies and clusterIPs fields depend on the value of this field. This + // field will be wiped when updating a service to type ExternalName. + // +optional + ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) + + // allocateLoadBalancerNodePorts defines if NodePorts will be automatically + // allocated for services with type LoadBalancer. Default is "true". It + // may be set to "false" if the cluster load-balancer does not rely on + // NodePorts. If the caller requests specific NodePorts (by specifying a + // value), those requests will be respected, regardless of this field. + // This field may only be set for services with type LoadBalancer and will + // be cleared if the type is changed to any other type. + // +optional + allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) + + // loadBalancerClass is the class of the load balancer implementation this Service belongs to. + // If specified, the value of this field must be a label-style identifier, with an optional prefix, + // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + // balancer implementation is used, today this is typically done through the cloud provider integration, + // but should apply for any default implementation. If set, it is assumed that a load balancer + // implementation is watching for Services with a matching class. Any default load balancer + // implementation (e.g. cloud providers) should ignore Services that set this field. + // This field can only be set when creating or updating a Service to type 'LoadBalancer'. + // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + // +optional + loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) + + // InternalTrafficPolicy describes how nodes distribute service traffic they + // receive on the ClusterIP. If set to "Local", the proxy will assume that pods + // only want to talk to endpoints of the service on the same node as the pod, + // dropping the traffic if there are no local endpoints. The default value, + // "Cluster", uses the standard behavior of routing to all endpoints evenly + // (possibly modified by topology and other features). + // +optional + internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) +} + +// ServicePort contains information on service's port. +#ServicePort: { + // The name of this port within the service. This must be a DNS_LABEL. + // All ports within a ServiceSpec must have unique names. When considering + // the endpoints for a Service, this must match the 'name' field in the + // EndpointPort. + // Optional if only one ServicePort is defined on this service. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + // Default is TCP. + // +default="TCP" + // +optional + protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) + + // The application protocol for this port. + // This is used as a hint for implementations to offer richer behavior for protocols that they understand. + // This field follows standard Kubernetes label syntax. + // Valid values are either: + // + // * Un-prefixed protocol names - reserved for IANA standard service names (as per + // RFC-6335 and https://www.iana.org/assignments/service-names). + // + // * Kubernetes-defined prefixed names: + // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + // + // * Other protocols should use implementation-defined prefixed names such as + // mycompany.com/my-custom-protocol. + // +optional + appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) + + // The port that will be exposed by this service. + port: int32 @go(Port) @protobuf(3,varint,opt) + + // Number or name of the port to access on the pods targeted by the service. + // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + // If this is a string, it will be looked up as a named port in the + // target Pod's container ports. If this is not specified, the value + // of the 'port' field is used (an identity map). + // This field is ignored for services with clusterIP=None, and should be + // omitted or set equal to the 'port' field. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + // +optional + targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) + + // The port on each node on which this service is exposed when type is + // NodePort or LoadBalancer. Usually assigned by the system. If a value is + // specified, in-range, and not in use it will be used, otherwise the + // operation will fail. If not specified, a port will be allocated if this + // Service requires one. If this field is specified when creating a + // Service which does not need it, creation will fail. This field will be + // wiped when updating a Service to no longer need it (e.g. changing type + // from NodePort to ClusterIP). + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + // +optional + nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) +} + +// Service is a named abstraction of software service (for example, mysql) consisting of local port +// (for example 3306) that the proxy listens on, and the selector that determines which pods +// will answer requests sent through the proxy. +#Service: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the behavior of a service. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the service. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ClusterIPNone - do not assign a cluster IP +// no proxying required and no environment variables should be created for pods +#ClusterIPNone: "None" + +// ServiceList holds a list of services. +#ServiceList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of services + items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) +} + +// ServiceAccount binds together: +// * a name, understood by users, and perhaps by peripheral systems, for an identity +// * a principal that can be authenticated and authorized +// * a set of secrets +#ServiceAccount: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. + // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". + // This field should not be used to find auto-generated service account token secrets for use outside of pods. + // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. + // More info: https://kubernetes.io/docs/concepts/configuration/secret + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) + + // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images + // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets + // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. + // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + // +optional + imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) + + // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. + // Can be overridden at the pod level. + // +optional + automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) +} + +// ServiceAccountList is a list of ServiceAccount objects +#ServiceAccountList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ServiceAccounts. + // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) +} + +// Endpoints is a collection of endpoints that implement the actual service. Example: +// +// Name: "mysvc", +// Subsets: [ +// { +// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], +// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] +// }, +// { +// Addresses: [{"ip": "10.10.3.3"}], +// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] +// }, +// ] +#Endpoints: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The set of all endpoints is the union of all subsets. Addresses are placed into + // subsets according to the IPs they share. A single address with multiple ports, + // some of which are ready and some of which are not (because they come from + // different containers) will result in the address being displayed in different + // subsets for the different ports. No address will appear in both Addresses and + // NotReadyAddresses in the same subset. + // Sets of addresses and ports that comprise a service. + // +optional + subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) +} + +// EndpointSubset is a group of addresses with a common set of ports. The +// expanded set of endpoints is the Cartesian product of Addresses x Ports. +// For example, given: +// +// { +// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], +// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] +// } +// +// The resulting set of endpoints can be viewed as: +// +// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], +// b: [ 10.10.1.1:309, 10.10.2.2:309 ] +#EndpointSubset: { + // IP addresses which offer the related ports that are marked as ready. These endpoints + // should be considered safe for load balancers and clients to utilize. + // +optional + addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) + + // IP addresses which offer the related ports but are not currently marked as ready + // because they have not yet finished starting, have recently failed a readiness check, + // or have recently failed a liveness check. + // +optional + notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) + + // Port numbers available on the related IP addresses. + // +optional + ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) +} + +// EndpointAddress is a tuple that describes single IP address. +// +structType=atomic +#EndpointAddress: { + // The IP of this endpoint. + // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), + // or link-local multicast (224.0.0.0/24 or ff02::/16). + ip: string @go(IP) @protobuf(1,bytes,opt) + + // The Hostname of this endpoint + // +optional + hostname?: string @go(Hostname) @protobuf(3,bytes,opt) + + // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. + // +optional + nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) + + // Reference to object providing the endpoint. + // +optional + targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) +} + +// EndpointPort is a tuple that describes a single port. +// +structType=atomic +#EndpointPort: { + // The name of this port. This must match the 'name' field in the + // corresponding ServicePort. + // Must be a DNS_LABEL. + // Optional only if one port is defined. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // The port number of the endpoint. + port: int32 @go(Port) @protobuf(2,varint,opt) + + // The IP protocol for this port. + // Must be UDP, TCP, or SCTP. + // Default is TCP. + // +optional + protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) + + // The application protocol for this port. + // This is used as a hint for implementations to offer richer behavior for protocols that they understand. + // This field follows standard Kubernetes label syntax. + // Valid values are either: + // + // * Un-prefixed protocol names - reserved for IANA standard service names (as per + // RFC-6335 and https://www.iana.org/assignments/service-names). + // + // * Kubernetes-defined prefixed names: + // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + // + // * Other protocols should use implementation-defined prefixed names such as + // mycompany.com/my-custom-protocol. + // +optional + appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) +} + +// EndpointsList is a list of endpoints. +#EndpointsList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of endpoints. + items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) +} + +// NodeSpec describes the attributes that a node is created with. +#NodeSpec: { + // PodCIDR represents the pod IP range assigned to the node. + // +optional + podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) + + // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this + // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for + // each of IPv4 and IPv6. + // +optional + // +patchStrategy=merge + podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) + + // ID of the node assigned by the cloud provider in the format: :// + // +optional + providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) + + // Unschedulable controls node schedulability of new pods. By default, node is schedulable. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration + // +optional + unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) + + // If specified, the node's taints. + // +optional + taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) + + // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. + // +optional + configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) + + // Deprecated. Not all kubelets will set this field. Remove field after 1.13. + // see: https://issues.k8s.io/61966 + // +optional + externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) +} + +// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. +// This API is deprecated since 1.22 +#NodeConfigSource: { + // ConfigMap is a reference to a Node's ConfigMap + configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) +} + +// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. +// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration +#ConfigMapNodeConfigSource: { + // Namespace is the metadata.namespace of the referenced ConfigMap. + // This field is required in all cases. + namespace: string @go(Namespace) @protobuf(1,bytes,opt) + + // Name is the metadata.name of the referenced ConfigMap. + // This field is required in all cases. + name: string @go(Name) @protobuf(2,bytes,opt) + + // UID is the metadata.UID of the referenced ConfigMap. + // This field is forbidden in Node.Spec, and required in Node.Status. + // +optional + uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) + + // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. + // This field is forbidden in Node.Spec, and required in Node.Status. + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) + + // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure + // This field is required in all cases. + kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) +} + +// DaemonEndpoint contains information about a single Daemon endpoint. +#DaemonEndpoint: { + // Port number of the given endpoint. + Port: int32 @protobuf(1,varint,opt) +} + +// NodeDaemonEndpoints lists ports opened by daemons running on the Node. +#NodeDaemonEndpoints: { + // Endpoint on which Kubelet is listening. + // +optional + kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) +} + +// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. +#NodeSystemInfo: { + // MachineID reported by the node. For unique machine identification + // in the cluster this field is preferred. Learn more from man(5) + // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html + machineID: string @go(MachineID) @protobuf(1,bytes,opt) + + // SystemUUID reported by the node. For unique machine identification + // MachineID is preferred. This field is specific to Red Hat hosts + // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) + + // Boot ID reported by the node. + bootID: string @go(BootID) @protobuf(3,bytes,opt) + + // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). + kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) + + // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). + osImage: string @go(OSImage) @protobuf(5,bytes,opt) + + // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). + containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) + + // Kubelet Version reported by the node. + kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) + + // KubeProxy Version reported by the node. + kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) + + // The Operating System reported by the node + operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) + + // The Architecture reported by the node + architecture: string @go(Architecture) @protobuf(10,bytes,opt) +} + +// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. +#NodeConfigStatus: { + // Assigned reports the checkpointed config the node will try to use. + // When Node.Spec.ConfigSource is updated, the node checkpoints the associated + // config payload to local disk, along with a record indicating intended + // config. The node refers to this record to choose its config checkpoint, and + // reports this record in Assigned. Assigned only updates in the status after + // the record has been checkpointed to disk. When the Kubelet is restarted, + // it tries to make the Assigned config the Active config by loading and + // validating the checkpointed payload identified by Assigned. + // +optional + assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) + + // Active reports the checkpointed config the node is actively using. + // Active will represent either the current version of the Assigned config, + // or the current LastKnownGood config, depending on whether attempting to use the + // Assigned config results in an error. + // +optional + active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) + + // LastKnownGood reports the checkpointed config the node will fall back to + // when it encounters an error attempting to use the Assigned config. + // The Assigned config becomes the LastKnownGood config when the node determines + // that the Assigned config is stable and correct. + // This is currently implemented as a 10-minute soak period starting when the local + // record of Assigned config is updated. If the Assigned config is Active at the end + // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is + // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, + // because the local default config is always assumed good. + // You should not make assumptions about the node's method of determining config stability + // and correctness, as this may change or become configurable in the future. + // +optional + lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) + + // Error describes any problems reconciling the Spec.ConfigSource to the Active config. + // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned + // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting + // to load or validate the Assigned config, etc. + // Errors may occur at different points while syncing config. Earlier errors (e.g. download or + // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across + // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in + // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error + // by fixing the config assigned in Spec.ConfigSource. + // You can find additional information for debugging by searching the error message in the Kubelet log. + // Error is a human-readable description of the error state; machines can check whether or not Error + // is empty, but should not rely on the stability of the Error text across Kubelet versions. + // +optional + error?: string @go(Error) @protobuf(4,bytes,opt) +} + +// NodeStatus is information about the current status of a node. +#NodeStatus: { + // Capacity represents the total resources of a node. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity + // +optional + capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Allocatable represents the resources of a node that are available for scheduling. + // Defaults to Capacity. + // +optional + allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // NodePhase is the recently observed lifecycle phase of the node. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase + // The field is never populated, and now is deprecated. + // +optional + phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) + + // Conditions is an array of current observed node conditions. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) + + // List of addresses reachable to the node. + // Queried from cloud provider, if available. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses + // Note: This field is declared as mergeable, but the merge key is not sufficiently + // unique, which can cause data corruption when it is merged. Callers should instead + // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. + // Consumers should assume that addresses can change during the + // lifetime of a Node. However, there are some exceptions where this may not + // be possible, such as Pods that inherit a Node's address in its own status or + // consumers of the downward API (status.hostIP). + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) + + // Endpoints of daemons running on the Node. + // +optional + daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) + + // Set of ids/uuids to uniquely identify the node. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#info + // +optional + nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) + + // List of container images on this node + // +optional + images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) + + // List of attachable volumes in use (mounted) by the node. + // +optional + volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) + + // List of volumes that are attached to the node. + // +optional + volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) + + // Status of the config assigned to the node via the dynamic Kubelet config feature. + // +optional + config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) +} + +#UniqueVolumeName: string + +// AttachedVolume describes a volume attached to a node +#AttachedVolume: { + // Name of the attached volume + name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) + + // DevicePath represents the device path where the volume should be available + devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) +} + +// AvoidPods describes pods that should avoid this node. This is the value for a +// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and +// will eventually become a field of NodeStatus. +#AvoidPods: { + // Bounded-sized list of signatures of pods that should avoid this node, sorted + // in timestamp order from oldest to newest. Size of the slice is unspecified. + // +optional + preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) +} + +// Describes a class of pods that should avoid this node. +#PreferAvoidPodsEntry: { + // The class of pods. + podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) + + // Time at which this entry was added to the list. + // +optional + evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) + + // (brief) reason why this entry was added to the list. + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // Human readable message indicating why this entry was added to the list. + // +optional + message?: string @go(Message) @protobuf(4,bytes,opt) +} + +// Describes the class of pods that should avoid this node. +// Exactly one field should be set. +#PodSignature: { + // Reference to controller whose pods should avoid this node. + // +optional + podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) +} + +// Describe a container image +#ContainerImage: { + // Names by which this image is known. + // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] + // +optional + names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) + + // The size of the image in bytes. + // +optional + sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) +} + +// +enum +#NodePhase: string // #enumNodePhase + +#enumNodePhase: + #NodePending | + #NodeRunning | + #NodeTerminated + +// NodePending means the node has been created/added by the system, but not configured. +#NodePending: #NodePhase & "Pending" + +// NodeRunning means the node has been configured and has Kubernetes components running. +#NodeRunning: #NodePhase & "Running" + +// NodeTerminated means the node has been removed from the cluster. +#NodeTerminated: #NodePhase & "Terminated" + +#NodeConditionType: string // #enumNodeConditionType + +#enumNodeConditionType: + #NodeReady | + #NodeMemoryPressure | + #NodeDiskPressure | + #NodePIDPressure | + #NodeNetworkUnavailable + +// NodeReady means kubelet is healthy and ready to accept pods. +#NodeReady: #NodeConditionType & "Ready" + +// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. +#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" + +// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. +#NodeDiskPressure: #NodeConditionType & "DiskPressure" + +// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. +#NodePIDPressure: #NodeConditionType & "PIDPressure" + +// NodeNetworkUnavailable means that network for the node is not correctly configured. +#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" + +// NodeCondition contains condition information for a node. +#NodeCondition: { + // Type of node condition. + type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // Last time we got an update on a given condition. + // +optional + lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) + + // Last time the condition transit from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // (brief) reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // Human readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +#NodeAddressType: string // #enumNodeAddressType + +#enumNodeAddressType: + #NodeHostName | + #NodeInternalIP | + #NodeExternalIP | + #NodeInternalDNS | + #NodeExternalDNS + +// NodeHostName identifies a name of the node. Although every node can be assumed +// to have a NodeAddress of this type, its exact syntax and semantics are not +// defined, and are not consistent between different clusters. +#NodeHostName: #NodeAddressType & "Hostname" + +// NodeInternalIP identifies an IP address which is assigned to one of the node's +// network interfaces. Every node should have at least one address of this type. +// +// An internal IP is normally expected to be reachable from every other node, but +// may not be visible to hosts outside the cluster. By default it is assumed that +// kube-apiserver can reach node internal IPs, though it is possible to configure +// clusters where this is not the case. +// +// NodeInternalIP is the default type of node IP, and does not necessarily imply +// that the IP is ONLY reachable internally. If a node has multiple internal IPs, +// no specific semantics are assigned to the additional IPs. +#NodeInternalIP: #NodeAddressType & "InternalIP" + +// NodeExternalIP identifies an IP address which is, in some way, intended to be +// more usable from outside the cluster then an internal IP, though no specific +// semantics are defined. It may be a globally routable IP, though it is not +// required to be. +// +// External IPs may be assigned directly to an interface on the node, like a +// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed +// to an internal node IP rather than being delivered directly (making the IP less +// efficient for node-to-node traffic than a NodeInternalIP). +#NodeExternalIP: #NodeAddressType & "ExternalIP" + +// NodeInternalDNS identifies a DNS name which resolves to an IP address which has +// the characteristics of a NodeInternalIP. The IP it resolves to may or may not +// be a listed NodeInternalIP address. +#NodeInternalDNS: #NodeAddressType & "InternalDNS" + +// NodeExternalDNS identifies a DNS name which resolves to an IP address which has +// the characteristics of a NodeExternalIP. The IP it resolves to may or may not +// be a listed NodeExternalIP address. +#NodeExternalDNS: #NodeAddressType & "ExternalDNS" + +// NodeAddress contains information for the node's address. +#NodeAddress: { + // Node address type, one of Hostname, ExternalIP or InternalIP. + type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) + + // The node address. + address: string @go(Address) @protobuf(2,bytes,opt) +} + +// ResourceName is the name identifying various resources in a ResourceList. +#ResourceName: string // #enumResourceName + +#enumResourceName: + #ResourceCPU | + #ResourceMemory | + #ResourceStorage | + #ResourceEphemeralStorage | + #ResourcePods | + #ResourceServices | + #ResourceReplicationControllers | + #ResourceQuotas | + #ResourceSecrets | + #ResourceConfigMaps | + #ResourcePersistentVolumeClaims | + #ResourceServicesNodePorts | + #ResourceServicesLoadBalancers | + #ResourceRequestsCPU | + #ResourceRequestsMemory | + #ResourceRequestsStorage | + #ResourceRequestsEphemeralStorage | + #ResourceLimitsCPU | + #ResourceLimitsMemory | + #ResourceLimitsEphemeralStorage + +// CPU, in cores. (500m = .5 cores) +#ResourceCPU: #ResourceName & "cpu" + +// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceMemory: #ResourceName & "memory" + +// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) +#ResourceStorage: #ResourceName & "storage" + +// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. +#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" + +// Default namespace prefix. +#ResourceDefaultNamespacePrefix: "kubernetes.io/" + +// Name prefix for huge page resources (alpha). +#ResourceHugePagesPrefix: "hugepages-" + +// Name prefix for storage resource limits +#ResourceAttachableVolumesPrefix: "attachable-volumes-" + +// ResourceList is a set of (resource name, quantity) pairs. +#ResourceList: {[string]: resource.#Quantity} + +// Node is a worker node in Kubernetes. +// Each node will have a unique identifier in the cache (i.e. in etcd). +#Node: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the behavior of a node. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the node. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) +} + +// NodeList is the whole list of all Nodes which have been registered with master. +#NodeList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of nodes + items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) +} + +// FinalizerName is the name identifying a finalizer during namespace lifecycle. +#FinalizerName: string // #enumFinalizerName + +#enumFinalizerName: + #FinalizerKubernetes + +#FinalizerKubernetes: #FinalizerName & "kubernetes" + +// NamespaceSpec describes the attributes on a Namespace. +#NamespaceSpec: { + // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. + // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ + // +optional + finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) +} + +// NamespaceStatus is information about the current status of a Namespace. +#NamespaceStatus: { + // Phase is the current lifecycle phase of the namespace. + // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ + // +optional + phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) + + // Represents the latest available observations of a namespace's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) +} + +// +enum +#NamespacePhase: string // #enumNamespacePhase + +#enumNamespacePhase: + #NamespaceActive | + #NamespaceTerminating + +// NamespaceActive means the namespace is available for use in the system +#NamespaceActive: #NamespacePhase & "Active" + +// NamespaceTerminating means the namespace is undergoing graceful termination +#NamespaceTerminating: #NamespacePhase & "Terminating" + +// NamespaceTerminatingCause is returned as a defaults.cause item when a change is +// forbidden due to the namespace being terminated. +#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" + +#NamespaceConditionType: string // #enumNamespaceConditionType + +#enumNamespaceConditionType: + #NamespaceDeletionDiscoveryFailure | + #NamespaceDeletionContentFailure | + #NamespaceDeletionGVParsingFailure | + #NamespaceContentRemaining | + #NamespaceFinalizersRemaining + +// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. +#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" + +// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. +#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" + +// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. +#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" + +// NamespaceContentRemaining contains information about resources remaining in a namespace. +#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" + +// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. +#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" + +// NamespaceCondition contains details about state of namespace. +#NamespaceCondition: { + // Type of namespace controller condition. + type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// Namespace provides a scope for Names. +// Use of multiple namespaces is optional. +#Namespace: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the behavior of the Namespace. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status describes the current status of a Namespace. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) +} + +// NamespaceList is a list of Namespaces. +#NamespaceList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of Namespace objects in the list. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) +} + +// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. +// Deprecated in 1.7, please use the bindings subresource of pods instead. +#Binding: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The target object that you want to bind to the standard object. + target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) +} + +// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. +// +k8s:openapi-gen=false +#Preconditions: { + // Specifies the target UID. + // +optional + uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) +} + +// PodLogOptions is the query options for a Pod's logs REST call. +#PodLogOptions: { + metav1.#TypeMeta + + // The container for which to stream logs. Defaults to only container if there is one container in the pod. + // +optional + container?: string @go(Container) @protobuf(1,bytes,opt) + + // Follow the log stream of the pod. Defaults to false. + // +optional + follow?: bool @go(Follow) @protobuf(2,varint,opt) + + // Return previous terminated container logs. Defaults to false. + // +optional + previous?: bool @go(Previous) @protobuf(3,varint,opt) + + // A relative time in seconds before the current time from which to show logs. If this value + // precedes the time a pod was started, only logs since the pod start will be returned. + // If this value is in the future, no logs will be returned. + // Only one of sinceSeconds or sinceTime may be specified. + // +optional + sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) + + // An RFC3339 timestamp from which to show logs. If this value + // precedes the time a pod was started, only logs since the pod start will be returned. + // If this value is in the future, no logs will be returned. + // Only one of sinceSeconds or sinceTime may be specified. + // +optional + sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) + + // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line + // of log output. Defaults to false. + // +optional + timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) + + // If set, the number of lines from the end of the logs to show. If not specified, + // logs are shown from the creation of the container or sinceSeconds or sinceTime + // +optional + tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) + + // If set, the number of bytes to read from the server before terminating the + // log output. This may not display a complete final line of logging, and may return + // slightly more or slightly less than the specified limit. + // +optional + limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) + + // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the + // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver + // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real + // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the + // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept + // the actual log data coming from the real kubelet). + // +optional + insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) +} + +// PodAttachOptions is the query options to a Pod's remote attach call. +// --- +// TODO: merge w/ PodExecOptions below for stdin, stdout, etc +// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY +#PodAttachOptions: { + metav1.#TypeMeta + + // Stdin if true, redirects the standard input stream of the pod for this call. + // Defaults to false. + // +optional + stdin?: bool @go(Stdin) @protobuf(1,varint,opt) + + // Stdout if true indicates that stdout is to be redirected for the attach call. + // Defaults to true. + // +optional + stdout?: bool @go(Stdout) @protobuf(2,varint,opt) + + // Stderr if true indicates that stderr is to be redirected for the attach call. + // Defaults to true. + // +optional + stderr?: bool @go(Stderr) @protobuf(3,varint,opt) + + // TTY if true indicates that a tty will be allocated for the attach call. + // This is passed through the container runtime so the tty + // is allocated on the worker node by the container runtime. + // Defaults to false. + // +optional + tty?: bool @go(TTY) @protobuf(4,varint,opt) + + // The container in which to execute the command. + // Defaults to only container if there is only one container in the pod. + // +optional + container?: string @go(Container) @protobuf(5,bytes,opt) +} + +// PodExecOptions is the query options to a Pod's remote exec call. +// --- +// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging +// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY +#PodExecOptions: { + metav1.#TypeMeta + + // Redirect the standard input stream of the pod for this call. + // Defaults to false. + // +optional + stdin?: bool @go(Stdin) @protobuf(1,varint,opt) + + // Redirect the standard output stream of the pod for this call. + // +optional + stdout?: bool @go(Stdout) @protobuf(2,varint,opt) + + // Redirect the standard error stream of the pod for this call. + // +optional + stderr?: bool @go(Stderr) @protobuf(3,varint,opt) + + // TTY if true indicates that a tty will be allocated for the exec call. + // Defaults to false. + // +optional + tty?: bool @go(TTY) @protobuf(4,varint,opt) + + // Container in which to execute the command. + // Defaults to only container if there is only one container in the pod. + // +optional + container?: string @go(Container) @protobuf(5,bytes,opt) + + // Command is the remote command to execute. argv array. Not executed within a shell. + command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) +} + +// PodPortForwardOptions is the query options to a Pod's port forward call +// when using WebSockets. +// The `port` query parameter must specify the port or +// ports (comma separated) to forward over. +// Port forwarding over SPDY does not use these options. It requires the port +// to be passed in the `port` header as part of request. +#PodPortForwardOptions: { + metav1.#TypeMeta + + // List of ports to forward + // Required when using WebSockets + // +optional + ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) +} + +// PodProxyOptions is the query options to a Pod's proxy call. +#PodProxyOptions: { + metav1.#TypeMeta + + // Path is the URL path to use for the current proxy request to pod. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) +} + +// NodeProxyOptions is the query options to a Node's proxy call. +#NodeProxyOptions: { + metav1.#TypeMeta + + // Path is the URL path to use for the current proxy request to node. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) +} + +// ServiceProxyOptions is the query options to a Service's proxy call. +#ServiceProxyOptions: { + metav1.#TypeMeta + + // Path is the part of URLs that include service endpoints, suffixes, + // and parameters to use for the current proxy request to service. + // For example, the whole request URL is + // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. + // Path is _search?q=user:kimchy. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) +} + +// ObjectReference contains enough information to let you inspect or modify the referred object. +// --- +// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. +// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. +// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular +// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". +// Those cannot be well described when embedded. +// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. +// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity +// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple +// and the version of the actual struct is irrelevant. +// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type +// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. +// +// Instead of using this type, create a locally provided and used type that is well-focused on your reference. +// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +structType=atomic +#ObjectReference: { + // Kind of the referent. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + kind?: string @go(Kind) @protobuf(1,bytes,opt) + + // Namespace of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + // +optional + namespace?: string @go(Namespace) @protobuf(2,bytes,opt) + + // Name of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + // +optional + name?: string @go(Name) @protobuf(3,bytes,opt) + + // UID of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + // +optional + uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // API version of the referent. + // +optional + apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) + + // Specific resourceVersion to which this reference is made, if any. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) + + // If referring to a piece of an object instead of an entire object, this string + // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + // For example, if the object reference is to a container within a pod, this would take on a value like: + // "spec.containers{name}" (where "name" refers to the name of the container that triggered + // the event) or if no container name is specified "spec.containers[2]" (container with + // index 2 in this pod). This syntax is chosen only to have some well-defined way of + // referencing a part of an object. + // TODO: this design is not final and this field is subject to change in the future. + // +optional + fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) +} + +// LocalObjectReference contains enough information to let you locate the +// referenced object inside the same namespace. +// +structType=atomic +#LocalObjectReference: { + // Name of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + // TODO: Add other useful fields. apiVersion, kind, uid? + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) +} + +// TypedLocalObjectReference contains enough information to let you locate the +// typed referenced object inside the same namespace. +// +structType=atomic +#TypedLocalObjectReference: { + // APIGroup is the group for the resource being referenced. + // If APIGroup is not specified, the specified Kind must be in the core API group. + // For any other third-party types, APIGroup is required. + // +optional + apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) + + // Kind is the type of resource being referenced + kind: string @go(Kind) @protobuf(2,bytes,opt) + + // Name is the name of resource being referenced + name: string @go(Name) @protobuf(3,bytes,opt) +} + +// SerializedReference is a reference to serialized object. +#SerializedReference: { + metav1.#TypeMeta + + // The reference to an object in the system. + // +optional + reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) +} + +// EventSource contains information for an event. +#EventSource: { + // Component from which the event is generated. + // +optional + component?: string @go(Component) @protobuf(1,bytes,opt) + + // Node name on which the event is generated. + // +optional + host?: string @go(Host) @protobuf(2,bytes,opt) +} + +// Information only and will not cause any problems +#EventTypeNormal: "Normal" + +// These events are to warn that something might go wrong +#EventTypeWarning: "Warning" + +// Event is a report of an event somewhere in the cluster. Events +// have a limited retention time and triggers and messages may evolve +// with time. Event consumers should not rely on the timing of an event +// with a given Reason reflecting a consistent underlying trigger, or the +// continued existence of events with that Reason. Events should be +// treated as informative, best-effort, supplemental data. +#Event: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The object that this event is about. + involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) + + // This should be a short, machine understandable string that gives the reason + // for the transition into the object's current status. + // TODO: provide exact specification for format. + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // A human-readable description of the status of this operation. + // TODO: decide on maximum length. + // +optional + message?: string @go(Message) @protobuf(4,bytes,opt) + + // The component reporting this event. Should be a short machine understandable string. + // +optional + source?: #EventSource @go(Source) @protobuf(5,bytes,opt) + + // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) + // +optional + firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) + + // The time at which the most recent occurrence of this event was recorded. + // +optional + lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) + + // The number of times this event has occurred. + // +optional + count?: int32 @go(Count) @protobuf(8,varint,opt) + + // Type of this event (Normal, Warning), new types could be added in the future + // +optional + type?: string @go(Type) @protobuf(9,bytes,opt) + + // Time when this Event was first observed. + // +optional + eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) + + // Data about the Event series this event represents or nil if it's a singleton Event. + // +optional + series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) + + // What action was taken/failed regarding to the Regarding object. + // +optional + action?: string @go(Action) @protobuf(12,bytes,opt) + + // Optional secondary object for more complex actions. + // +optional + related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) + + // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. + // +optional + reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) + + // ID of the controller instance, e.g. `kubelet-xyzf`. + // +optional + reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) +} + +// EventSeries contain information on series of events, i.e. thing that was/is happening +// continuously for some time. +#EventSeries: { + // Number of occurrences in this series up to the last heartbeat time + count?: int32 @go(Count) @protobuf(1,varint) + + // Time of the last occurrence observed + lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) +} + +// EventList is a list of events. +#EventList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of events + items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) +} + +// List holds a list of objects, which may not be known by the server. +#List: metav1.#List + +// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or +// a fully qualified resource name. +#LimitType: string // #enumLimitType + +#enumLimitType: + #LimitTypePod | + #LimitTypeContainer | + #LimitTypePersistentVolumeClaim + +// Limit that applies to all pods in a namespace +#LimitTypePod: #LimitType & "Pod" + +// Limit that applies to all containers in a namespace +#LimitTypeContainer: #LimitType & "Container" + +// Limit that applies to all persistent volume claims in a namespace +#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" + +// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. +#LimitRangeItem: { + // Type of resource that this limit applies to. + type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) + + // Max usage constraints on this kind by resource name. + // +optional + max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Min usage constraints on this kind by resource name. + // +optional + min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Default resource requirement limit value by resource name if resource limit is omitted. + // +optional + default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. + // +optional + defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. + // +optional + maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) +} + +// LimitRangeSpec defines a min/max usage limit for resources that match on kind. +#LimitRangeSpec: { + // Limits is the list of LimitRangeItem objects that are enforced. + limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) +} + +// LimitRange sets resource usage limits for each kind of resource in a Namespace. +#LimitRange: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the limits enforced. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// LimitRangeList is a list of LimitRange items. +#LimitRangeList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of LimitRange objects. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) +} + +// Pods, number +#ResourcePods: #ResourceName & "pods" + +// Services, number +#ResourceServices: #ResourceName & "services" + +// ReplicationControllers, number +#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" + +// ResourceQuotas, number +#ResourceQuotas: #ResourceName & "resourcequotas" + +// ResourceSecrets, number +#ResourceSecrets: #ResourceName & "secrets" + +// ResourceConfigMaps, number +#ResourceConfigMaps: #ResourceName & "configmaps" + +// ResourcePersistentVolumeClaims, number +#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" + +// ResourceServicesNodePorts, number +#ResourceServicesNodePorts: #ResourceName & "services.nodeports" + +// ResourceServicesLoadBalancers, number +#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" + +// CPU request, in cores. (500m = .5 cores) +#ResourceRequestsCPU: #ResourceName & "requests.cpu" + +// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceRequestsMemory: #ResourceName & "requests.memory" + +// Storage request, in bytes +#ResourceRequestsStorage: #ResourceName & "requests.storage" + +// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" + +// CPU limit, in cores. (500m = .5 cores) +#ResourceLimitsCPU: #ResourceName & "limits.cpu" + +// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceLimitsMemory: #ResourceName & "limits.memory" + +// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" + +// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. +#ResourceRequestsHugePagesPrefix: "requests.hugepages-" + +// Default resource requests prefix +#DefaultResourceRequestsPrefix: "requests." + +// A ResourceQuotaScope defines a filter that must match each object tracked by a quota +// +enum +#ResourceQuotaScope: string // #enumResourceQuotaScope + +#enumResourceQuotaScope: + #ResourceQuotaScopeTerminating | + #ResourceQuotaScopeNotTerminating | + #ResourceQuotaScopeBestEffort | + #ResourceQuotaScopeNotBestEffort | + #ResourceQuotaScopePriorityClass | + #ResourceQuotaScopeCrossNamespacePodAffinity + +// Match all pod objects where spec.activeDeadlineSeconds >=0 +#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" + +// Match all pod objects where spec.activeDeadlineSeconds is nil +#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" + +// Match all pod objects that have best effort quality of service +#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" + +// Match all pod objects that do not have best effort quality of service +#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" + +// Match all pod objects that have priority class mentioned +#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" + +// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. +#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" + +// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. +#ResourceQuotaSpec: { + // hard is the set of desired hard limits for each named resource. + // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + // +optional + hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // A collection of filters that must match each object tracked by a quota. + // If not specified, the quota matches all objects. + // +optional + scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) + + // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota + // but expressed using ScopeSelectorOperator in combination with possible values. + // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + // +optional + scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) +} + +// A scope selector represents the AND of the selectors represented +// by the scoped-resource selector requirements. +// +structType=atomic +#ScopeSelector: { + // A list of scope selector requirements by scope of the resources. + // +optional + matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) +} + +// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator +// that relates the scope name and values. +#ScopedResourceSelectorRequirement: { + // The name of the scope that the selector applies to. + scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) + + // Represents a scope's relationship to a set of values. + // Valid operators are In, NotIn, Exists, DoesNotExist. + operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) + + // An array of string values. If the operator is In or NotIn, + // the values array must be non-empty. If the operator is Exists or DoesNotExist, + // the values array must be empty. + // This array is replaced during a strategic merge patch. + // +optional + values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) +} + +// A scope selector operator is the set of operators that can be used in +// a scope selector requirement. +// +enum +#ScopeSelectorOperator: string // #enumScopeSelectorOperator + +#enumScopeSelectorOperator: + #ScopeSelectorOpIn | + #ScopeSelectorOpNotIn | + #ScopeSelectorOpExists | + #ScopeSelectorOpDoesNotExist + +#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" +#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" +#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" +#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" + +// ResourceQuotaStatus defines the enforced hard limits and observed use. +#ResourceQuotaStatus: { + // Hard is the set of enforced hard limits for each named resource. + // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + // +optional + hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Used is the current observed total usage of the resource in the namespace. + // +optional + used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) +} + +// ResourceQuota sets aggregate quota restrictions enforced per namespace +#ResourceQuota: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the desired quota. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status defines the actual enforced quota and its current usage. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ResourceQuotaList is a list of ResourceQuota items. +#ResourceQuotaList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of ResourceQuota objects. + // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) +} + +// Secret holds secret data of a certain type. The total bytes of the values in +// the Data field must be less than MaxSecretSize bytes. +#Secret: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Immutable, if set to true, ensures that data stored in the Secret cannot + // be updated (only object metadata can be modified). + // If not set to true, the field can be modified at any time. + // Defaulted to nil. + // +optional + immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) + + // Data contains the secret data. Each key must consist of alphanumeric + // characters, '-', '_' or '.'. The serialized form of the secret data is a + // base64 encoded string, representing the arbitrary (possibly non-string) + // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + // +optional + data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) + + // stringData allows specifying non-binary secret data in string form. + // It is provided as a write-only input field for convenience. + // All keys and values are merged into the data field on write, overwriting any existing values. + // The stringData field is never output when reading from the API. + // +k8s:conversion-gen=false + // +optional + stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) + + // Used to facilitate programmatic handling of secret data. + // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types + // +optional + type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) +} + +#MaxSecretSize: 1048576 + +#SecretType: string // #enumSecretType + +#enumSecretType: + #SecretTypeOpaque | + #SecretTypeServiceAccountToken | + #SecretTypeDockercfg | + #SecretTypeDockerConfigJson | + #SecretTypeBasicAuth | + #SecretTypeSSHAuth | + #SecretTypeTLS | + #SecretTypeBootstrapToken + +// SecretTypeOpaque is the default. Arbitrary user-defined data +#SecretTypeOpaque: #SecretType & "Opaque" + +// SecretTypeServiceAccountToken contains a token that identifies a service account to the API +// +// Required fields: +// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies +// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies +// - Secret.Data["token"] - a token that identifies the service account to the API +#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" + +// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets +#ServiceAccountNameKey: "kubernetes.io/service-account.name" + +// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets +#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" + +// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets +#ServiceAccountTokenKey: "token" + +// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets +#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" + +// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets +#ServiceAccountRootCAKey: "ca.crt" + +// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls +#ServiceAccountNamespaceKey: "namespace" + +// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg +// +// Required fields: +// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file +#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" + +// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets +#DockerConfigKey: ".dockercfg" + +// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json +// +// Required fields: +// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file +#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" + +// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets +#DockerConfigJsonKey: ".dockerconfigjson" + +// SecretTypeBasicAuth contains data needed for basic authentication. +// +// Required at least one of fields: +// - Secret.Data["username"] - username used for authentication +// - Secret.Data["password"] - password or token needed for authentication +#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" + +// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets +#BasicAuthUsernameKey: "username" + +// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets +#BasicAuthPasswordKey: "password" + +// SecretTypeSSHAuth contains data needed for SSH authetication. +// +// Required field: +// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication +#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" + +// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets +#SSHAuthPrivateKey: "ssh-privatekey" + +// SecretTypeTLS contains information about a TLS client or server secret. It +// is primarily used with TLS termination of the Ingress resource, but may be +// used in other types. +// +// Required fields: +// - Secret.Data["tls.key"] - TLS private key. +// Secret.Data["tls.crt"] - TLS certificate. +// TODO: Consider supporting different formats, specifying CA/destinationCA. +#SecretTypeTLS: #SecretType & "kubernetes.io/tls" + +// TLSCertKey is the key for tls certificates in a TLS secret. +#TLSCertKey: "tls.crt" + +// TLSPrivateKeyKey is the key for the private key field in a TLS secret. +#TLSPrivateKeyKey: "tls.key" + +// SecretTypeBootstrapToken is used during the automated bootstrap process (first +// implemented by kubeadm). It stores tokens that are used to sign well known +// ConfigMaps. They are used for authn. +#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" + +// SecretList is a list of Secret. +#SecretList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of secret objects. + // More info: https://kubernetes.io/docs/concepts/configuration/secret + items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) +} + +// ConfigMap holds configuration data for pods to consume. +#ConfigMap: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Immutable, if set to true, ensures that data stored in the ConfigMap cannot + // be updated (only object metadata can be modified). + // If not set to true, the field can be modified at any time. + // Defaulted to nil. + // +optional + immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) + + // Data contains the configuration data. + // Each key must consist of alphanumeric characters, '-', '_' or '.'. + // Values with non-UTF-8 byte sequences must use the BinaryData field. + // The keys stored in Data must not overlap with the keys in + // the BinaryData field, this is enforced during validation process. + // +optional + data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) + + // BinaryData contains the binary data. + // Each key must consist of alphanumeric characters, '-', '_' or '.'. + // BinaryData can contain byte sequences that are not in the UTF-8 range. + // The keys stored in BinaryData must not overlap with the ones in + // the Data field, this is enforced during validation process. + // Using this field will require 1.10+ apiserver and + // kubelet. + // +optional + binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) +} + +// ConfigMapList is a resource containing a list of ConfigMap objects. +#ConfigMapList: { + metav1.#TypeMeta + + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of ConfigMaps. + items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) +} + +// Type and constants for component health validation. +#ComponentConditionType: string // #enumComponentConditionType + +#enumComponentConditionType: + #ComponentHealthy + +#ComponentHealthy: #ComponentConditionType & "Healthy" + +// Information about the condition of a component. +#ComponentCondition: { + // Type of condition for a component. + // Valid value: "Healthy" + type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) + + // Status of the condition for a component. + // Valid values for "Healthy": "True", "False", or "Unknown". + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // Message about the condition for a component. + // For example, information about a health check. + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // Condition error code for a component. + // For example, a health check error code. + // +optional + error?: string @go(Error) @protobuf(4,bytes,opt) +} + +// ComponentStatus (and ComponentStatusList) holds the cluster validation info. +// Deprecated: This API is deprecated in v1.19+ +#ComponentStatus: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // List of component conditions observed + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) +} + +// Status of all the conditions for the component as a list of ComponentStatus objects. +// Deprecated: This API is deprecated in v1.19+ +#ComponentStatusList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ComponentStatus objects. + items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) +} + +// DownwardAPIVolumeSource represents a volume containing downward API info. +// Downward API volumes support ownership management and SELinux relabeling. +#DownwardAPIVolumeSource: { + // Items is a list of downward API volume file + // +optional + items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) + + // Optional: mode bits to use on created files by default. Must be a + // Optional: mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // Defaults to 0644. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) +} + +#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 + +// DownwardAPIVolumeFile represents information to create the file containing the pod field +#DownwardAPIVolumeFile: { + // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + path: string @go(Path) @protobuf(1,bytes,opt) + + // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + // +optional + fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) + + // Selects a resource of the container: only resources limits and requests + // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + // +optional + resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) + + // Optional: mode bits used to set permissions on this file, must be an octal value + // between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // If not specified, the volume defaultMode will be used. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) +} + +// Represents downward API info for projecting into a projected volume. +// Note that this is identical to a downwardAPI volume source without the default +// mode. +#DownwardAPIProjection: { + // Items is a list of DownwardAPIVolume file + // +optional + items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) +} + +// SecurityContext holds security configuration that will be applied to a container. +// Some fields are present in both SecurityContext and PodSecurityContext. When both +// are set, the values in SecurityContext take precedence. +#SecurityContext: { + // The capabilities to add/drop when running containers. + // Defaults to the default set of capabilities granted by the container runtime. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) + + // Run container in privileged mode. + // Processes in privileged containers are essentially equivalent to root on the host. + // Defaults to false. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) + + // The SELinux context to be applied to the container. + // If unspecified, the container runtime will allocate a random SELinux context for each + // container. May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) + + // The Windows specific settings applied to all containers. + // If unspecified, the options from the PodSecurityContext will be used. + // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is linux. + // +optional + windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) + + // The UID to run the entrypoint of the container process. + // Defaults to user specified in image metadata if unspecified. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) + + // The GID to run the entrypoint of the container process. + // Uses runtime default if unset. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) + + // Indicates that the container must run as a non-root user. + // If true, the Kubelet will validate the image at runtime to ensure that it + // does not run as UID 0 (root) and fail to start the container if it does. + // If unset or false, no such validation will be performed. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // +optional + runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) + + // Whether this container has a read-only root filesystem. + // Default is false. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) + + // AllowPrivilegeEscalation controls whether a process can gain more + // privileges than its parent process. This bool directly controls if + // the no_new_privs flag will be set on the container process. + // AllowPrivilegeEscalation is true always when the container is: + // 1) run as Privileged + // 2) has CAP_SYS_ADMIN + // Note that this field cannot be set when spec.os.name is windows. + // +optional + allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) + + // procMount denotes the type of proc mount to use for the containers. + // The default is DefaultProcMount which uses the container runtime defaults for + // readonly paths and masked paths. + // This requires the ProcMountType feature flag to be enabled. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) + + // The seccomp options to use by this container. If seccomp options are + // provided at both the pod & container level, the container options + // override the pod options. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) +} + +// +enum +#ProcMountType: string // #enumProcMountType + +#enumProcMountType: + #DefaultProcMount | + #UnmaskedProcMount + +// DefaultProcMount uses the container runtime defaults for readonly and masked +// paths for /proc. Most container runtimes mask certain paths in /proc to avoid +// accidental security exposure of special devices or information. +#DefaultProcMount: #ProcMountType & "Default" + +// UnmaskedProcMount bypasses the default masking behavior of the container +// runtime and ensures the newly created /proc the container stays in tact with +// no modifications. +#UnmaskedProcMount: #ProcMountType & "Unmasked" + +// SELinuxOptions are the labels to be applied to the container +#SELinuxOptions: { + // User is a SELinux user label that applies to the container. + // +optional + user?: string @go(User) @protobuf(1,bytes,opt) + + // Role is a SELinux role label that applies to the container. + // +optional + role?: string @go(Role) @protobuf(2,bytes,opt) + + // Type is a SELinux type label that applies to the container. + // +optional + type?: string @go(Type) @protobuf(3,bytes,opt) + + // Level is SELinux level label that applies to the container. + // +optional + level?: string @go(Level) @protobuf(4,bytes,opt) +} + +// WindowsSecurityContextOptions contain Windows-specific options and credentials. +#WindowsSecurityContextOptions: { + // GMSACredentialSpecName is the name of the GMSA credential spec to use. + // +optional + gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) + + // GMSACredentialSpec is where the GMSA admission webhook + // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + // GMSA credential spec named by the GMSACredentialSpecName field. + // +optional + gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) + + // The UserName in Windows to run the entrypoint of the container process. + // Defaults to the user specified in image metadata if unspecified. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // +optional + runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) + + // HostProcess determines if a container should be run as a 'Host Process' container. + // All of a Pod's containers must have the same effective HostProcess value + // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + // In addition, if HostProcess is true then HostNetwork must also be set to true. + // +optional + hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) +} + +// RangeAllocation is not a public type. +#RangeAllocation: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Range is string that identifies the range represented by 'data'. + range: string @go(Range) @protobuf(2,bytes,opt) + + // Data is a bit array containing all allocated addresses in the previous segment. + data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) +} + +// DefaultSchedulerName defines the name of default scheduler. +#DefaultSchedulerName: "default-scheduler" + +// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule +// corresponding to every RequiredDuringScheduling affinity rule. +// When the --hard-pod-affinity-weight scheduler flag is not specified, +// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. +#DefaultHardPodAffinitySymmetricWeight: int32 & 1 + +// Sysctl defines a kernel parameter to be set +#Sysctl: { + // Name of a property to set + name: string @go(Name) @protobuf(1,bytes,opt) + + // Value of a property to set + value: string @go(Value) @protobuf(2,bytes,opt) +} + +// NodeResources is an object for conveying resource information about a node. +// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. +#NodeResources: { + // Capacity represents the available resources of a node + Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) +} + +// Enable stdin for remote command execution +#ExecStdinParam: "input" + +// Enable stdout for remote command execution +#ExecStdoutParam: "output" + +// Enable stderr for remote command execution +#ExecStderrParam: "error" + +// Enable TTY for remote command execution +#ExecTTYParam: "tty" + +// Command to run for remote command execution +#ExecCommandParam: "command" + +// Name of header that specifies stream type +#StreamType: "streamType" + +// Value for streamType header for stdin stream +#StreamTypeStdin: "stdin" + +// Value for streamType header for stdout stream +#StreamTypeStdout: "stdout" + +// Value for streamType header for stderr stream +#StreamTypeStderr: "stderr" + +// Value for streamType header for data stream +#StreamTypeData: "data" + +// Value for streamType header for error stream +#StreamTypeError: "error" + +// Value for streamType header for terminal resize stream +#StreamTypeResize: "resize" + +// Name of header that specifies the port being forwarded +#PortHeader: "port" + +// Name of header that specifies a request ID used to associate the error +// and data streams for a single forwarded connection +#PortForwardRequestIDHeader: "requestID" + +// MixedProtocolNotSupported error in PortStatus means that the cloud provider +// can't publish the port on the load balancer because mixed values of protocols +// on the same LoadBalancer type of Service are not supported by the cloud provider. +#MixedProtocolNotSupported: "MixedProtocolNotSupported" + +#PortStatus: { + // Port is the port number of the service port of which status is recorded here + port: int32 @go(Port) @protobuf(1,varint,opt) + + // Protocol is the protocol of the service port of which status is recorded here + // The supported values are: "TCP", "UDP", "SCTP" + protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) + + // Error is to record the problem with the service port + // The format of the error shall comply with the following rules: + // - built-in error values shall be specified in this file and those shall use + // CamelCase names + // - cloud provider specific error values must have names that comply with the + // format foo.example.com/CamelCase. + // --- + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +optional + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue new file mode 100644 index 00000000..2a1f060b --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue @@ -0,0 +1,59 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +#LabelHostname: "kubernetes.io/hostname" + +// Label value is the network location of kube-apiserver stored as +// Stored in APIServer Identity lease objects to view what address is used for peer proxy +#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" +#LabelTopologyZone: "topology.kubernetes.io/zone" +#LabelTopologyRegion: "topology.kubernetes.io/region" + +// These label have been deprecated since 1.17, but will be supported for +// the foreseeable future, to accommodate things like long-lived PVs that +// use them. New users should prefer the "topology.kubernetes.io/*" +// equivalents. +#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" +#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" + +// Retained for compat when vendored. Do not use these consts in new code. +#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" +#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" +#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" +#LabelZoneRegionStable: "topology.kubernetes.io/region" +#LabelInstanceType: "beta.kubernetes.io/instance-type" +#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" +#LabelOSStable: "kubernetes.io/os" +#LabelArchStable: "kubernetes.io/arch" + +// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. +// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) +#LabelWindowsBuild: "node.kubernetes.io/windows-build" + +// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) +#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" + +// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) +#LabelNamespaceSuffixNode: "node.kubernetes.io" + +// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled +#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" + +// IsHeadlessService is added by Controller to an Endpoint denoting if its parent +// Service is Headless. The existence of this label can be used further by other +// controllers and kube-proxy to check if the Endpoint objects should be replicated when +// using Headless Services +#IsHeadlessService: "service.kubernetes.io/headless" + +// LabelNodeExcludeBalancers specifies that the node should not be considered as a target +// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only +// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that +// any backends on excluded nodes are not reachable by those external load-balancers. +// Implementations of this exclusion may vary based on provider. +#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" + +// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels +#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue new file mode 100644 index 00000000..b7c09733 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue @@ -0,0 +1,38 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +// TaintNodeNotReady will be added when node is not ready +// and removed when node becomes ready. +#TaintNodeNotReady: "node.kubernetes.io/not-ready" + +// TaintNodeUnreachable will be added when node becomes unreachable +// (corresponding to NodeReady status ConditionUnknown) +// and removed when node becomes reachable (NodeReady status ConditionTrue). +#TaintNodeUnreachable: "node.kubernetes.io/unreachable" + +// TaintNodeUnschedulable will be added when node becomes unschedulable +// and removed when node becomes schedulable. +#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" + +// TaintNodeMemoryPressure will be added when node has memory pressure +// and removed when node has enough memory. +#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" + +// TaintNodeDiskPressure will be added when node has disk pressure +// and removed when node has enough disk. +#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" + +// TaintNodeNetworkUnavailable will be added when node's network is unavailable +// and removed when network becomes ready. +#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" + +// TaintNodePIDPressure will be added when node has pid pressure +// and removed when node has enough pid. +#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" + +// TaintNodeOutOfService can be added when node is out of service in case of +// a non-graceful shutdown +#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue new file mode 100644 index 00000000..19a7d631 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/discovery/v1 + +package v1 + +#GroupName: "discovery.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue new file mode 100644 index 00000000..144ef53e --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue @@ -0,0 +1,206 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/discovery/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/api/core/v1" +) + +// EndpointSlice represents a subset of the endpoints that implement a service. +// For a given service there may be multiple EndpointSlice objects, selected by +// labels, which must be joined to produce the full set of endpoints. +#EndpointSlice: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // addressType specifies the type of address carried by this EndpointSlice. + // All addresses in this slice must be the same type. This field is + // immutable after creation. The following address types are currently + // supported: + // * IPv4: Represents an IPv4 Address. + // * IPv6: Represents an IPv6 Address. + // * FQDN: Represents a Fully Qualified Domain Name. + addressType: #AddressType @go(AddressType) @protobuf(4,bytes,rep) + + // endpoints is a list of unique endpoints in this slice. Each slice may + // include a maximum of 1000 endpoints. + // +listType=atomic + endpoints: [...#Endpoint] @go(Endpoints,[]Endpoint) @protobuf(2,bytes,rep) + + // ports specifies the list of network ports exposed by each endpoint in + // this slice. Each port must have a unique name. When ports is empty, it + // indicates that there are no defined ports. When a port is defined with a + // nil port value, it indicates "all ports". Each slice may include a + // maximum of 100 ports. + // +optional + // +listType=atomic + ports: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) +} + +// AddressType represents the type of address referred to by an endpoint. +// +enum +#AddressType: string // #enumAddressType + +#enumAddressType: + #AddressTypeIPv4 | + #AddressTypeIPv6 | + #AddressTypeFQDN + +// AddressTypeIPv4 represents an IPv4 Address. +#AddressTypeIPv4: #AddressType & "IPv4" + +// AddressTypeIPv6 represents an IPv6 Address. +#AddressTypeIPv6: #AddressType & "IPv6" + +// AddressTypeFQDN represents a FQDN. +#AddressTypeFQDN: #AddressType & "FQDN" + +// Endpoint represents a single logical "backend" implementing a service. +#Endpoint: { + // addresses of this endpoint. The contents of this field are interpreted + // according to the corresponding EndpointSlice addressType field. Consumers + // must handle different types of addresses in the context of their own + // capabilities. This must contain at least one address but no more than + // 100. These are all assumed to be fungible and clients may choose to only + // use the first element. Refer to: https://issue.k8s.io/106267 + // +listType=set + addresses: [...string] @go(Addresses,[]string) @protobuf(1,bytes,rep) + + // conditions contains information about the current status of the endpoint. + conditions?: #EndpointConditions @go(Conditions) @protobuf(2,bytes,opt) + + // hostname of this endpoint. This field may be used by consumers of + // endpoints to distinguish endpoints from each other (e.g. in DNS names). + // Multiple endpoints which use the same hostname should be considered + // fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS + // Label (RFC 1123) validation. + // +optional + hostname?: null | string @go(Hostname,*string) @protobuf(3,bytes,opt) + + // targetRef is a reference to a Kubernetes object that represents this + // endpoint. + // +optional + targetRef?: null | v1.#ObjectReference @go(TargetRef,*v1.ObjectReference) @protobuf(4,bytes,opt) + + // deprecatedTopology contains topology information part of the v1beta1 + // API. This field is deprecated, and will be removed when the v1beta1 + // API is removed (no sooner than kubernetes v1.24). While this field can + // hold values, it is not writable through the v1 API, and any attempts to + // write to it will be silently ignored. Topology information can be found + // in the zone and nodeName fields instead. + // +optional + deprecatedTopology?: {[string]: string} @go(DeprecatedTopology,map[string]string) @protobuf(5,bytes,opt) + + // nodeName represents the name of the Node hosting this endpoint. This can + // be used to determine endpoints local to a Node. + // +optional + nodeName?: null | string @go(NodeName,*string) @protobuf(6,bytes,opt) + + // zone is the name of the Zone this endpoint exists in. + // +optional + zone?: null | string @go(Zone,*string) @protobuf(7,bytes,opt) + + // hints contains information associated with how an endpoint should be + // consumed. + // +optional + hints?: null | #EndpointHints @go(Hints,*EndpointHints) @protobuf(8,bytes,opt) +} + +// EndpointConditions represents the current condition of an endpoint. +#EndpointConditions: { + // ready indicates that this endpoint is prepared to receive traffic, + // according to whatever system is managing the endpoint. A nil value + // indicates an unknown state. In most cases consumers should interpret this + // unknown state as ready. For compatibility reasons, ready should never be + // "true" for terminating endpoints, except when the normal readiness + // behavior is being explicitly overridden, for example when the associated + // Service has set the publishNotReadyAddresses flag. + // +optional + ready?: null | bool @go(Ready,*bool) @protobuf(1,bytes) + + // serving is identical to ready except that it is set regardless of the + // terminating state of endpoints. This condition should be set to true for + // a ready endpoint that is terminating. If nil, consumers should defer to + // the ready condition. + // +optional + serving?: null | bool @go(Serving,*bool) @protobuf(2,bytes) + + // terminating indicates that this endpoint is terminating. A nil value + // indicates an unknown state. Consumers should interpret this unknown state + // to mean that the endpoint is not terminating. + // +optional + terminating?: null | bool @go(Terminating,*bool) @protobuf(3,bytes) +} + +// EndpointHints provides hints describing how an endpoint should be consumed. +#EndpointHints: { + // forZones indicates the zone(s) this endpoint should be consumed by to + // enable topology aware routing. + // +listType=atomic + forZones?: [...#ForZone] @go(ForZones,[]ForZone) @protobuf(1,bytes) +} + +// ForZone provides information about which zones should consume this endpoint. +#ForZone: { + // name represents the name of the zone. + name: string @go(Name) @protobuf(1,bytes) +} + +// EndpointPort represents a Port used by an EndpointSlice +// +structType=atomic +#EndpointPort: { + // name represents the name of this port. All ports in an EndpointSlice must have a unique name. + // If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. + // Name must either be an empty string or pass DNS_LABEL validation: + // * must be no more than 63 characters long. + // * must consist of lower case alphanumeric characters or '-'. + // * must start and end with an alphanumeric character. + // Default is empty string. + name?: null | string @go(Name,*string) @protobuf(1,bytes) + + // protocol represents the IP protocol for this port. + // Must be UDP, TCP, or SCTP. + // Default is TCP. + protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(2,bytes) + + // port represents the port number of the endpoint. + // If this is not specified, ports are not restricted and must be + // interpreted in the context of the specific consumer. + port?: null | int32 @go(Port,*int32) @protobuf(3,bytes,opt) + + // The application protocol for this port. + // This is used as a hint for implementations to offer richer behavior for protocols that they understand. + // This field follows standard Kubernetes label syntax. + // Valid values are either: + // + // * Un-prefixed protocol names - reserved for IANA standard service names (as per + // RFC-6335 and https://www.iana.org/assignments/service-names). + // + // * Kubernetes-defined prefixed names: + // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + // + // * Other protocols should use implementation-defined prefixed names such as + // mycompany.com/my-custom-protocol. + // +optional + appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes) +} + +// EndpointSliceList represents a list of endpoint slices +#EndpointSliceList: { + metav1.#TypeMeta + + // Standard list metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of endpoint slices + items: [...#EndpointSlice] @go(Items,[]EndpointSlice) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue b/test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue new file mode 100644 index 00000000..9c40d30e --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue @@ -0,0 +1,20 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/discovery/v1 + +package v1 + +// LabelServiceName is used to indicate the name of a Kubernetes service. +#LabelServiceName: "kubernetes.io/service-name" + +// LabelManagedBy is used to indicate the controller or entity that manages +// an EndpointSlice. This label aims to enable different EndpointSlice +// objects to be managed by different controllers or entities within the +// same cluster. It is highly recommended to configure this label for all +// EndpointSlices. +#LabelManagedBy: "endpointslice.kubernetes.io/managed-by" + +// LabelSkipMirror can be set to true on an Endpoints resource to indicate +// that the EndpointSliceMirroring controller should not mirror this +// resource with EndpointSlices. +#LabelSkipMirror: "endpointslice.kubernetes.io/skip-mirror" diff --git a/test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue new file mode 100644 index 00000000..c4138c1c --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/events/v1 + +package v1 + +#GroupName: "events.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue new file mode 100644 index 00000000..47acc8fc --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue @@ -0,0 +1,111 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/events/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" +) + +// Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. +// Events have a limited retention time and triggers and messages may evolve +// with time. Event consumers should not rely on the timing of an event +// with a given Reason reflecting a consistent underlying trigger, or the +// continued existence of events with that Reason. Events should be +// treated as informative, best-effort, supplemental data. +#Event: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // eventTime is the time when this Event was first observed. It is required. + eventTime: metav1.#MicroTime @go(EventTime) @protobuf(2,bytes,opt) + + // series is data about the Event series this event represents or nil if it's a singleton Event. + // +optional + series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(3,bytes,opt) + + // reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. + // This field cannot be empty for new Events. + reportingController?: string @go(ReportingController) @protobuf(4,bytes,opt) + + // reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. + // This field cannot be empty for new Events and it can have at most 128 characters. + reportingInstance?: string @go(ReportingInstance) @protobuf(5,bytes,opt) + + // action is what action was taken/failed regarding to the regarding object. It is machine-readable. + // This field cannot be empty for new Events and it can have at most 128 characters. + action?: string @go(Action) @protobuf(6,bytes) + + // reason is why the action was taken. It is human-readable. + // This field cannot be empty for new Events and it can have at most 128 characters. + reason?: string @go(Reason) @protobuf(7,bytes) + + // regarding contains the object this Event is about. In most cases it's an Object reporting controller + // implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because + // it acts on some changes in a ReplicaSet object. + // +optional + regarding?: corev1.#ObjectReference @go(Regarding) @protobuf(8,bytes,opt) + + // related is the optional secondary object for more complex actions. E.g. when regarding object triggers + // a creation or deletion of related object. + // +optional + related?: null | corev1.#ObjectReference @go(Related,*corev1.ObjectReference) @protobuf(9,bytes,opt) + + // note is a human-readable description of the status of this operation. + // Maximal length of the note is 1kB, but libraries should be prepared to + // handle values up to 64kB. + // +optional + note?: string @go(Note) @protobuf(10,bytes,opt) + + // type is the type of this event (Normal, Warning), new types could be added in the future. + // It is machine-readable. + // This field cannot be empty for new Events. + type?: string @go(Type) @protobuf(11,bytes,opt) + + // deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type. + // +optional + deprecatedSource?: corev1.#EventSource @go(DeprecatedSource) @protobuf(12,bytes,opt) + + // deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. + // +optional + deprecatedFirstTimestamp?: metav1.#Time @go(DeprecatedFirstTimestamp) @protobuf(13,bytes,opt) + + // deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. + // +optional + deprecatedLastTimestamp?: metav1.#Time @go(DeprecatedLastTimestamp) @protobuf(14,bytes,opt) + + // deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type. + // +optional + deprecatedCount?: int32 @go(DeprecatedCount) @protobuf(15,varint,opt) +} + +// EventSeries contain information on series of events, i.e. thing that was/is happening +// continuously for some time. How often to update the EventSeries is up to the event reporters. +// The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows +// how this struct is updated on heartbeats and can guide customized reporter implementations. +#EventSeries: { + // count is the number of occurrences in this series up to the last heartbeat time. + count: int32 @go(Count) @protobuf(1,varint,opt) + + // lastObservedTime is the time when last Event from the series was seen before last heartbeat. + lastObservedTime: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes,opt) +} + +// EventList is a list of Event objects. +#EventList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of schema objects. + items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue new file mode 100644 index 00000000..f1042622 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/networking/v1 + +package v1 + +#GroupName: "networking.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue new file mode 100644 index 00000000..bbdc7f2b --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue @@ -0,0 +1,588 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/networking/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +// NetworkPolicy describes what network traffic is allowed for a set of Pods +#NetworkPolicy: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec represents the specification of the desired behavior for this NetworkPolicy. + // +optional + spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt) +} + +// PolicyType string describes the NetworkPolicy type +// This type is beta-level in 1.8 +// +enum +#PolicyType: string // #enumPolicyType + +#enumPolicyType: + #PolicyTypeIngress | + #PolicyTypeEgress + +// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods +#PolicyTypeIngress: #PolicyType & "Ingress" + +// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods +#PolicyTypeEgress: #PolicyType & "Egress" + +// NetworkPolicySpec provides the specification of a NetworkPolicy +#NetworkPolicySpec: { + // podSelector selects the pods to which this NetworkPolicy object applies. + // The array of ingress rules is applied to any pods selected by this field. + // Multiple network policies can select the same set of pods. In this case, + // the ingress rules for each are combined additively. + // This field is NOT optional and follows standard label selector semantics. + // An empty podSelector matches all pods in this namespace. + podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt) + + // ingress is a list of ingress rules to be applied to the selected pods. + // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod + // (and cluster policy otherwise allows the traffic), OR if the traffic source is + // the pod's local node, OR if the traffic matches at least one ingress rule + // across all of the NetworkPolicy objects whose podSelector matches the pod. If + // this field is empty then this NetworkPolicy does not allow any traffic (and serves + // solely to ensure that the pods it selects are isolated by default) + // +optional + ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep) + + // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic + // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy + // otherwise allows the traffic), OR if the traffic matches at least one egress rule + // across all of the NetworkPolicy objects whose podSelector matches the pod. If + // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves + // solely to ensure that the pods it selects are isolated by default). + // This field is beta-level in 1.8 + // +optional + egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep) + + // policyTypes is a list of rule types that the NetworkPolicy relates to. + // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. + // If this field is not specified, it will default based on the existence of ingress or egress rules; + // policies that contain an egress section are assumed to affect egress, and all policies + // (whether or not they contain an ingress section) are assumed to affect ingress. + // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. + // Likewise, if you want to write a policy that specifies that no egress is allowed, + // you must specify a policyTypes value that include "Egress" (since such a policy would not include + // an egress section and would otherwise default to just [ "Ingress" ]). + // This field is beta-level in 1.8 + // +optional + policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType) +} + +// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods +// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. +#NetworkPolicyIngressRule: { + // ports is a list of ports which should be made accessible on the pods selected for + // this rule. Each item in this list is combined using a logical OR. If this field is + // empty or missing, this rule matches all ports (traffic not restricted by port). + // If this field is present and contains at least one item, then this rule allows + // traffic only if the traffic matches at least one port in the list. + // +optional + ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) + + // from is a list of sources which should be able to access the pods selected for this rule. + // Items in this list are combined using a logical OR operation. If this field is + // empty or missing, this rule matches all sources (traffic not restricted by + // source). If this field is present and contains at least one item, this rule + // allows traffic only if the traffic matches at least one item in the from list. + // +optional + from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) +} + +// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods +// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. +// This type is beta-level in 1.8 +#NetworkPolicyEgressRule: { + // ports is a list of destination ports for outgoing traffic. + // Each item in this list is combined using a logical OR. If this field is + // empty or missing, this rule matches all ports (traffic not restricted by port). + // If this field is present and contains at least one item, then this rule allows + // traffic only if the traffic matches at least one port in the list. + // +optional + ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) + + // to is a list of destinations for outgoing traffic of pods selected for this rule. + // Items in this list are combined using a logical OR operation. If this field is + // empty or missing, this rule matches all destinations (traffic not restricted by + // destination). If this field is present and contains at least one item, this rule + // allows traffic only if the traffic matches at least one item in the to list. + // +optional + to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) +} + +// NetworkPolicyPort describes a port to allow traffic on +#NetworkPolicyPort: { + // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. + // If not specified, this field defaults to TCP. + // +optional + protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol) + + // port represents the port on the given protocol. This can either be a numerical or named + // port on a pod. If this field is not provided, this matches all port names and + // numbers. + // If present, only traffic on the specified protocol AND port will be matched. + // +optional + port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt) + + // endPort indicates that the range of ports from port to endPort if set, inclusive, + // should be allowed by the policy. This field cannot be defined if the port field + // is not defined or if the port field is defined as a named (string) port. + // The endPort must be equal or greater than port. + // +optional + endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt) +} + +// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed +// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs +// that should not be included within this rule. +#IPBlock: { + // cidr is a string representing the IPBlock + // Valid examples are "192.168.1.0/24" or "2001:db8::/64" + cidr: string @go(CIDR) @protobuf(1,bytes) + + // except is a slice of CIDRs that should not be included within an IPBlock + // Valid examples are "192.168.1.0/24" or "2001:db8::/64" + // Except values will be rejected if they are outside the cidr range + // +optional + except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep) +} + +// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of +// fields are allowed +#NetworkPolicyPeer: { + // podSelector is a label selector which selects pods. This field follows standard label + // selector semantics; if present but empty, it selects all pods. + // + // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects + // the pods matching podSelector in the Namespaces selected by NamespaceSelector. + // Otherwise it selects the pods matching podSelector in the policy's own namespace. + // +optional + podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) + + // namespaceSelector selects namespaces using cluster-scoped labels. This field follows + // standard label selector semantics; if present but empty, it selects all namespaces. + // + // If podSelector is also set, then the NetworkPolicyPeer as a whole selects + // the pods matching podSelector in the namespaces selected by namespaceSelector. + // Otherwise it selects all pods in the namespaces selected by namespaceSelector. + // +optional + namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // ipBlock defines policy on a particular IPBlock. If this field is set then + // neither of the other fields can be. + // +optional + ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep) +} + +// NetworkPolicyList is a list of NetworkPolicy objects. +#NetworkPolicyList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of schema objects. + items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep) +} + +// Ingress is a collection of rules that allow inbound connections to reach the +// endpoints defined by a backend. An Ingress can be configured to give services +// externally-reachable urls, load balance traffic, terminate SSL, offer name +// based virtual hosting etc. +#Ingress: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec is the desired state of the Ingress. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt) + + // status is the current state of the Ingress. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt) +} + +// IngressList is a collection of Ingress. +#IngressList: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of Ingress. + items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep) +} + +// IngressSpec describes the Ingress the user wishes to exist. +#IngressSpec: { + // ingressClassName is the name of an IngressClass cluster resource. Ingress + // controller implementations use this field to know whether they should be + // serving this Ingress resource, by a transitive connection + // (controller -> IngressClass -> Ingress resource). Although the + // `kubernetes.io/ingress.class` annotation (simple constant name) was never + // formally defined, it was widely supported by Ingress controllers to create + // a direct binding between Ingress controller and Ingress resources. Newly + // created Ingress resources should prefer using the field. However, even + // though the annotation is officially deprecated, for backwards compatibility + // reasons, ingress controllers should still honor that annotation if present. + // +optional + ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt) + + // defaultBackend is the backend that should handle requests that don't + // match any rule. If Rules are not specified, DefaultBackend must be specified. + // If DefaultBackend is not set, the handling of requests that do not match any + // of the rules will be up to the Ingress controller. + // +optional + defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt) + + // tls represents the TLS configuration. Currently the Ingress only supports a + // single TLS port, 443. If multiple members of this list specify different hosts, + // they will be multiplexed on the same port according to the hostname specified + // through the SNI TLS extension, if the ingress controller fulfilling the + // ingress supports SNI. + // +listType=atomic + // +optional + tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep) + + // rules is a list of host rules used to configure the Ingress. If unspecified, + // or no rule matches, all traffic is sent to the default backend. + // +listType=atomic + // +optional + rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep) +} + +// IngressTLS describes the transport layer security associated with an ingress. +#IngressTLS: { + // hosts is a list of hosts included in the TLS certificate. The values in + // this list must match the name/s used in the tlsSecret. Defaults to the + // wildcard host setting for the loadbalancer controller fulfilling this + // Ingress, if left unspecified. + // +listType=atomic + // +optional + hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep) + + // secretName is the name of the secret used to terminate TLS traffic on + // port 443. Field is left optional to allow TLS routing based on SNI + // hostname alone. If the SNI host in a listener conflicts with the "Host" + // header field used by an IngressRule, the SNI host is used for termination + // and value of the "Host" header is used for routing. + // +optional + secretName?: string @go(SecretName) @protobuf(2,bytes,opt) +} + +// IngressStatus describe the current state of the Ingress. +#IngressStatus: { + // loadBalancer contains the current status of the load-balancer. + // +optional + loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) +} + +// IngressLoadBalancerStatus represents the status of a load-balancer. +#IngressLoadBalancerStatus: { + // ingress is a list containing ingress points for the load-balancer. + // +optional + ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep) +} + +// IngressLoadBalancerIngress represents the status of a load-balancer ingress point. +#IngressLoadBalancerIngress: { + // ip is set for load-balancer ingress points that are IP based. + // +optional + ip?: string @go(IP) @protobuf(1,bytes,opt) + + // hostname is set for load-balancer ingress points that are DNS based. + // +optional + hostname?: string @go(Hostname) @protobuf(2,bytes,opt) + + // ports provides information about the ports exposed by this LoadBalancer. + // +listType=atomic + // +optional + ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep) +} + +// IngressPortStatus represents the error condition of a service port +#IngressPortStatus: { + // port is the port number of the ingress port. + port: int32 @go(Port) @protobuf(1,varint,opt) + + // protocol is the protocol of the ingress port. + // The supported values are: "TCP", "UDP", "SCTP" + protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) + + // error is to record the problem with the service port + // The format of the error shall comply with the following rules: + // - built-in error values shall be specified in this file and those shall use + // CamelCase names + // - cloud provider specific error values must have names that comply with the + // format foo.example.com/CamelCase. + // --- + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +optional + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) +} + +// IngressRule represents the rules mapping the paths under a specified host to +// the related backend services. Incoming requests are first evaluated for a host +// match, then routed to the backend associated with the matching IngressRuleValue. +#IngressRule: { + // host is the fully qualified domain name of a network host, as defined by RFC 3986. + // Note the following deviations from the "host" part of the + // URI as defined in RFC 3986: + // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to + // the IP in the Spec of the parent Ingress. + // 2. The `:` delimiter is not respected because ports are not allowed. + // Currently the port of an Ingress is implicitly :80 for http and + // :443 for https. + // Both these may change in the future. + // Incoming requests are matched against the host before the + // IngressRuleValue. If the host is unspecified, the Ingress routes all + // traffic based on the specified IngressRuleValue. + // + // host can be "precise" which is a domain name without the terminating dot of + // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name + // prefixed with a single wildcard label (e.g. "*.foo.com"). + // The wildcard character '*' must appear by itself as the first DNS label and + // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). + // Requests will be matched against the Host field in the following way: + // 1. If host is precise, the request matches this rule if the http host header is equal to Host. + // 2. If host is a wildcard, then the request matches this rule if the http host header + // is to equal to the suffix (removing the first label) of the wildcard rule. + // +optional + host?: string @go(Host) @protobuf(1,bytes,opt) + + #IngressRuleValue +} + +// IngressRuleValue represents a rule to apply against incoming requests. If the +// rule is satisfied, the request is routed to the specified backend. Currently +// mixing different types of rules in a single Ingress is disallowed, so exactly +// one of the following must be set. +#IngressRuleValue: { + // +optional + http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt) +} + +// HTTPIngressRuleValue is a list of http selectors pointing to backends. +// In the example: http:///? -> backend where +// where parts of the url correspond to RFC 3986, this resource will be used +// to match against everything after the last '/' and before the first '?' +// or '#'. +#HTTPIngressRuleValue: { + // paths is a collection of paths that map requests to backends. + // +listType=atomic + paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep) +} + +// PathType represents the type of path referred to by a HTTPIngressPath. +// +enum +#PathType: string // #enumPathType + +#enumPathType: + #PathTypeExact | + #PathTypePrefix | + #PathTypeImplementationSpecific + +// PathTypeExact matches the URL path exactly and with case sensitivity. +#PathTypeExact: #PathType & "Exact" + +// PathTypePrefix matches based on a URL path prefix split by '/'. Matching +// is case sensitive and done on a path element by element basis. A path +// element refers to the list of labels in the path split by the '/' +// separator. A request is a match for path p if every p is an element-wise +// prefix of p of the request path. Note that if the last element of the +// path is a substring of the last element in request path, it is not a +// match (e.g. /foo/bar matches /foo/bar/baz, but does not match +// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the +// longest matching path is given priority. +// Examples: +// - /foo/bar does not match requests to /foo/barbaz +// - /foo/bar matches request to /foo/bar and /foo/bar/baz +// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are +// present in an Ingress spec, the longest matching path (/foo/) is given +// priority. +#PathTypePrefix: #PathType & "Prefix" + +// PathTypeImplementationSpecific matching is up to the IngressClass. +// Implementations can treat this as a separate PathType or treat it +// identically to Prefix or Exact path types. +#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific" + +// HTTPIngressPath associates a path with a backend. Incoming urls matching the +// path are forwarded to the backend. +#HTTPIngressPath: { + // path is matched against the path of an incoming request. Currently it can + // contain characters disallowed from the conventional "path" part of a URL + // as defined by RFC 3986. Paths must begin with a '/' and must be present + // when using PathType with value "Exact" or "Prefix". + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) + + // pathType determines the interpretation of the path matching. PathType can + // be one of the following values: + // * Exact: Matches the URL path exactly. + // * Prefix: Matches based on a URL path prefix split by '/'. Matching is + // done on a path element by element basis. A path element refers is the + // list of labels in the path split by the '/' separator. A request is a + // match for path p if every p is an element-wise prefix of p of the + // request path. Note that if the last element of the path is a substring + // of the last element in request path, it is not a match (e.g. /foo/bar + // matches /foo/bar/baz, but does not match /foo/barbaz). + // * ImplementationSpecific: Interpretation of the Path matching is up to + // the IngressClass. Implementations can treat this as a separate PathType + // or treat it identically to Prefix or Exact path types. + // Implementations are required to support all path types. + pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt) + + // backend defines the referenced service endpoint to which the traffic + // will be forwarded to. + backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt) +} + +// IngressBackend describes all endpoints for a given service and port. +#IngressBackend: { + // service references a service as a backend. + // This is a mutually exclusive setting with "Resource". + // +optional + service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt) + + // resource is an ObjectRef to another Kubernetes resource in the namespace + // of the Ingress object. If resource is specified, a service.Name and + // service.Port must not be specified. + // This is a mutually exclusive setting with "Service". + // +optional + resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt) +} + +// IngressServiceBackend references a Kubernetes Service as a Backend. +#IngressServiceBackend: { + // name is the referenced service. The service must exist in + // the same namespace as the Ingress object. + name: string @go(Name) @protobuf(1,bytes,opt) + + // port of the referenced service. A port name or port number + // is required for a IngressServiceBackend. + port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt) +} + +// ServiceBackendPort is the service port being referenced. +#ServiceBackendPort: { + // name is the name of the port on the Service. + // This is a mutually exclusive setting with "Number". + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // number is the numerical port number (e.g. 80) on the Service. + // This is a mutually exclusive setting with "Name". + // +optional + number?: int32 @go(Number) @protobuf(2,bytes,opt) +} + +// IngressClass represents the class of the Ingress, referenced by the Ingress +// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be +// used to indicate that an IngressClass should be considered default. When a +// single IngressClass resource has this annotation set to true, new Ingress +// resources without a class specified will be assigned this default class. +#IngressClass: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec is the desired state of the IngressClass. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// IngressClassSpec provides information about the class of an Ingress. +#IngressClassSpec: { + // controller refers to the name of the controller that should handle this + // class. This allows for different "flavors" that are controlled by the + // same controller. For example, you may have different parameters for the + // same implementing controller. This should be specified as a + // domain-prefixed path no more than 250 characters in length, e.g. + // "acme.io/ingress-controller". This field is immutable. + controller?: string @go(Controller) @protobuf(1,bytes,opt) + + // parameters is a link to a custom resource containing additional + // configuration for the controller. This is optional if the controller does + // not require extra parameters. + // +optional + parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt) +} + +// IngressClassParametersReferenceScopeNamespace indicates that the +// referenced Parameters resource is namespace-scoped. +#IngressClassParametersReferenceScopeNamespace: "Namespace" + +// IngressClassParametersReferenceScopeCluster indicates that the +// referenced Parameters resource is cluster-scoped. +#IngressClassParametersReferenceScopeCluster: "Cluster" + +// IngressClassParametersReference identifies an API object. This can be used +// to specify a cluster or namespace-scoped resource. +#IngressClassParametersReference: { + // apiGroup is the group for the resource being referenced. If APIGroup is + // not specified, the specified Kind must be in the core API group. For any + // other third-party types, APIGroup is required. + // +optional + apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup) + + // kind is the type of resource being referenced. + kind: string @go(Kind) @protobuf(2,bytes,opt) + + // name is the name of resource being referenced. + name: string @go(Name) @protobuf(3,bytes,opt) + + // scope represents if this refers to a cluster or namespace scoped resource. + // This may be set to "Cluster" (default) or "Namespace". + // +optional + scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt) + + // namespace is the namespace of the resource being referenced. This field is + // required when scope is set to "Namespace" and must be unset when scope is set to + // "Cluster". + // +optional + namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt) +} + +// IngressClassList is a collection of IngressClasses. +#IngressClassList: { + metav1.#TypeMeta + + // Standard list metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of IngressClasses. + items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue b/test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue new file mode 100644 index 00000000..bee74f4b --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue @@ -0,0 +1,11 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/networking/v1 + +package v1 + +// AnnotationIsDefaultIngressClass can be used to indicate that an +// IngressClass should be considered default. When a single IngressClass +// resource has this annotation set to true, new Ingress resources without a +// class specified will be assigned this default class. +#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class" diff --git a/test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue new file mode 100644 index 00000000..5969b44f --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/node/v1 + +package v1 + +#GroupName: "node.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue new file mode 100644 index 00000000..3934557c --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue @@ -0,0 +1,90 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/node/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + corev1 "k8s.io/api/core/v1" +) + +// RuntimeClass defines a class of container runtime supported in the cluster. +// The RuntimeClass is used to determine which container runtime is used to run +// all containers in a pod. RuntimeClasses are manually defined by a +// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is +// responsible for resolving the RuntimeClassName reference before running the +// pod. For more details, see +// https://kubernetes.io/docs/concepts/containers/runtime-class/ +#RuntimeClass: { + metav1.#TypeMeta + + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // handler specifies the underlying runtime and configuration that the CRI + // implementation will use to handle pods of this class. The possible values + // are specific to the node & CRI configuration. It is assumed that all + // handlers are available on every node, and handlers of the same name are + // equivalent on every node. + // For example, a handler called "runc" might specify that the runc OCI + // runtime (using native Linux containers) will be used to run the containers + // in a pod. + // The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, + // and is immutable. + handler: string @go(Handler) @protobuf(2,bytes,opt) + + // overhead represents the resource overhead associated with running a pod for a + // given RuntimeClass. For more details, see + // https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/ + // +optional + overhead?: null | #Overhead @go(Overhead,*Overhead) @protobuf(3,bytes,opt) + + // scheduling holds the scheduling constraints to ensure that pods running + // with this RuntimeClass are scheduled to nodes that support it. + // If scheduling is nil, this RuntimeClass is assumed to be supported by all + // nodes. + // +optional + scheduling?: null | #Scheduling @go(Scheduling,*Scheduling) @protobuf(4,bytes,opt) +} + +// Overhead structure represents the resource overhead associated with running a pod. +#Overhead: { + // podFixed represents the fixed resource overhead associated with running a pod. + // +optional + podFixed?: corev1.#ResourceList @go(PodFixed) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName,castvalue=k8s.io/apimachinery/pkg/api/resource.Quantity) +} + +// Scheduling specifies the scheduling constraints for nodes supporting a +// RuntimeClass. +#Scheduling: { + // nodeSelector lists labels that must be present on nodes that support this + // RuntimeClass. Pods using this RuntimeClass can only be scheduled to a + // node matched by this selector. The RuntimeClass nodeSelector is merged + // with a pod's existing nodeSelector. Any conflicts will cause the pod to + // be rejected in admission. + // +optional + // +mapType=atomic + nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(1,bytes,opt) + + // tolerations are appended (excluding duplicates) to pods running with this + // RuntimeClass during admission, effectively unioning the set of nodes + // tolerated by the pod and the RuntimeClass. + // +optional + // +listType=atomic + tolerations?: [...corev1.#Toleration] @go(Tolerations,[]corev1.Toleration) @protobuf(2,bytes,rep) +} + +// RuntimeClassList is a list of RuntimeClass objects. +#RuntimeClassList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of schema objects. + items: [...#RuntimeClass] @go(Items,[]RuntimeClass) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue new file mode 100644 index 00000000..dedcdc34 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue @@ -0,0 +1,8 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/policy/v1 + +// Package policy is for any kind of policy object. Suitable examples, even if +// they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, +// NetworkPolicy, etc. +package v1 diff --git a/test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue new file mode 100644 index 00000000..e38fa373 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/policy/v1 + +package v1 + +#GroupName: "policy" diff --git a/test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue new file mode 100644 index 00000000..5901cc6d --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue @@ -0,0 +1,204 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/policy/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +#DisruptionBudgetCause: metav1.#CauseType & "DisruptionBudget" + +// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget. +#PodDisruptionBudgetSpec: { + // An eviction is allowed if at least "minAvailable" pods selected by + // "selector" will still be available after the eviction, i.e. even in the + // absence of the evicted pod. So for example you can prevent all voluntary + // evictions by specifying "100%". + // +optional + minAvailable?: null | intstr.#IntOrString @go(MinAvailable,*intstr.IntOrString) @protobuf(1,bytes,opt) + + // Label query over pods whose evictions are managed by the disruption + // budget. + // A null selector will match no pods, while an empty ({}) selector will select + // all pods within the namespace. + // +patchStrategy=replace + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // An eviction is allowed if at most "maxUnavailable" pods selected by + // "selector" are unavailable after the eviction, i.e. even in absence of + // the evicted pod. For example, one can prevent all voluntary evictions + // by specifying 0. This is a mutually exclusive setting with "minAvailable". + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(3,bytes,opt) + + // UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods + // should be considered for eviction. Current implementation considers healthy pods, + // as pods that have status.conditions item with type="Ready",status="True". + // + // Valid policies are IfHealthyBudget and AlwaysAllow. + // If no policy is specified, the default behavior will be used, + // which corresponds to the IfHealthyBudget policy. + // + // IfHealthyBudget policy means that running pods (status.phase="Running"), + // but not yet healthy can be evicted only if the guarded application is not + // disrupted (status.currentHealthy is at least equal to status.desiredHealthy). + // Healthy pods will be subject to the PDB for eviction. + // + // AlwaysAllow policy means that all running pods (status.phase="Running"), + // but not yet healthy are considered disrupted and can be evicted regardless + // of whether the criteria in a PDB is met. This means perspective running + // pods of a disrupted application might not get a chance to become healthy. + // Healthy pods will be subject to the PDB for eviction. + // + // Additional policies may be added in the future. + // Clients making eviction decisions should disallow eviction of unhealthy pods + // if they encounter an unrecognized policy in this field. + // + // This field is beta-level. The eviction API uses this field when + // the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). + // +optional + unhealthyPodEvictionPolicy?: null | #UnhealthyPodEvictionPolicyType @go(UnhealthyPodEvictionPolicy,*UnhealthyPodEvictionPolicyType) @protobuf(4,bytes,opt) +} + +// UnhealthyPodEvictionPolicyType defines the criteria for when unhealthy pods +// should be considered for eviction. +// +enum +#UnhealthyPodEvictionPolicyType: string // #enumUnhealthyPodEvictionPolicyType + +#enumUnhealthyPodEvictionPolicyType: + #IfHealthyBudget | + #AlwaysAllow + +// IfHealthyBudget policy means that running pods (status.phase="Running"), +// but not yet healthy can be evicted only if the guarded application is not +// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). +// Healthy pods will be subject to the PDB for eviction. +#IfHealthyBudget: #UnhealthyPodEvictionPolicyType & "IfHealthyBudget" + +// AlwaysAllow policy means that all running pods (status.phase="Running"), +// but not yet healthy are considered disrupted and can be evicted regardless +// of whether the criteria in a PDB is met. This means perspective running +// pods of a disrupted application might not get a chance to become healthy. +// Healthy pods will be subject to the PDB for eviction. +#AlwaysAllow: #UnhealthyPodEvictionPolicyType & "AlwaysAllow" + +// PodDisruptionBudgetStatus represents information about the status of a +// PodDisruptionBudget. Status may trail the actual state of a system. +#PodDisruptionBudgetStatus: { + // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other + // status information is valid only if observedGeneration equals to PDB's object generation. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) + + // DisruptedPods contains information about pods whose eviction was + // processed by the API server eviction subresource handler but has not + // yet been observed by the PodDisruptionBudget controller. + // A pod will be in this map from the time when the API server processed the + // eviction request to the time when the pod is seen by PDB controller + // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod + // and the value is the time when the API server processed the eviction request. If + // the deletion didn't occur and a pod is still there it will be removed from + // the list automatically by PodDisruptionBudget controller after some time. + // If everything goes smooth this map should be empty for the most of the time. + // Large number of entries in the map may indicate problems with pod deletions. + // +optional + disruptedPods?: {[string]: metav1.#Time} @go(DisruptedPods,map[string]metav1.Time) @protobuf(2,bytes,rep) + + // Number of pod disruptions that are currently allowed. + disruptionsAllowed: int32 @go(DisruptionsAllowed) @protobuf(3,varint,opt) + + // current number of healthy pods + currentHealthy: int32 @go(CurrentHealthy) @protobuf(4,varint,opt) + + // minimum desired number of healthy pods + desiredHealthy: int32 @go(DesiredHealthy) @protobuf(5,varint,opt) + + // total number of pods counted by this disruption budget + expectedPods: int32 @go(ExpectedPods) @protobuf(6,varint,opt) + + // Conditions contain conditions for PDB. The disruption controller sets the + // DisruptionAllowed condition. The following are known values for the reason field + // (additional reasons could be added in the future): + // - SyncFailed: The controller encountered an error and wasn't able to compute + // the number of allowed disruptions. Therefore no disruptions are + // allowed and the status of the condition will be False. + // - InsufficientPods: The number of pods are either at or below the number + // required by the PodDisruptionBudget. No disruptions are + // allowed and the status of the condition will be False. + // - SufficientPods: There are more pods than required by the PodDisruptionBudget. + // The condition will be True, and the number of allowed + // disruptions are provided by the disruptionsAllowed property. + // + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(7,bytes,rep) +} + +// DisruptionAllowedCondition is a condition set by the disruption controller +// that signal whether any of the pods covered by the PDB can be disrupted. +#DisruptionAllowedCondition: "DisruptionAllowed" + +// SyncFailedReason is set on the DisruptionAllowed condition if reconcile +// of the PDB failed and therefore disruption of pods are not allowed. +#SyncFailedReason: "SyncFailed" + +// SufficientPodsReason is set on the DisruptionAllowed condition if there are +// more pods covered by the PDB than required and at least one can be disrupted. +#SufficientPodsReason: "SufficientPods" + +// InsufficientPodsReason is set on the DisruptionAllowed condition if the number +// of pods are equal to or fewer than required by the PDB. +#InsufficientPodsReason: "InsufficientPods" + +// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods +#PodDisruptionBudget: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the PodDisruptionBudget. + // +optional + spec?: #PodDisruptionBudgetSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the PodDisruptionBudget. + // +optional + status?: #PodDisruptionBudgetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PodDisruptionBudgetList is a collection of PodDisruptionBudgets. +#PodDisruptionBudgetList: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of PodDisruptionBudgets + items: [...#PodDisruptionBudget] @go(Items,[]PodDisruptionBudget) @protobuf(2,bytes,rep) +} + +// Eviction evicts a pod from its node subject to certain policies and safety constraints. +// This is a subresource of Pod. A request to cause such an eviction is +// created by POSTing to .../pods//evictions. +#Eviction: { + metav1.#TypeMeta + + // ObjectMeta describes the pod that is being evicted. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // DeleteOptions may be provided + // +optional + deleteOptions?: null | metav1.#DeleteOptions @go(DeleteOptions,*metav1.DeleteOptions) @protobuf(2,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue new file mode 100644 index 00000000..1c83e8b4 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/rbac/v1 + +package v1 + +#GroupName: "rbac.authorization.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue new file mode 100644 index 00000000..521e355e --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue @@ -0,0 +1,207 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/rbac/v1 + +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +#APIGroupAll: "*" +#ResourceAll: "*" +#VerbAll: "*" +#NonResourceAll: "*" +#GroupKind: "Group" +#ServiceAccountKind: "ServiceAccount" +#UserKind: "User" + +// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" +#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate" + +// PolicyRule holds information that describes a policy rule, but does not contain information +// about who the rule applies to or which namespace the rule applies to. +#PolicyRule: { + // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. + verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) + + // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of + // the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. + // +optional + apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) + + // Resources is a list of resources this rule applies to. '*' represents all resources. + // +optional + resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) + + // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + // +optional + resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) + + // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path + // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. + // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + // +optional + nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep) +} + +// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, +// or a value for non-objects such as user and group names. +// +structType=atomic +#Subject: { + // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". + // If the Authorizer does not recognized the kind value, the Authorizer should report an error. + kind: string @go(Kind) @protobuf(1,bytes,opt) + + // APIGroup holds the API group of the referenced subject. + // Defaults to "" for ServiceAccount subjects. + // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + // +optional + apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup) + + // Name of the object being referenced. + name: string @go(Name) @protobuf(3,bytes,opt) + + // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty + // the Authorizer should report an error. + // +optional + namespace?: string @go(Namespace) @protobuf(4,bytes,opt) +} + +// RoleRef contains information that points to the role being used +// +structType=atomic +#RoleRef: { + // APIGroup is the group for the resource being referenced + apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt) + + // Kind is the type of resource being referenced + kind: string @go(Kind) @protobuf(2,bytes,opt) + + // Name is the name of resource being referenced + name: string @go(Name) @protobuf(3,bytes,opt) +} + +// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. +#Role: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Rules holds all the PolicyRules for this Role + // +optional + rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) +} + +// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. +// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given +// namespace only have effect in that namespace. +#RoleBinding: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Subjects holds references to the objects the role applies to. + // +optional + subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) + + // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. + // If the RoleRef cannot be resolved, the Authorizer must return an error. + // This field is immutable. + roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) +} + +// RoleBindingList is a collection of RoleBindings +#RoleBindingList: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of RoleBindings + items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep) +} + +// RoleList is a collection of Roles +#RoleList: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of Roles + items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep) +} + +// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. +#ClusterRole: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Rules holds all the PolicyRules for this ClusterRole + // +optional + rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) + + // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. + // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be + // stomped by the controller. + // +optional + aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt) +} + +// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole +#AggregationRule: { + // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. + // If any of the selectors match, then the ClusterRole's permissions will be added + // +optional + clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep) +} + +// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, +// and adds who information via Subject. +#ClusterRoleBinding: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Subjects holds references to the objects the role applies to. + // +optional + subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) + + // RoleRef can only reference a ClusterRole in the global namespace. + // If the RoleRef cannot be resolved, the Authorizer must return an error. + // This field is immutable. + roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) +} + +// ClusterRoleBindingList is a collection of ClusterRoleBindings +#ClusterRoleBindingList: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of ClusterRoleBindings + items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep) +} + +// ClusterRoleList is a collection of ClusterRoles +#ClusterRoleList: { + metav1.#TypeMeta + + // Standard object's metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of ClusterRoles + items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue new file mode 100644 index 00000000..8cc2b5f2 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/scheduling/v1 + +package v1 + +#GroupName: "scheduling.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue new file mode 100644 index 00000000..1d8f9574 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue @@ -0,0 +1,57 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/scheduling/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apiv1 "k8s.io/api/core/v1" +) + +// PriorityClass defines mapping from a priority class name to the priority +// integer value. The value can be any valid integer. +#PriorityClass: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // value represents the integer value of this priority class. This is the actual priority that pods + // receive when they have the name of this class in their pod spec. + value: int32 @go(Value) @protobuf(2,bytes,opt) + + // globalDefault specifies whether this PriorityClass should be considered as + // the default priority for pods that do not have any priority class. + // Only one PriorityClass can be marked as `globalDefault`. However, if more than + // one PriorityClasses exists with their `globalDefault` field set to true, + // the smallest value of such global default PriorityClasses will be used as the default priority. + // +optional + globalDefault?: bool @go(GlobalDefault) @protobuf(3,bytes,opt) + + // description is an arbitrary string that usually provides guidelines on + // when this priority class should be used. + // +optional + description?: string @go(Description) @protobuf(4,bytes,opt) + + // preemptionPolicy is the Policy for preempting pods with lower priority. + // One of Never, PreemptLowerPriority. + // Defaults to PreemptLowerPriority if unset. + // +optional + preemptionPolicy?: null | apiv1.#PreemptionPolicy @go(PreemptionPolicy,*apiv1.PreemptionPolicy) @protobuf(5,bytes,opt) +} + +// PriorityClassList is a collection of priority classes. +#PriorityClassList: { + metav1.#TypeMeta + + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of PriorityClasses + items: [...#PriorityClass] @go(Items,[]PriorityClass) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue new file mode 100644 index 00000000..641ce60c --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/storage/v1 + +package v1 + +#GroupName: "storage.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue new file mode 100644 index 00000000..b5158650 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue @@ -0,0 +1,652 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/storage/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" +) + +// StorageClass describes the parameters for a class of storage for +// which PersistentVolumes can be dynamically provisioned. +// +// StorageClasses are non-namespaced; the name of the storage class +// according to etcd is in ObjectMeta.Name. +#StorageClass: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // provisioner indicates the type of the provisioner. + provisioner: string @go(Provisioner) @protobuf(2,bytes,opt) + + // parameters holds the parameters for the provisioner that should + // create volumes of this storage class. + // +optional + parameters?: {[string]: string} @go(Parameters,map[string]string) @protobuf(3,bytes,rep) + + // reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. + // Defaults to Delete. + // +optional + reclaimPolicy?: null | v1.#PersistentVolumeReclaimPolicy @go(ReclaimPolicy,*v1.PersistentVolumeReclaimPolicy) @protobuf(4,bytes,opt,casttype=k8s.io/api/core/v1.PersistentVolumeReclaimPolicy) + + // mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. + // e.g. ["ro", "soft"]. Not validated - + // mount of the PVs will simply fail if one is invalid. + // +optional + mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(5,bytes,opt) + + // allowVolumeExpansion shows whether the storage class allow volume expand. + // +optional + allowVolumeExpansion?: null | bool @go(AllowVolumeExpansion,*bool) @protobuf(6,varint,opt) + + // volumeBindingMode indicates how PersistentVolumeClaims should be + // provisioned and bound. When unset, VolumeBindingImmediate is used. + // This field is only honored by servers that enable the VolumeScheduling feature. + // +optional + volumeBindingMode?: null | #VolumeBindingMode @go(VolumeBindingMode,*VolumeBindingMode) @protobuf(7,bytes,opt) + + // allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. + // Each volume plugin defines its own supported topology specifications. + // An empty TopologySelectorTerm list means there is no topology restriction. + // This field is only honored by servers that enable the VolumeScheduling feature. + // +optional + // +listType=atomic + allowedTopologies?: [...v1.#TopologySelectorTerm] @go(AllowedTopologies,[]v1.TopologySelectorTerm) @protobuf(8,bytes,rep) +} + +// StorageClassList is a collection of storage classes. +#StorageClassList: { + metav1.#TypeMeta + + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of StorageClasses + items: [...#StorageClass] @go(Items,[]StorageClass) @protobuf(2,bytes,rep) +} + +// VolumeBindingMode indicates how PersistentVolumeClaims should be bound. +// +enum +#VolumeBindingMode: string // #enumVolumeBindingMode + +#enumVolumeBindingMode: + #VolumeBindingImmediate | + #VolumeBindingWaitForFirstConsumer + +// VolumeBindingImmediate indicates that PersistentVolumeClaims should be +// immediately provisioned and bound. This is the default mode. +#VolumeBindingImmediate: #VolumeBindingMode & "Immediate" + +// VolumeBindingWaitForFirstConsumer indicates that PersistentVolumeClaims +// should not be provisioned and bound until the first Pod is created that +// references the PeristentVolumeClaim. The volume provisioning and +// binding will occur during Pod scheduing. +#VolumeBindingWaitForFirstConsumer: #VolumeBindingMode & "WaitForFirstConsumer" + +// VolumeAttachment captures the intent to attach or detach the specified volume +// to/from the specified node. +// +// VolumeAttachment objects are non-namespaced. +#VolumeAttachment: { + metav1.#TypeMeta + + // Standard object metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec represents specification of the desired attach/detach volume behavior. + // Populated by the Kubernetes system. + spec: #VolumeAttachmentSpec @go(Spec) @protobuf(2,bytes,opt) + + // status represents status of the VolumeAttachment request. + // Populated by the entity completing the attach or detach + // operation, i.e. the external-attacher. + // +optional + status?: #VolumeAttachmentStatus @go(Status) @protobuf(3,bytes,opt) +} + +// VolumeAttachmentList is a collection of VolumeAttachment objects. +#VolumeAttachmentList: { + metav1.#TypeMeta + + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of VolumeAttachments + items: [...#VolumeAttachment] @go(Items,[]VolumeAttachment) @protobuf(2,bytes,rep) +} + +// VolumeAttachmentSpec is the specification of a VolumeAttachment request. +#VolumeAttachmentSpec: { + // attacher indicates the name of the volume driver that MUST handle this + // request. This is the name returned by GetPluginName(). + attacher: string @go(Attacher) @protobuf(1,bytes,opt) + + // source represents the volume that should be attached. + source: #VolumeAttachmentSource @go(Source) @protobuf(2,bytes,opt) + + // nodeName represents the node that the volume should be attached to. + nodeName: string @go(NodeName) @protobuf(3,bytes,opt) +} + +// VolumeAttachmentSource represents a volume that should be attached. +// Right now only PersistenVolumes can be attached via external attacher, +// in future we may allow also inline volumes in pods. +// Exactly one member can be set. +#VolumeAttachmentSource: { + // persistentVolumeName represents the name of the persistent volume to attach. + // +optional + persistentVolumeName?: null | string @go(PersistentVolumeName,*string) @protobuf(1,bytes,opt) + + // inlineVolumeSpec contains all the information necessary to attach + // a persistent volume defined by a pod's inline VolumeSource. This field + // is populated only for the CSIMigration feature. It contains + // translated fields from a pod's inline VolumeSource to a + // PersistentVolumeSpec. This field is beta-level and is only + // honored by servers that enabled the CSIMigration feature. + // +optional + inlineVolumeSpec?: null | v1.#PersistentVolumeSpec @go(InlineVolumeSpec,*v1.PersistentVolumeSpec) @protobuf(2,bytes,opt) +} + +// VolumeAttachmentStatus is the status of a VolumeAttachment request. +#VolumeAttachmentStatus: { + // attached indicates the volume is successfully attached. + // This field must only be set by the entity completing the attach + // operation, i.e. the external-attacher. + attached: bool @go(Attached) @protobuf(1,varint,opt) + + // attachmentMetadata is populated with any + // information returned by the attach operation, upon successful attach, that must be passed + // into subsequent WaitForAttach or Mount calls. + // This field must only be set by the entity completing the attach + // operation, i.e. the external-attacher. + // +optional + attachmentMetadata?: {[string]: string} @go(AttachmentMetadata,map[string]string) @protobuf(2,bytes,rep) + + // attachError represents the last error encountered during attach operation, if any. + // This field must only be set by the entity completing the attach + // operation, i.e. the external-attacher. + // +optional + attachError?: null | #VolumeError @go(AttachError,*VolumeError) @protobuf(3,bytes,opt,casttype=VolumeError) + + // detachError represents the last error encountered during detach operation, if any. + // This field must only be set by the entity completing the detach + // operation, i.e. the external-attacher. + // +optional + detachError?: null | #VolumeError @go(DetachError,*VolumeError) @protobuf(4,bytes,opt,casttype=VolumeError) +} + +// VolumeError captures an error encountered during a volume operation. +#VolumeError: { + // time represents the time the error was encountered. + // +optional + time?: metav1.#Time @go(Time) @protobuf(1,bytes,opt) + + // message represents the error encountered during Attach or Detach operation. + // This string may be logged, so it should not contain sensitive + // information. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) +} + +// CSIDriver captures information about a Container Storage Interface (CSI) +// volume driver deployed on the cluster. +// Kubernetes attach detach controller uses this object to determine whether attach is required. +// Kubelet uses this object to determine whether pod information needs to be passed on mount. +// CSIDriver objects are non-namespaced. +#CSIDriver: { + metav1.#TypeMeta + + // Standard object metadata. + // metadata.Name indicates the name of the CSI driver that this object + // refers to; it MUST be the same name returned by the CSI GetPluginName() + // call for that driver. + // The driver name must be 63 characters or less, beginning and ending with + // an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and + // alphanumerics between. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec represents the specification of the CSI Driver. + spec: #CSIDriverSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// CSIDriverList is a collection of CSIDriver objects. +#CSIDriverList: { + metav1.#TypeMeta + + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of CSIDriver + items: [...#CSIDriver] @go(Items,[]CSIDriver) @protobuf(2,bytes,rep) +} + +// CSIDriverSpec is the specification of a CSIDriver. +#CSIDriverSpec: { + // attachRequired indicates this CSI volume driver requires an attach + // operation (because it implements the CSI ControllerPublishVolume() + // method), and that the Kubernetes attach detach controller should call + // the attach volume interface which checks the volumeattachment status + // and waits until the volume is attached before proceeding to mounting. + // The CSI external-attacher coordinates with CSI volume driver and updates + // the volumeattachment status when the attach operation is complete. + // If the CSIDriverRegistry feature gate is enabled and the value is + // specified to false, the attach operation will be skipped. + // Otherwise the attach operation will be called. + // + // This field is immutable. + // + // +optional + attachRequired?: null | bool @go(AttachRequired,*bool) @protobuf(1,varint,opt) + + // podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) + // during mount operations, if set to true. + // If set to false, pod information will not be passed on mount. + // Default is false. + // + // The CSI driver specifies podInfoOnMount as part of driver deployment. + // If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. + // The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. + // + // The following VolumeConext will be passed if podInfoOnMount is set to true. + // This list might grow, but the prefix will be used. + // "csi.storage.k8s.io/pod.name": pod.Name + // "csi.storage.k8s.io/pod.namespace": pod.Namespace + // "csi.storage.k8s.io/pod.uid": string(pod.UID) + // "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume + // defined by a CSIVolumeSource, otherwise "false" + // + // "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only + // required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. + // Other drivers can leave pod info disabled and/or ignore this field. + // As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when + // deployed on such a cluster and the deployment determines which mode that is, for example + // via a command line parameter of the driver. + // + // This field is immutable. + // + // +optional + podInfoOnMount?: null | bool @go(PodInfoOnMount,*bool) @protobuf(2,bytes,opt) + + // volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. + // The default if the list is empty is "Persistent", which is the usage defined by the + // CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. + // + // The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec + // with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. + // A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. + // + // For more information about implementing this mode, see + // https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html + // A driver can support one or more of these modes and more modes may be added in the future. + // + // This field is beta. + // This field is immutable. + // + // +optional + // +listType=set + volumeLifecycleModes?: [...#VolumeLifecycleMode] @go(VolumeLifecycleModes,[]VolumeLifecycleMode) @protobuf(3,bytes,opt) + + // storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage + // capacity that the driver deployment will report by creating + // CSIStorageCapacity objects with capacity information, if set to true. + // + // The check can be enabled immediately when deploying a driver. + // In that case, provisioning new volumes with late binding + // will pause until the driver deployment has published + // some suitable CSIStorageCapacity object. + // + // Alternatively, the driver can be deployed with the field + // unset or false and it can be flipped later when storage + // capacity information has been published. + // + // This field was immutable in Kubernetes <= 1.22 and now is mutable. + // + // +optional + // +featureGate=CSIStorageCapacity + storageCapacity?: null | bool @go(StorageCapacity,*bool) @protobuf(4,bytes,opt) + + // fsGroupPolicy defines if the underlying volume supports changing ownership and + // permission of the volume before being mounted. + // Refer to the specific FSGroupPolicy values for additional details. + // + // This field is immutable. + // + // Defaults to ReadWriteOnceWithFSType, which will examine each volume + // to determine if Kubernetes should modify ownership and permissions of the volume. + // With the default policy the defined fsGroup will only be applied + // if a fstype is defined and the volume's access mode contains ReadWriteOnce. + // + // +optional + fsGroupPolicy?: null | #FSGroupPolicy @go(FSGroupPolicy,*FSGroupPolicy) @protobuf(5,bytes,opt) + + // tokenRequests indicates the CSI driver needs pods' service account + // tokens it is mounting volume for to do necessary authentication. Kubelet + // will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. + // The CSI driver should parse and validate the following VolumeContext: + // "csi.storage.k8s.io/serviceAccount.tokens": { + // "": { + // "token": , + // "expirationTimestamp": , + // }, + // ... + // } + // + // Note: Audience in each TokenRequest should be different and at + // most one token is empty string. To receive a new token after expiry, + // RequiresRepublish can be used to trigger NodePublishVolume periodically. + // + // +optional + // +listType=atomic + tokenRequests?: [...#TokenRequest] @go(TokenRequests,[]TokenRequest) @protobuf(6,bytes,opt) + + // requiresRepublish indicates the CSI driver wants `NodePublishVolume` + // being periodically called to reflect any possible change in the mounted + // volume. This field defaults to false. + // + // Note: After a successful initial NodePublishVolume call, subsequent calls + // to NodePublishVolume should only update the contents of the volume. New + // mount points will not be seen by a running container. + // + // +optional + requiresRepublish?: null | bool @go(RequiresRepublish,*bool) @protobuf(7,varint,opt) + + // seLinuxMount specifies if the CSI driver supports "-o context" + // mount option. + // + // When "true", the CSI driver must ensure that all volumes provided by this CSI + // driver can be mounted separately with different `-o context` options. This is + // typical for storage backends that provide volumes as filesystems on block + // devices or as independent shared volumes. + // Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount + // option when mounting a ReadWriteOncePod volume used in Pod that has + // explicitly set SELinux context. In the future, it may be expanded to other + // volume AccessModes. In any case, Kubernetes will ensure that the volume is + // mounted only with a single SELinux context. + // + // When "false", Kubernetes won't pass any special SELinux mount options to the driver. + // This is typical for volumes that represent subdirectories of a bigger shared filesystem. + // + // Default is "false". + // + // +featureGate=SELinuxMountReadWriteOncePod + // +optional + seLinuxMount?: null | bool @go(SELinuxMount,*bool) @protobuf(8,varint,opt) +} + +// FSGroupPolicy specifies if a CSI Driver supports modifying +// volume ownership and permissions of the volume to be mounted. +// More modes may be added in the future. +#FSGroupPolicy: string // #enumFSGroupPolicy + +#enumFSGroupPolicy: + #ReadWriteOnceWithFSTypeFSGroupPolicy | + #FileFSGroupPolicy | + #NoneFSGroupPolicy + +// ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined +// to determine if the volume ownership and permissions +// should be modified. If a fstype is defined and the volume's access mode +// contains ReadWriteOnce, then the defined fsGroup will be applied. +// This mode should be defined if it's expected that the +// fsGroup may need to be modified depending on the pod's SecurityPolicy. +// This is the default behavior if no other FSGroupPolicy is defined. +#ReadWriteOnceWithFSTypeFSGroupPolicy: #FSGroupPolicy & "ReadWriteOnceWithFSType" + +// FileFSGroupPolicy indicates that CSI driver supports volume ownership +// and permission change via fsGroup, and Kubernetes will change the permissions +// and ownership of every file in the volume to match the user requested fsGroup in +// the pod's SecurityPolicy regardless of fstype or access mode. +// Use this mode if Kubernetes should modify the permissions and ownership +// of the volume. +#FileFSGroupPolicy: #FSGroupPolicy & "File" + +// NoneFSGroupPolicy indicates that volumes will be mounted without performing +// any ownership or permission modifications, as the CSIDriver does not support +// these operations. +// This mode should be selected if the CSIDriver does not support fsGroup modifications, +// for example when Kubernetes cannot change ownership and permissions on a volume due +// to root-squash settings on a NFS volume. +#NoneFSGroupPolicy: #FSGroupPolicy & "None" + +// VolumeLifecycleMode is an enumeration of possible usage modes for a volume +// provided by a CSI driver. More modes may be added in the future. +#VolumeLifecycleMode: string // #enumVolumeLifecycleMode + +#enumVolumeLifecycleMode: + #VolumeLifecyclePersistent | + #VolumeLifecycleEphemeral + +// TokenRequest contains parameters of a service account token. +#TokenRequest: { + // audience is the intended audience of the token in "TokenRequestSpec". + // It will default to the audiences of kube apiserver. + audience: string @go(Audience) @protobuf(1,bytes,opt) + + // expirationSeconds is the duration of validity of the token in "TokenRequestSpec". + // It has the same default value of "ExpirationSeconds" in "TokenRequestSpec". + // + // +optional + expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) +} + +// VolumeLifecyclePersistent explicitly confirms that the driver implements +// the full CSI spec. It is the default when CSIDriverSpec.VolumeLifecycleModes is not +// set. Such volumes are managed in Kubernetes via the persistent volume +// claim mechanism and have a lifecycle that is independent of the pods which +// use them. +#VolumeLifecyclePersistent: #VolumeLifecycleMode & "Persistent" + +// VolumeLifecycleEphemeral indicates that the driver can be used for +// ephemeral inline volumes. Such volumes are specified inside the pod +// spec with a CSIVolumeSource and, as far as Kubernetes is concerned, have +// a lifecycle that is tied to the lifecycle of the pod. For example, such +// a volume might contain data that gets created specifically for that pod, +// like secrets. +// But how the volume actually gets created and managed is entirely up to +// the driver. It might also use reference counting to share the same volume +// instance among different pods if the CSIVolumeSource of those pods is +// identical. +#VolumeLifecycleEphemeral: #VolumeLifecycleMode & "Ephemeral" + +// CSINode holds information about all CSI drivers installed on a node. +// CSI drivers do not need to create the CSINode object directly. As long as +// they use the node-driver-registrar sidecar container, the kubelet will +// automatically populate the CSINode object for the CSI driver as part of +// kubelet plugin registration. +// CSINode has the same name as a node. If the object is missing, it means either +// there are no CSI Drivers available on the node, or the Kubelet version is low +// enough that it doesn't create this object. +// CSINode has an OwnerReference that points to the corresponding node object. +#CSINode: { + metav1.#TypeMeta + + // Standard object's metadata. + // metadata.name must be the Kubernetes node name. + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec is the specification of CSINode + spec: #CSINodeSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// CSINodeSpec holds information about the specification of all CSI drivers installed on a node +#CSINodeSpec: { + // drivers is a list of information of all CSI Drivers existing on a node. + // If all drivers in the list are uninstalled, this can become empty. + // +patchMergeKey=name + // +patchStrategy=merge + drivers: [...#CSINodeDriver] @go(Drivers,[]CSINodeDriver) @protobuf(1,bytes,rep) +} + +// CSINodeDriver holds information about the specification of one CSI driver installed on a node +#CSINodeDriver: { + // name represents the name of the CSI driver that this object refers to. + // This MUST be the same name returned by the CSI GetPluginName() call for + // that driver. + name: string @go(Name) @protobuf(1,bytes,opt) + + // nodeID of the node from the driver point of view. + // This field enables Kubernetes to communicate with storage systems that do + // not share the same nomenclature for nodes. For example, Kubernetes may + // refer to a given node as "node1", but the storage system may refer to + // the same node as "nodeA". When Kubernetes issues a command to the storage + // system to attach a volume to a specific node, it can use this field to + // refer to the node name using the ID that the storage system will + // understand, e.g. "nodeA" instead of "node1". This field is required. + nodeID: string @go(NodeID) @protobuf(2,bytes,opt) + + // topologyKeys is the list of keys supported by the driver. + // When a driver is initialized on a cluster, it provides a set of topology + // keys that it understands (e.g. "company.com/zone", "company.com/region"). + // When a driver is initialized on a node, it provides the same topology keys + // along with values. Kubelet will expose these topology keys as labels + // on its own node object. + // When Kubernetes does topology aware provisioning, it can use this list to + // determine which labels it should retrieve from the node object and pass + // back to the driver. + // It is possible for different nodes to use different topology keys. + // This can be empty if driver does not support topology. + // +optional + topologyKeys: [...string] @go(TopologyKeys,[]string) @protobuf(3,bytes,rep) + + // allocatable represents the volume resources of a node that are available for scheduling. + // This field is beta. + // +optional + allocatable?: null | #VolumeNodeResources @go(Allocatable,*VolumeNodeResources) @protobuf(4,bytes,opt) +} + +// VolumeNodeResources is a set of resource limits for scheduling of volumes. +#VolumeNodeResources: { + // count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node. + // A volume that is both attached and mounted on a node is considered to be used once, not twice. + // The same rule applies for a unique volume that is shared among multiple pods on the same node. + // If this field is not specified, then the supported number of volumes on this node is unbounded. + // +optional + count?: null | int32 @go(Count,*int32) @protobuf(1,varint,opt) +} + +// CSINodeList is a collection of CSINode objects. +#CSINodeList: { + metav1.#TypeMeta + + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of CSINode + items: [...#CSINode] @go(Items,[]CSINode) @protobuf(2,bytes,rep) +} + +// CSIStorageCapacity stores the result of one CSI GetCapacity call. +// For a given StorageClass, this describes the available capacity in a +// particular topology segment. This can be used when considering where to +// instantiate new PersistentVolumes. +// +// For example this can express things like: +// - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" +// - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123" +// +// The following three cases all imply that no capacity is available for +// a certain combination: +// - no object exists with suitable topology and storage class name +// - such an object exists, but the capacity is unset +// - such an object exists, but the capacity is zero +// +// The producer of these objects can decide which approach is more suitable. +// +// They are consumed by the kube-scheduler when a CSI driver opts into +// capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler +// compares the MaximumVolumeSize against the requested size of pending volumes +// to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back +// to a comparison against the less precise Capacity. If that is also unset, +// the scheduler assumes that capacity is insufficient and tries some other +// node. +#CSIStorageCapacity: { + metav1.#TypeMeta + + // Standard object's metadata. + // The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). + // To ensure that there are no conflicts with other CSI drivers on the cluster, + // the recommendation is to use csisc-, a generated name, or a reverse-domain name + // which ends with the unique CSI driver name. + // + // Objects are namespaced. + // + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // nodeTopology defines which nodes have access to the storage + // for which capacity was reported. If not set, the storage is + // not accessible from any node in the cluster. If empty, the + // storage is accessible from all nodes. This field is + // immutable. + // + // +optional + nodeTopology?: null | metav1.#LabelSelector @go(NodeTopology,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // storageClassName represents the name of the StorageClass that the reported capacity applies to. + // It must meet the same requirements as the name of a StorageClass + // object (non-empty, DNS subdomain). If that object no longer exists, + // the CSIStorageCapacity object is obsolete and should be removed by its + // creator. + // This field is immutable. + storageClassName: string @go(StorageClassName) @protobuf(3,bytes) + + // capacity is the value reported by the CSI driver in its GetCapacityResponse + // for a GetCapacityRequest with topology and parameters that match the + // previous fields. + // + // The semantic is currently (CSI spec 1.2) defined as: + // The available capacity, in bytes, of the storage that can be used + // to provision volumes. If not set, that information is currently + // unavailable. + // + // +optional + capacity?: null | resource.#Quantity @go(Capacity,*resource.Quantity) @protobuf(4,bytes,opt) + + // maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse + // for a GetCapacityRequest with topology and parameters that match the + // previous fields. + // + // This is defined since CSI spec 1.4.0 as the largest size + // that may be used in a + // CreateVolumeRequest.capacity_range.required_bytes field to + // create a volume with the same parameters as those in + // GetCapacityRequest. The corresponding value in the Kubernetes + // API is ResourceRequirements.Requests in a volume claim. + // + // +optional + maximumVolumeSize?: null | resource.#Quantity @go(MaximumVolumeSize,*resource.Quantity) @protobuf(5,bytes,opt) +} + +// CSIStorageCapacityList is a collection of CSIStorageCapacity objects. +#CSIStorageCapacityList: { + metav1.#TypeMeta + + // Standard list metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is the list of CSIStorageCapacity objects. + // +listType=map + // +listMapKey=name + items: [...#CSIStorageCapacity] @go(Items,[]CSIStorageCapacity) @protobuf(2,bytes,rep) +} diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue new file mode 100644 index 00000000..083aa825 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue @@ -0,0 +1,6 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 + +// Package v1 is the v1 version of the API. +package v1 diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue new file mode 100644 index 00000000..c4ce800f --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 + +package v1 + +#GroupName: "apiextensions.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue new file mode 100644 index 00000000..b938c8ba --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue @@ -0,0 +1,513 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/runtime" +) + +// ConversionStrategyType describes different conversion types. +#ConversionStrategyType: string // #enumConversionStrategyType + +#enumConversionStrategyType: + #NoneConverter | + #WebhookConverter + +// KubeAPIApprovedAnnotation is an annotation that must be set to create a CRD for the k8s.io, *.k8s.io, kubernetes.io, or *.kubernetes.io namespaces. +// The value should be a link to a URL where the current spec was approved, so updates to the spec should also update the URL. +// If the API is unapproved, you may set the annotation to a string starting with `"unapproved"`. For instance, `"unapproved, temporarily squatting"` or `"unapproved, experimental-only"`. This is discouraged. +#KubeAPIApprovedAnnotation: "api-approved.kubernetes.io" + +// NoneConverter is a converter that only sets apiversion of the CR and leave everything else unchanged. +#NoneConverter: #ConversionStrategyType & "None" + +// WebhookConverter is a converter that calls to an external webhook to convert the CR. +#WebhookConverter: #ConversionStrategyType & "Webhook" + +// CustomResourceDefinitionSpec describes how a user wants their resource to appear +#CustomResourceDefinitionSpec: { + // group is the API group of the defined custom resource. + // The custom resources are served under `/apis//...`. + // Must match the name of the CustomResourceDefinition (in the form `.`). + group: string @go(Group) @protobuf(1,bytes,opt) + + // names specify the resource and kind names for the custom resource. + names: #CustomResourceDefinitionNames @go(Names) @protobuf(3,bytes,opt) + + // scope indicates whether the defined custom resource is cluster- or namespace-scoped. + // Allowed values are `Cluster` and `Namespaced`. + scope: #ResourceScope @go(Scope) @protobuf(4,bytes,opt,casttype=ResourceScope) + + // versions is the list of all API versions of the defined custom resource. + // Version names are used to compute the order in which served versions are listed in API discovery. + // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered + // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), + // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first + // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing + // major version, then minor version. An example sorted list of versions: + // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. + versions: [...#CustomResourceDefinitionVersion] @go(Versions,[]CustomResourceDefinitionVersion) @protobuf(7,bytes,rep) + + // conversion defines conversion settings for the CRD. + // +optional + conversion?: null | #CustomResourceConversion @go(Conversion,*CustomResourceConversion) @protobuf(9,bytes,opt) + + // preserveUnknownFields indicates that object fields which are not specified + // in the OpenAPI schema should be preserved when persisting to storage. + // apiVersion, kind, metadata and known fields inside metadata are always preserved. + // This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. + // See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details. + // +optional + preserveUnknownFields?: bool @go(PreserveUnknownFields) @protobuf(10,varint,opt) +} + +// CustomResourceConversion describes how to convert different versions of a CR. +#CustomResourceConversion: { + // strategy specifies how custom resources are converted between versions. Allowed values are: + // - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. + // - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information + // is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. + strategy: #ConversionStrategyType @go(Strategy) @protobuf(1,bytes) + + // webhook describes how to call the conversion webhook. Required when `strategy` is set to `"Webhook"`. + // +optional + webhook?: null | #WebhookConversion @go(Webhook,*WebhookConversion) @protobuf(2,bytes,opt) +} + +// WebhookConversion describes how to call a conversion webhook +#WebhookConversion: { + // clientConfig is the instructions for how to call the webhook if strategy is `Webhook`. + // +optional + clientConfig?: null | #WebhookClientConfig @go(ClientConfig,*WebhookClientConfig) @protobuf(2,bytes) + + // conversionReviewVersions is an ordered list of preferred `ConversionReview` + // versions the Webhook expects. The API server will use the first version in + // the list which it supports. If none of the versions specified in this list + // are supported by API server, conversion will fail for the custom resource. + // If a persisted Webhook configuration specifies allowed versions and does not + // include any versions known to the API Server, calls to the webhook will fail. + conversionReviewVersions: [...string] @go(ConversionReviewVersions,[]string) @protobuf(3,bytes,rep) +} + +// WebhookClientConfig contains the information to make a TLS connection with the webhook. +#WebhookClientConfig: { + // url gives the location of the webhook, in standard URL form + // (`scheme://host:port/path`). Exactly one of `url` or `service` + // must be specified. + // + // The `host` should not refer to a service running in the cluster; use + // the `service` field instead. The host might be resolved via external + // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve + // in-cluster DNS as that would be a layering violation). `host` may + // also be an IP address. + // + // Please note that using `localhost` or `127.0.0.1` as a `host` is + // risky unless you take great care to run this webhook on all hosts + // which run an apiserver which might need to make calls to this + // webhook. Such installs are likely to be non-portable, i.e., not easy + // to turn up in a new cluster. + // + // The scheme must be "https"; the URL must begin with "https://". + // + // A path is optional, and if present may be any string permissible in + // a URL. You may use the path to pass an arbitrary string to the + // webhook, for example, a cluster identifier. + // + // Attempting to use a user or basic auth e.g. "user:password@" is not + // allowed. Fragments ("#...") and query parameters ("?...") are not + // allowed, either. + // + // +optional + url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) + + // service is a reference to the service for this webhook. Either + // service or url must be specified. + // + // If the webhook is running within the cluster, then you should use `service`. + // + // +optional + service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) + + // caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. + // If unspecified, system trust roots on the apiserver are used. + // +optional + caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) +} + +// ServiceReference holds a reference to Service.legacy.k8s.io +#ServiceReference: { + // namespace is the namespace of the service. + // Required + namespace: string @go(Namespace) @protobuf(1,bytes,opt) + + // name is the name of the service. + // Required + name: string @go(Name) @protobuf(2,bytes,opt) + + // path is an optional URL path at which the webhook will be contacted. + // +optional + path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) + + // port is an optional service port at which the webhook will be contacted. + // `port` should be a valid port number (1-65535, inclusive). + // Defaults to 443 for backward compatibility. + // +optional + port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) +} + +// CustomResourceDefinitionVersion describes a version for CRD. +#CustomResourceDefinitionVersion: { + // name is the version name, e.g. “v1”, “v2beta1”, etc. + // The custom resources are served under this version at `/apis///...` if `served` is true. + name: string @go(Name) @protobuf(1,bytes,opt) + + // served is a flag enabling/disabling this version from being served via REST APIs + served: bool @go(Served) @protobuf(2,varint,opt) + + // storage indicates this version should be used when persisting custom resources to storage. + // There must be exactly one version with storage=true. + storage: bool @go(Storage) @protobuf(3,varint,opt) + + // deprecated indicates this version of the custom resource API is deprecated. + // When set to true, API requests to this version receive a warning header in the server response. + // Defaults to false. + // +optional + deprecated?: bool @go(Deprecated) @protobuf(7,varint,opt) + + // deprecationWarning overrides the default warning returned to API clients. + // May only be set when `deprecated` is true. + // The default warning indicates this version is deprecated and recommends use + // of the newest served version of equal or greater stability, if one exists. + // +optional + deprecationWarning?: null | string @go(DeprecationWarning,*string) @protobuf(8,bytes,opt) + + // schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource. + // +optional + schema?: null | #CustomResourceValidation @go(Schema,*CustomResourceValidation) @protobuf(4,bytes,opt) + + // subresources specify what subresources this version of the defined custom resource have. + // +optional + subresources?: null | #CustomResourceSubresources @go(Subresources,*CustomResourceSubresources) @protobuf(5,bytes,opt) + + // additionalPrinterColumns specifies additional columns returned in Table output. + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. + // If no columns are specified, a single column displaying the age of the custom resource is used. + // +optional + additionalPrinterColumns?: [...#CustomResourceColumnDefinition] @go(AdditionalPrinterColumns,[]CustomResourceColumnDefinition) @protobuf(6,bytes,rep) +} + +// CustomResourceColumnDefinition specifies a column for server side printing. +#CustomResourceColumnDefinition: { + // name is a human readable name for the column. + name: string @go(Name) @protobuf(1,bytes,opt) + + // type is an OpenAPI type definition for this column. + // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. + type: string @go(Type) @protobuf(2,bytes,opt) + + // format is an optional OpenAPI type definition for this column. The 'name' format is applied + // to the primary identifier column to assist in clients identifying column is the resource name. + // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. + // +optional + format?: string @go(Format) @protobuf(3,bytes,opt) + + // description is a human readable description of this column. + // +optional + description?: string @go(Description) @protobuf(4,bytes,opt) + + // priority is an integer defining the relative importance of this column compared to others. Lower + // numbers are considered higher priority. Columns that may be omitted in limited space scenarios + // should be given a priority greater than 0. + // +optional + priority?: int32 @go(Priority) @protobuf(5,bytes,opt) + + // jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against + // each custom resource to produce the value for this column. + jsonPath: string @go(JSONPath) @protobuf(6,bytes,opt) +} + +// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition +#CustomResourceDefinitionNames: { + // plural is the plural name of the resource to serve. + // The custom resources are served under `/apis///.../`. + // Must match the name of the CustomResourceDefinition (in the form `.`). + // Must be all lowercase. + plural: string @go(Plural) @protobuf(1,bytes,opt) + + // singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. + // +optional + singular?: string @go(Singular) @protobuf(2,bytes,opt) + + // shortNames are short names for the resource, exposed in API discovery documents, + // and used by clients to support invocations like `kubectl get `. + // It must be all lowercase. + // +optional + shortNames?: [...string] @go(ShortNames,[]string) @protobuf(3,bytes,opt) + + // kind is the serialized kind of the resource. It is normally CamelCase and singular. + // Custom resource instances will use this value as the `kind` attribute in API calls. + kind: string @go(Kind) @protobuf(4,bytes,opt) + + // listKind is the serialized kind of the list for this resource. Defaults to "`kind`List". + // +optional + listKind?: string @go(ListKind) @protobuf(5,bytes,opt) + + // categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). + // This is published in API discovery documents, and used by clients to support invocations like + // `kubectl get all`. + // +optional + categories?: [...string] @go(Categories,[]string) @protobuf(6,bytes,rep) +} + +// ResourceScope is an enum defining the different scopes available to a custom resource +#ResourceScope: string // #enumResourceScope + +#enumResourceScope: + #ClusterScoped | + #NamespaceScoped + +#ClusterScoped: #ResourceScope & "Cluster" +#NamespaceScoped: #ResourceScope & "Namespaced" + +#ConditionStatus: string // #enumConditionStatus + +#enumConditionStatus: + #ConditionTrue | + #ConditionFalse | + #ConditionUnknown + +#ConditionTrue: #ConditionStatus & "True" +#ConditionFalse: #ConditionStatus & "False" +#ConditionUnknown: #ConditionStatus & "Unknown" + +// CustomResourceDefinitionConditionType is a valid value for CustomResourceDefinitionCondition.Type +#CustomResourceDefinitionConditionType: string // #enumCustomResourceDefinitionConditionType + +#enumCustomResourceDefinitionConditionType: + #Established | + #NamesAccepted | + #NonStructuralSchema | + #Terminating | + #KubernetesAPIApprovalPolicyConformant + +// Established means that the resource has become active. A resource is established when all names are +// accepted without a conflict for the first time. A resource stays established until deleted, even during +// a later NamesAccepted due to changed names. Note that not all names can be changed. +#Established: #CustomResourceDefinitionConditionType & "Established" + +// NamesAccepted means the names chosen for this CustomResourceDefinition do not conflict with others in +// the group and are therefore accepted. +#NamesAccepted: #CustomResourceDefinitionConditionType & "NamesAccepted" + +// NonStructuralSchema means that one or more OpenAPI schema is not structural. +// +// A schema is structural if it specifies types for all values, with the only exceptions of those with +// - x-kubernetes-int-or-string: true — for fields which can be integer or string +// - x-kubernetes-preserve-unknown-fields: true — for raw, unspecified JSON values +// and there is no type, additionalProperties, default, nullable or x-kubernetes-* vendor extenions +// specified under allOf, anyOf, oneOf or not. +// +// Non-structural schemas will not be allowed anymore in v1 API groups. Moreover, new features will not be +// available for non-structural CRDs: +// - pruning +// - defaulting +// - read-only +// - OpenAPI publishing +// - webhook conversion +#NonStructuralSchema: #CustomResourceDefinitionConditionType & "NonStructuralSchema" + +// Terminating means that the CustomResourceDefinition has been deleted and is cleaning up. +#Terminating: #CustomResourceDefinitionConditionType & "Terminating" + +// KubernetesAPIApprovalPolicyConformant indicates that an API in *.k8s.io or *.kubernetes.io is or is not approved. For CRDs +// outside those groups, this condition will not be set. For CRDs inside those groups, the condition will +// be true if .metadata.annotations["api-approved.kubernetes.io"] is set to a URL, otherwise it will be false. +// See https://github.com/kubernetes/enhancements/pull/1111 for more details. +#KubernetesAPIApprovalPolicyConformant: #CustomResourceDefinitionConditionType & "KubernetesAPIApprovalPolicyConformant" + +// CustomResourceDefinitionCondition contains details for the current condition of this pod. +#CustomResourceDefinitionCondition: { + // type is the type of the condition. Types include Established, NamesAccepted and Terminating. + type: #CustomResourceDefinitionConditionType @go(Type) @protobuf(1,bytes,opt,casttype=CustomResourceDefinitionConditionType) + + // status is the status of the condition. + // Can be True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // lastTransitionTime last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // reason is a unique, one-word, CamelCase reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // message is a human-readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition +#CustomResourceDefinitionStatus: { + // conditions indicate state for particular aspects of a CustomResourceDefinition + // +optional + // +listType=map + // +listMapKey=type + conditions: [...#CustomResourceDefinitionCondition] @go(Conditions,[]CustomResourceDefinitionCondition) @protobuf(1,bytes,opt) + + // acceptedNames are the names that are actually being used to serve discovery. + // They may be different than the names in spec. + // +optional + acceptedNames: #CustomResourceDefinitionNames @go(AcceptedNames) @protobuf(2,bytes,opt) + + // storedVersions lists all versions of CustomResources that were ever persisted. Tracking these + // versions allows a migration path for stored versions in etcd. The field is mutable + // so a migration controller can finish a migration to another version (ensuring + // no old objects are left in storage), and then remove the rest of the + // versions from this list. + // Versions may not be removed from `spec.versions` while they exist in this list. + // +optional + storedVersions: [...string] @go(StoredVersions,[]string) @protobuf(3,bytes,rep) +} + +#CustomResourceCleanupFinalizer: "customresourcecleanup.apiextensions.k8s.io" + +// CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format +// <.spec.name>.<.spec.group>. +#CustomResourceDefinition: { + metav1.#TypeMeta + + // Standard object's metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec describes how the user wants the resources to appear + spec: #CustomResourceDefinitionSpec @go(Spec) @protobuf(2,bytes,opt) + + // status indicates the actual state of the CustomResourceDefinition + // +optional + status?: #CustomResourceDefinitionStatus @go(Status) @protobuf(3,bytes,opt) +} + +// CustomResourceDefinitionList is a list of CustomResourceDefinition objects. +#CustomResourceDefinitionList: { + metav1.#TypeMeta + + // Standard object's metadata + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items list individual CustomResourceDefinition objects + items: [...#CustomResourceDefinition] @go(Items,[]CustomResourceDefinition) @protobuf(2,bytes,rep) +} + +// CustomResourceValidation is a list of validation methods for CustomResources. +#CustomResourceValidation: { + // openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning. + // +optional + openAPIV3Schema?: null | #JSONSchemaProps @go(OpenAPIV3Schema,*JSONSchemaProps) @protobuf(1,bytes,opt) +} + +// CustomResourceSubresources defines the status and scale subresources for CustomResources. +#CustomResourceSubresources: { + // status indicates the custom resource should serve a `/status` subresource. + // When enabled: + // 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. + // 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object. + // +optional + status?: null | #CustomResourceSubresourceStatus @go(Status,*CustomResourceSubresourceStatus) @protobuf(1,bytes,opt) + + // scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object. + // +optional + scale?: null | #CustomResourceSubresourceScale @go(Scale,*CustomResourceSubresourceScale) @protobuf(2,bytes,opt) +} + +// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. +// Status is represented by the `.status` JSON path inside of a CustomResource. When set, +// * exposes a /status subresource for the custom resource +// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza +// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza +#CustomResourceSubresourceStatus: { +} + +// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources. +#CustomResourceSubresourceScale: { + // specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. + // Only JSON paths without the array notation are allowed. + // Must be a JSON Path under `.spec`. + // If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET. + specReplicasPath: string @go(SpecReplicasPath) @protobuf(1,bytes) + + // statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. + // Only JSON paths without the array notation are allowed. + // Must be a JSON Path under `.status`. + // If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource + // will default to 0. + statusReplicasPath: string @go(StatusReplicasPath) @protobuf(2,bytes,opt) + + // labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. + // Only JSON paths without the array notation are allowed. + // Must be a JSON Path under `.status` or `.spec`. + // Must be set to work with HorizontalPodAutoscaler. + // The field pointed by this JSON path must be a string field (not a complex selector struct) + // which contains a serialized label selector in string form. + // More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource + // If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` + // subresource will default to the empty string. + // +optional + labelSelectorPath?: null | string @go(LabelSelectorPath,*string) @protobuf(3,bytes,opt) +} + +// ConversionReview describes a conversion request/response. +#ConversionReview: { + metav1.#TypeMeta + + // request describes the attributes for the conversion request. + // +optional + request?: null | #ConversionRequest @go(Request,*ConversionRequest) @protobuf(1,bytes,opt) + + // response describes the attributes for the conversion response. + // +optional + response?: null | #ConversionResponse @go(Response,*ConversionResponse) @protobuf(2,bytes,opt) +} + +// ConversionRequest describes the conversion request parameters. +#ConversionRequest: { + // uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are + // otherwise identical (parallel requests, etc). + // The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request. + // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. + uid: types.#UID @go(UID) @protobuf(1,bytes) + + // desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1" + desiredAPIVersion: string @go(DesiredAPIVersion) @protobuf(2,bytes) + + // objects is the list of custom resource objects to be converted. + objects: [...runtime.#RawExtension] @go(Objects,[]runtime.RawExtension) @protobuf(3,bytes,rep) +} + +// ConversionResponse describes a conversion response. +#ConversionResponse: { + // uid is an identifier for the individual request/response. + // This should be copied over from the corresponding `request.uid`. + uid: types.#UID @go(UID) @protobuf(1,bytes) + + // convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty. + // The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list + // must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace). + // The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored. + convertedObjects: [...runtime.#RawExtension] @go(ConvertedObjects,[]runtime.RawExtension) @protobuf(2,bytes,rep) + + // result contains the result of conversion with extra details if the conversion failed. `result.status` determines if + // the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the + // conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set + // `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message` + // will be used to construct an error message for the end user. + result: metav1.#Status @go(Result) @protobuf(3,bytes) +} diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue new file mode 100644 index 00000000..19f42c1f --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue @@ -0,0 +1,317 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 + +package v1 + +// FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation. +// +enum +#FieldValueErrorReason: string // #enumFieldValueErrorReason + +#enumFieldValueErrorReason: + #FieldValueRequired | + #FieldValueDuplicate | + #FieldValueInvalid | + #FieldValueForbidden + +// FieldValueRequired is used to report required values that are not +// provided (e.g. empty strings, null values, or empty arrays). +#FieldValueRequired: #FieldValueErrorReason & "FieldValueRequired" + +// FieldValueDuplicate is used to report collisions of values that must be +// unique (e.g. unique IDs). +#FieldValueDuplicate: #FieldValueErrorReason & "FieldValueDuplicate" + +// FieldValueInvalid is used to report malformed values (e.g. failed regex +// match, too long, out of bounds). +#FieldValueInvalid: #FieldValueErrorReason & "FieldValueInvalid" + +// FieldValueForbidden is used to report valid (as per formatting rules) +// values which would be accepted under some conditions, but which are not +// permitted by the current conditions (such as security policy). +#FieldValueForbidden: #FieldValueErrorReason & "FieldValueForbidden" + +// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). +#JSONSchemaProps: { + id?: string @go(ID) @protobuf(1,bytes,opt) + $schema?: #JSONSchemaURL @go(Schema) @protobuf(2,bytes,opt,name=schema) + $ref?: null | string @go(Ref,*string) @protobuf(3,bytes,opt,name=ref) + description?: string @go(Description) @protobuf(4,bytes,opt) + type?: string @go(Type) @protobuf(5,bytes,opt) + + // format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: + // + // - bsonobjectid: a bson object ID, i.e. a 24 characters hex string + // - uri: an URI as parsed by Golang net/url.ParseRequestURI + // - email: an email address as parsed by Golang net/mail.ParseAddress + // - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. + // - ipv4: an IPv4 IP as parsed by Golang net.ParseIP + // - ipv6: an IPv6 IP as parsed by Golang net.ParseIP + // - cidr: a CIDR as parsed by Golang net.ParseCIDR + // - mac: a MAC address as parsed by Golang net.ParseMAC + // - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + // - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ + // - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + // - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ + // - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" + // - isbn10: an ISBN10 number string like "0321751043" + // - isbn13: an ISBN13 number string like "978-0321751041" + // - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in + // - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ + // - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ + // - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" + // - byte: base64 encoded binary data + // - password: any kind of string + // - date: a date string like "2006-01-02" as defined by full-date in RFC3339 + // - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format + // - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. + format?: string @go(Format) @protobuf(6,bytes,opt) + title?: string @go(Title) @protobuf(7,bytes,opt) + + // default is a default value for undefined object fields. + // Defaulting is a beta feature under the CustomResourceDefaulting feature gate. + // Defaulting requires spec.preserveUnknownFields to be false. + default?: null | #JSON @go(Default,*JSON) @protobuf(8,bytes,opt) + maximum?: null | float64 @go(Maximum,*float64) @protobuf(9,bytes,opt) + exclusiveMaximum?: bool @go(ExclusiveMaximum) @protobuf(10,bytes,opt) + minimum?: null | float64 @go(Minimum,*float64) @protobuf(11,bytes,opt) + exclusiveMinimum?: bool @go(ExclusiveMinimum) @protobuf(12,bytes,opt) + maxLength?: null | int64 @go(MaxLength,*int64) @protobuf(13,bytes,opt) + minLength?: null | int64 @go(MinLength,*int64) @protobuf(14,bytes,opt) + pattern?: string @go(Pattern) @protobuf(15,bytes,opt) + maxItems?: null | int64 @go(MaxItems,*int64) @protobuf(16,bytes,opt) + minItems?: null | int64 @go(MinItems,*int64) @protobuf(17,bytes,opt) + uniqueItems?: bool @go(UniqueItems) @protobuf(18,bytes,opt) + multipleOf?: null | float64 @go(MultipleOf,*float64) @protobuf(19,bytes,opt) + enum?: [...#JSON] @go(Enum,[]JSON) @protobuf(20,bytes,rep) + maxProperties?: null | int64 @go(MaxProperties,*int64) @protobuf(21,bytes,opt) + minProperties?: null | int64 @go(MinProperties,*int64) @protobuf(22,bytes,opt) + required?: [...string] @go(Required,[]string) @protobuf(23,bytes,rep) + items?: null | #JSONSchemaPropsOrArray @go(Items,*JSONSchemaPropsOrArray) @protobuf(24,bytes,opt) + allOf?: [...#JSONSchemaProps] @go(AllOf,[]JSONSchemaProps) @protobuf(25,bytes,rep) + oneOf?: [...#JSONSchemaProps] @go(OneOf,[]JSONSchemaProps) @protobuf(26,bytes,rep) + anyOf?: [...#JSONSchemaProps] @go(AnyOf,[]JSONSchemaProps) @protobuf(27,bytes,rep) + not?: null | #JSONSchemaProps @go(Not,*JSONSchemaProps) @protobuf(28,bytes,opt) + properties?: {[string]: #JSONSchemaProps} @go(Properties,map[string]JSONSchemaProps) @protobuf(29,bytes,rep) + additionalProperties?: null | #JSONSchemaPropsOrBool @go(AdditionalProperties,*JSONSchemaPropsOrBool) @protobuf(30,bytes,opt) + patternProperties?: {[string]: #JSONSchemaProps} @go(PatternProperties,map[string]JSONSchemaProps) @protobuf(31,bytes,rep) + dependencies?: #JSONSchemaDependencies @go(Dependencies) @protobuf(32,bytes,opt) + additionalItems?: null | #JSONSchemaPropsOrBool @go(AdditionalItems,*JSONSchemaPropsOrBool) @protobuf(33,bytes,opt) + definitions?: #JSONSchemaDefinitions @go(Definitions) @protobuf(34,bytes,opt) + externalDocs?: null | #ExternalDocumentation @go(ExternalDocs,*ExternalDocumentation) @protobuf(35,bytes,opt) + example?: null | #JSON @go(Example,*JSON) @protobuf(36,bytes,opt) + nullable?: bool @go(Nullable) @protobuf(37,bytes,opt) + + // x-kubernetes-preserve-unknown-fields stops the API server + // decoding step from pruning fields which are not specified + // in the validation schema. This affects fields recursively, + // but switches back to normal pruning behaviour if nested + // properties or additionalProperties are specified in the schema. + // This can either be true or undefined. False is forbidden. + "x-kubernetes-preserve-unknown-fields"?: null | bool @go(XPreserveUnknownFields,*bool) @protobuf(38,bytes,opt,name=xKubernetesPreserveUnknownFields) + + // x-kubernetes-embedded-resource defines that the value is an + // embedded Kubernetes runtime.Object, with TypeMeta and + // ObjectMeta. The type must be object. It is allowed to further + // restrict the embedded object. kind, apiVersion and metadata + // are validated automatically. x-kubernetes-preserve-unknown-fields + // is allowed to be true, but does not have to be if the object + // is fully specified (up to kind, apiVersion, metadata). + "x-kubernetes-embedded-resource"?: bool @go(XEmbeddedResource) @protobuf(39,bytes,opt,name=xKubernetesEmbeddedResource) + + // x-kubernetes-int-or-string specifies that this value is + // either an integer or a string. If this is true, an empty + // type is allowed and type as child of anyOf is permitted + // if following one of the following patterns: + // + // 1) anyOf: + // - type: integer + // - type: string + // 2) allOf: + // - anyOf: + // - type: integer + // - type: string + // - ... zero or more + "x-kubernetes-int-or-string"?: bool @go(XIntOrString) @protobuf(40,bytes,opt,name=xKubernetesIntOrString) + + // x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used + // as the index of the map. + // + // This tag MUST only be used on lists that have the "x-kubernetes-list-type" + // extension set to "map". Also, the values specified for this attribute must + // be a scalar typed field of the child structure (no nesting is supported). + // + // The properties specified must either be required or have a default value, + // to ensure those properties are present for all list items. + // + // +optional + "x-kubernetes-list-map-keys"?: [...string] @go(XListMapKeys,[]string) @protobuf(41,bytes,rep,name=xKubernetesListMapKeys) + + // x-kubernetes-list-type annotates an array to further describe its topology. + // This extension must only be used on lists and may have 3 possible values: + // + // 1) `atomic`: the list is treated as a single entity, like a scalar. + // Atomic lists will be entirely replaced when updated. This extension + // may be used on any type of list (struct, scalar, ...). + // 2) `set`: + // Sets are lists that must not have multiple items with the same value. Each + // value must be a scalar, an object with x-kubernetes-map-type `atomic` or an + // array with x-kubernetes-list-type `atomic`. + // 3) `map`: + // These lists are like maps in that their elements have a non-index key + // used to identify them. Order is preserved upon merge. The map tag + // must only be used on a list with elements of type object. + // Defaults to atomic for arrays. + // +optional + "x-kubernetes-list-type"?: null | string @go(XListType,*string) @protobuf(42,bytes,opt,name=xKubernetesListType) + + // x-kubernetes-map-type annotates an object to further describe its topology. + // This extension must only be used when type is object and may have 2 possible values: + // + // 1) `granular`: + // These maps are actual maps (key-value pairs) and each fields are independent + // from each other (they can each be manipulated by separate actors). This is + // the default behaviour for all maps. + // 2) `atomic`: the list is treated as a single entity, like a scalar. + // Atomic maps will be entirely replaced when updated. + // +optional + "x-kubernetes-map-type"?: null | string @go(XMapType,*string) @protobuf(43,bytes,opt,name=xKubernetesMapType) + + // x-kubernetes-validations describes a list of validation rules written in the CEL expression language. + // This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled. + // +patchMergeKey=rule + // +patchStrategy=merge + // +listType=map + // +listMapKey=rule + "x-kubernetes-validations"?: #ValidationRules @go(XValidations) @protobuf(44,bytes,rep,name=xKubernetesValidations) +} + +// ValidationRules describes a list of validation rules written in the CEL expression language. +#ValidationRules: [...#ValidationRule] + +// ValidationRule describes a validation rule written in the CEL expression language. +#ValidationRule: { + // Rule represents the expression which will be evaluated by CEL. + // ref: https://github.com/google/cel-spec + // The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. + // The `self` variable in the CEL expression is bound to the scoped value. + // Example: + // - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"} + // + // If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable + // via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as + // absent fields in CEL expressions. + // If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map + // are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map + // are accessible via CEL macros and functions such as `self.all(...)`. + // If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and + // functions. + // If the Rule is scoped to a scalar, `self` is bound to the scalar value. + // Examples: + // - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"} + // - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"} + // - Rule scoped to a string value: {"rule": "self.startsWith('kube')"} + // + // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the + // object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible. + // + // Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL + // expressions. This includes: + // - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. + // - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as: + // - A schema with no type and x-kubernetes-preserve-unknown-fields set to true + // - An array where the items schema is of an "unknown type" + // - An object where the additionalProperties schema is of an "unknown type" + // + // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. + // Accessible property names are escaped according to the following rules when accessed in the expression: + // - '__' escapes to '__underscores__' + // - '.' escapes to '__dot__' + // - '-' escapes to '__dash__' + // - '/' escapes to '__slash__' + // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: + // "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", + // "import", "let", "loop", "package", "namespace", "return". + // Examples: + // - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"} + // - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"} + // - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"} + // + // Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. + // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: + // - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and + // non-intersecting elements in `Y` are appended, retaining their partial order. + // - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values + // are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with + // non-intersecting keys are appended, retaining their partial order. + rule: string @go(Rule) @protobuf(1,bytes,opt) + + // Message represents the message displayed when validation fails. The message is required if the Rule contains + // line breaks. The message must not contain line breaks. + // If unset, the message is "failed rule: {Rule}". + // e.g. "must be a URL with the host matching spec.host" + message?: string @go(Message) @protobuf(2,bytes,opt) + + // MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. + // Since messageExpression is used as a failure message, it must evaluate to a string. + // If both message and messageExpression are present on a rule, then messageExpression will be used if validation + // fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced + // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string + // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and + // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. + // messageExpression has access to all the same variables as the rule; the only difference is the return type. + // Example: + // "x must be less than max ("+string(self.max)+")" + // +optional + messageExpression?: string @go(MessageExpression) @protobuf(3,bytes,opt) + + // reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. + // The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule. + // The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". + // If not set, default to use "FieldValueInvalid". + // All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. + // +optional + reason?: null | #FieldValueErrorReason @go(Reason,*FieldValueErrorReason) @protobuf(4,bytes,opt) + + // fieldPath represents the field path returned when the validation fails. + // It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. + // e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` + // If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` + // It does not support list numeric index. + // It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. + // Numeric index of array is not supported. + // For field name which contains special characters, use `['specialName']` to refer the field name. + // e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` + // +optional + fieldPath?: string @go(FieldPath) @protobuf(5,bytes,opt) +} + +// JSON represents any valid JSON value. +// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. +#JSON: _ + +// JSONSchemaURL represents a schema url. +#JSONSchemaURL: string + +// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps +// or an array of JSONSchemaProps. Mainly here for serialization purposes. +#JSONSchemaPropsOrArray: _ + +// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. +// Defaults to true for the boolean property. +#JSONSchemaPropsOrBool: _ + +// JSONSchemaDependencies represent a dependencies property. +#JSONSchemaDependencies: {[string]: #JSONSchemaPropsOrStringArray} + +// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array. +#JSONSchemaPropsOrStringArray: _ + +// JSONSchemaDefinitions contains the models explicitly defined in this spec. +#JSONSchemaDefinitions: {[string]: #JSONSchemaProps} + +// ExternalDocumentation allows referencing an external resource for extended documentation. +#ExternalDocumentation: { + description?: string @go(Description) @protobuf(1,bytes,opt) + url?: string @go(URL) @protobuf(2,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue new file mode 100644 index 00000000..cef44ba5 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue @@ -0,0 +1,47 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +// Scale is used for getting and setting the base-10 scaled value. +// Base-2 scales are omitted for mathematical simplicity. +// See Quantity.ScaledValue for more details. +#Scale: int32 // #enumScale + +#enumScale: + #Nano | + #Micro | + #Milli | + #Kilo | + #Mega | + #Giga | + #Tera | + #Peta | + #Exa + +#values_Scale: { + Nano: #Nano + Micro: #Micro + Milli: #Milli + Kilo: #Kilo + Mega: #Mega + Giga: #Giga + Tera: #Tera + Peta: #Peta + Exa: #Exa +} + +#Nano: #Scale & -9 +#Micro: #Scale & -6 +#Milli: #Scale & -3 +#Kilo: #Scale & 3 +#Mega: #Scale & 6 +#Giga: #Scale & 9 +#Tera: #Scale & 12 +#Peta: #Scale & 15 +#Exa: #Scale & 18 + +// infDecAmount implements common operations over an inf.Dec that are specific to the quantity +// representation. +_#infDecAmount: string diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue new file mode 100644 index 00000000..711f2096 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue @@ -0,0 +1,13 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. +// It is also the maximum decimal digits that can be represented with an int64. +_#maxInt64Factors: 18 + +_#mostNegative: -9223372036854775808 + +_#mostPositive: 9223372036854775807 diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue new file mode 100644 index 00000000..9d9713a1 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue @@ -0,0 +1,107 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +// Quantity is a fixed-point representation of a number. +// It provides convenient marshaling/unmarshaling in JSON and YAML, +// in addition to String() and AsInt64() accessors. +// +// The serialization format is: +// +// ``` +// ::= +// +// (Note that may be empty, from the "" case in .) +// +// ::= 0 | 1 | ... | 9 +// ::= | +// ::= | . | . | . +// ::= "+" | "-" +// ::= | +// ::= | | +// ::= Ki | Mi | Gi | Ti | Pi | Ei +// +// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) +// +// ::= m | "" | k | M | G | T | P | E +// +// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) +// +// ::= "e" | "E" +// ``` +// +// No matter which of the three exponent forms is used, no quantity may represent +// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal +// places. Numbers larger or more precise will be capped or rounded up. +// (E.g.: 0.1m will rounded up to 1m.) +// This may be extended in the future if we require larger or smaller quantities. +// +// When a Quantity is parsed from a string, it will remember the type of suffix +// it had, and will use the same type again when it is serialized. +// +// Before serializing, Quantity will be put in "canonical form". +// This means that Exponent/suffix will be adjusted up or down (with a +// corresponding increase or decrease in Mantissa) such that: +// +// - No precision is lost +// - No fractional digits will be emitted +// - The exponent (or suffix) is as large as possible. +// +// The sign will be omitted unless the number is negative. +// +// Examples: +// +// - 1.5 will be serialized as "1500m" +// - 1.5Gi will be serialized as "1536Mi" +// +// Note that the quantity will NEVER be internally represented by a +// floating point number. That is the whole point of this exercise. +// +// Non-canonical values will still parse as long as they are well formed, +// but will be re-emitted in their canonical form. (So always use canonical +// form, or don't diff.) +// +// This format is intended to make it difficult to use these numbers without +// writing some sort of special handling code in the hopes that that will +// cause implementors to also use a fixed point implementation. +// +// +protobuf=true +// +protobuf.embed=string +// +protobuf.options.marshal=false +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:deepcopy-gen=true +// +k8s:openapi-gen=true +#Quantity: _ + +// CanonicalValue allows a quantity amount to be converted to a string. +#CanonicalValue: _ + +// Format lists the three possible formattings of a quantity. +#Format: string // #enumFormat + +#enumFormat: + #DecimalExponent | + #BinarySI | + #DecimalSI + +#DecimalExponent: #Format & "DecimalExponent" +#BinarySI: #Format & "BinarySI" +#DecimalSI: #Format & "DecimalSI" + +// splitREString is used to separate a number from its suffix; as such, +// this is overly permissive, but that's OK-- it will be checked later. +_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + +_#int64QuantityExpectedBytes: 18 + +// QuantityValue makes it possible to use a Quantity as value for a command +// line parameter. +// +// +protobuf=true +// +protobuf.embed=string +// +protobuf.options.marshal=false +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:deepcopy-gen=true +#QuantityValue: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue new file mode 100644 index 00000000..b40d68ec --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +_#suffix: string + +// suffixer can interpret and construct suffixes. +_#suffixer: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue new file mode 100644 index 00000000..25ea8ecf --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// Duration is a wrapper around time.Duration which supports correct +// marshaling to YAML and JSON. In particular, it marshals into strings, which +// can be used as map keys in json. +#Duration: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue new file mode 100644 index 00000000..7ff53860 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue @@ -0,0 +1,48 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying +// concepts during lookup stages without having partially valid types +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupResource: { + group: string @go(Group) @protobuf(1,bytes,opt) + resource: string @go(Resource) @protobuf(2,bytes,opt) +} + +// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion +// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupVersionResource: { + group: string @go(Group) @protobuf(1,bytes,opt) + version: string @go(Version) @protobuf(2,bytes,opt) + resource: string @go(Resource) @protobuf(3,bytes,opt) +} + +// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying +// concepts during lookup stages without having partially valid types +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupKind: { + group: string @go(Group) @protobuf(1,bytes,opt) + kind: string @go(Kind) @protobuf(2,bytes,opt) +} + +// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion +// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupVersionKind: { + group: string @go(Group) @protobuf(1,bytes,opt) + version: string @go(Version) @protobuf(2,bytes,opt) + kind: string @go(Kind) @protobuf(3,bytes,opt) +} + +// GroupVersion contains the "group" and the "version", which uniquely identifies the API. +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupVersion: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue new file mode 100644 index 00000000..f3c39a46 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue @@ -0,0 +1,33 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// TODO: move this, Object, List, and Type to a different package +#ObjectMetaAccessor: _ + +// Object lets you work with object metadata from any of the versioned or +// internal API objects. Attempting to set or retrieve a field on an object that does +// not support that field (Name, UID, Namespace on lists) will be a no-op and return +// a default value. +#Object: _ + +// ListMetaAccessor retrieves the list interface from an object +#ListMetaAccessor: _ + +// Common lets you work with core metadata from any of the versioned or +// internal API objects. Attempting to set or retrieve a field on an object that does +// not support that field will be a no-op and return a default value. +// TODO: move this, and TypeMeta and ListMeta, to a different package +#Common: _ + +// ListInterface lets you work with list metadata from any of the versioned or +// internal API objects. Attempting to set or retrieve a field on an object that does +// not support that field will be a no-op and return a default value. +// TODO: move this, and TypeMeta and ListMeta, to a different package +#ListInterface: _ + +// Type exposes the type and APIVersion of versioned or internal API objects. +// TODO: move this, and TypeMeta and ListMeta, to a different package +#Type: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue new file mode 100644 index 00000000..3c067bae --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue @@ -0,0 +1,14 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" + +// MicroTime is version of Time with microsecond level precision. +// +// +protobuf.options.marshal=false +// +protobuf.as=Timestamp +// +protobuf.options.(gogoproto.goproto_stringer)=false +#MicroTime: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue new file mode 100644 index 00000000..39d23b28 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +#GroupName: "meta.k8s.io" + +#WatchEventKind: "WatchEvent" diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue new file mode 100644 index 00000000..b3c8ec26 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue @@ -0,0 +1,14 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// Time is a wrapper around time.Time which supports correct +// marshaling to YAML and JSON. Wrappers are provided for many +// of the factory methods that the time package offers. +// +// +protobuf.options.marshal=false +// +protobuf.as=Timestamp +// +protobuf.options.(gogoproto.goproto_stringer)=false +#Time: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue new file mode 100644 index 00000000..83539273 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue @@ -0,0 +1,21 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// Timestamp is a struct that is equivalent to Time, but intended for +// protobuf marshalling/unmarshalling. It is generated into a serialization +// that matches Time. Do not use in Go structs. +#Timestamp: { + // Represents seconds of UTC time since Unix epoch + // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + // 9999-12-31T23:59:59Z inclusive. + seconds: int64 @go(Seconds) @protobuf(1,varint,opt) + + // Non-negative fractions of a second at nanosecond resolution. Negative + // second values with fractions must still have non-negative nanos values + // that count forward in time. Must be from 0 to 999,999,999 + // inclusive. This field may be limited in precision depending on context. + nanos: int32 @go(Nanos) @protobuf(2,varint,opt) +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue new file mode 100644 index 00000000..a0deb7c9 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue @@ -0,0 +1,1561 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +// Package v1 contains API types that are common to all versions. +// +// The package contains two categories of types: +// - external (serialized) types that lack their own version (e.g TypeMeta) +// - internal (never-serialized) types that are needed by several different +// api groups, and so live here, to avoid duplication and/or import loops +// (e.g. LabelSelector). +// +// In the future, we will probably move these categories of objects into +// separate packages. +package v1 + +import ( + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/runtime" +) + +// TypeMeta describes an individual object in an API response or request +// with strings representing the type of the object and its API schema version. +// Structures that are versioned or persisted should inline TypeMeta. +// +// +k8s:deepcopy-gen=false +#TypeMeta: { + // Kind is a string value representing the REST resource this object represents. + // Servers may infer this from the endpoint the client submits requests to. + // Cannot be updated. + // In CamelCase. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + kind?: string @go(Kind) @protobuf(1,bytes,opt) + + // APIVersion defines the versioned schema of this representation of an object. + // Servers should convert recognized schemas to the latest internal value, and + // may reject unrecognized values. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + // +optional + apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) +} + +// ListMeta describes metadata that synthetic resources must have, including lists and +// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. +#ListMeta: { + // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. + // +optional + selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) + + // String that identifies the server's internal version of this object that + // can be used by clients to determine when objects have changed. + // Value must be treated as opaque by clients and passed unmodified back to the server. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) + + // continue may be set if the user set a limit on the number of items returned, and indicates that + // the server has more data available. The value is opaque and may be used to issue another request + // to the endpoint that served this list to retrieve the next set of available objects. Continuing a + // consistent list may not be possible if the server configuration has changed or more than a few + // minutes have passed. The resourceVersion field returned when using this continue value will be + // identical to the value in the first response, unless you have received this token from an error + // message. + continue?: string @go(Continue) @protobuf(3,bytes,opt) + + // remainingItemCount is the number of subsequent items in the list which are not included in this + // list response. If the list request contained label or field selectors, then the number of + // remaining items is unknown and the field will be left unset and omitted during serialization. + // If the list is complete (either because it is not chunking or because this is the last chunk), + // then there are no more remaining items and this field will be left unset and omitted during + // serialization. + // Servers older than v1.15 do not set this field. + // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients + // should not rely on the remainingItemCount to be set or to be exact. + // +optional + remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) +} + +#ObjectNameField: "metadata.name" + +#FinalizerOrphanDependents: "orphan" +#FinalizerDeleteDependents: "foregroundDeletion" + +// ObjectMeta is metadata that all persisted resources must have, which includes all objects +// users must create. +#ObjectMeta: { + // Name must be unique within a namespace. Is required when creating resources, although + // some resources may allow a client to request the generation of an appropriate name + // automatically. Name is primarily intended for creation idempotence and configuration + // definition. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // GenerateName is an optional prefix, used by the server, to generate a unique + // name ONLY IF the Name field has not been provided. + // If this field is used, the name returned to the client will be different + // than the name passed. This value will also be combined with a unique suffix. + // The provided value has the same validation rules as the Name field, + // and may be truncated by the length of the suffix required to make the value + // unique on the server. + // + // If this field is specified and the generated name exists, the server will return a 409. + // + // Applied only if Name is not specified. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + // +optional + generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) + + // Namespace defines the space within which each name must be unique. An empty namespace is + // equivalent to the "default" namespace, but "default" is the canonical representation. + // Not all objects are required to be scoped to a namespace - the value of this field for + // those objects will be empty. + // + // Must be a DNS_LABEL. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces + // +optional + namespace?: string @go(Namespace) @protobuf(3,bytes,opt) + + // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. + // +optional + selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) + + // UID is the unique in time and space value for this object. It is typically generated by + // the server on successful creation of a resource and is not allowed to change on PUT + // operations. + // + // Populated by the system. + // Read-only. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + // +optional + uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) + + // An opaque value that represents the internal version of this object that can + // be used by clients to determine when objects have changed. May be used for optimistic + // concurrency, change detection, and the watch operation on a resource or set of resources. + // Clients must treat these values as opaque and passed unmodified back to the server. + // They may only be valid for a particular resource or set of resources. + // + // Populated by the system. + // Read-only. + // Value must be treated as opaque by clients and . + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) + + // A sequence number representing a specific generation of the desired state. + // Populated by the system. Read-only. + // +optional + generation?: int64 @go(Generation) @protobuf(7,varint,opt) + + // CreationTimestamp is a timestamp representing the server time when this object was + // created. It is not guaranteed to be set in happens-before order across separate operations. + // Clients may not set this value. It is represented in RFC3339 form and is in UTC. + // + // Populated by the system. + // Read-only. + // Null for lists. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) + + // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This + // field is set by the server when a graceful deletion is requested by the user, and is not + // directly settable by a client. The resource is expected to be deleted (no longer visible + // from resource lists, and not reachable by name) after the time in this field, once the + // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. + // Once the deletionTimestamp is set, this value may not be unset or be set further into the + // future, although it may be shortened or the resource may be deleted prior to this time. + // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react + // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, + // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, + // remove the pod from the API. In the presence of network partitions, this object may still + // exist after this timestamp, until an administrator or automated process can determine the + // resource is fully terminated. + // If not set, graceful deletion of the object has not been requested. + // + // Populated by the system when a graceful deletion is requested. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) + + // Number of seconds allowed for this object to gracefully terminate before + // it will be removed from the system. Only set when deletionTimestamp is also set. + // May only be shortened. + // Read-only. + // +optional + deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) + + // Map of string keys and values that can be used to organize and categorize + // (scope and select) objects. May match selectors of replication controllers + // and services. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // +optional + labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) + + // Annotations is an unstructured key value map stored with a resource that may be + // set by external tools to store and retrieve arbitrary metadata. They are not + // queryable and should be preserved when modifying objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + // +optional + annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) + + // List of objects depended by this object. If ALL objects in the list have + // been deleted, this object will be garbage collected. If this object is managed by a controller, + // then an entry in this list will point to this controller, with the controller field set to true. + // There cannot be more than one managing controller. + // +optional + // +patchMergeKey=uid + // +patchStrategy=merge + ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) + + // Must be empty before the object is deleted from the registry. Each entry + // is an identifier for the responsible component that will remove the entry + // from the list. If the deletionTimestamp of the object is non-nil, entries + // in this list can only be removed. + // Finalizers may be processed and removed in any order. Order is NOT enforced + // because it introduces significant risk of stuck finalizers. + // finalizers is a shared field, any actor with permission can reorder it. + // If the finalizer list is processed in order, then this can lead to a situation + // in which the component responsible for the first finalizer in the list is + // waiting for a signal (field value, external system, or other) produced by a + // component responsible for a finalizer later in the list, resulting in a deadlock. + // Without enforced ordering finalizers are free to order amongst themselves and + // are not vulnerable to ordering changes in the list. + // +optional + // +patchStrategy=merge + finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) + + // ManagedFields maps workflow-id and version to the set of fields + // that are managed by that workflow. This is mostly for internal + // housekeeping, and users typically shouldn't need to set or + // understand this field. A workflow can be the user's name, a + // controller's name, or the name of a specific apply path like + // "ci-cd". The set of fields is always in the version that the + // workflow used when modifying the object. + // + // +optional + managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) +} + +// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients +#NamespaceDefault: "default" + +// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces +#NamespaceAll: "" + +// NamespaceNone is the argument for a context when there is no namespace. +#NamespaceNone: "" + +// NamespaceSystem is the system namespace where we place system components. +#NamespaceSystem: "kube-system" + +// NamespacePublic is the namespace where we place public info (ConfigMaps) +#NamespacePublic: "kube-public" + +// OwnerReference contains enough information to let you identify an owning +// object. An owning object must be in the same namespace as the dependent, or +// be cluster-scoped, so there is no namespace field. +// +structType=atomic +#OwnerReference: { + // API version of the referent. + apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) + + // Kind of the referent. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + kind: string @go(Kind) @protobuf(1,bytes,opt) + + // Name of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + name: string @go(Name) @protobuf(3,bytes,opt) + + // UID of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // If true, this reference points to the managing controller. + // +optional + controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) + + // If true, AND if the owner has the "foregroundDeletion" finalizer, then + // the owner cannot be deleted from the key-value store until this + // reference is removed. + // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + // for how the garbage collector interacts with this field and enforces the foreground deletion. + // Defaults to false. + // To set this field, a user needs "delete" permission of the owner, + // otherwise 422 (Unprocessable Entity) will be returned. + // +optional + blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) +} + +// ListOptions is the query options to a standard REST list call. +#ListOptions: { + #TypeMeta + + // A selector to restrict the list of returned objects by their labels. + // Defaults to everything. + // +optional + labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) + + // A selector to restrict the list of returned objects by their fields. + // Defaults to everything. + // +optional + fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) + + // Watch for changes to the described resources and return them as a stream of + // add, update, and remove notifications. Specify resourceVersion. + // +optional + watch?: bool @go(Watch) @protobuf(3,varint,opt) + + // allowWatchBookmarks requests watch events with type "BOOKMARK". + // Servers that do not implement bookmarks may ignore this flag and + // bookmarks are sent at the server's discretion. Clients should not + // assume bookmarks are returned at any specific interval, nor may they + // assume the server will send any BOOKMARK event during a session. + // If this is not a watch, this field is ignored. + // +optional + allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) + + // resourceVersion sets a constraint on what resource versions a request may be served from. + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for + // details. + // + // Defaults to unset + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) + + // resourceVersionMatch determines how resourceVersion is applied to list calls. + // It is highly recommended that resourceVersionMatch be set for list calls where + // resourceVersion is set + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for + // details. + // + // Defaults to unset + // +optional + resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) + + // Timeout for the list/watch call. + // This limits the duration of the call, regardless of any activity or inactivity. + // +optional + timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) + + // limit is a maximum number of responses to return for a list call. If more items exist, the + // server will set the `continue` field on the list metadata to a value that can be used with the + // same initial query to retrieve the next set of results. Setting a limit may return fewer than + // the requested amount of items (up to zero items) in the event all requested objects are + // filtered out and clients should only use the presence of the continue field to determine whether + // more results are available. Servers may choose not to support the limit argument and will return + // all of the available results. If limit is specified and the continue field is empty, clients may + // assume that no more results are available. This field is not supported if watch is true. + // + // The server guarantees that the objects returned when using continue will be identical to issuing + // a single list call without a limit - that is, no objects created, modified, or deleted after the + // first request is issued will be included in any subsequent continued requests. This is sometimes + // referred to as a consistent snapshot, and ensures that a client that is using limit to receive + // smaller chunks of a very large result can ensure they see all possible objects. If objects are + // updated during a chunked list the version of the object that was present at the time the first list + // result was calculated is returned. + limit?: int64 @go(Limit) @protobuf(7,varint,opt) + + // The continue option should be set when retrieving more results from the server. Since this value is + // server defined, clients may only use the continue value from a previous query result with identical + // query parameters (except for the value of continue) and the server may reject a continue value it + // does not recognize. If the specified continue value is no longer valid whether due to expiration + // (generally five to fifteen minutes) or a configuration change on the server, the server will + // respond with a 410 ResourceExpired error together with a continue token. If the client needs a + // consistent list, it must restart their list without the continue field. Otherwise, the client may + // send another list request with the token received with the 410 error, the server will respond with + // a list starting from the next key, but from the latest snapshot, which is inconsistent from the + // previous list results - objects that are created, modified, or deleted after the first list request + // will be included in the response, as long as their keys are after the "next key". + // + // This field is not supported when watch is true. Clients may start a watch from the last + // resourceVersion value returned by the server and not miss any modifications. + continue?: string @go(Continue) @protobuf(8,bytes,opt) + + // `sendInitialEvents=true` may be set together with `watch=true`. + // In that case, the watch stream will begin with synthetic events to + // produce the current state of objects in the collection. Once all such + // events have been sent, a synthetic "Bookmark" event will be sent. + // The bookmark will report the ResourceVersion (RV) corresponding to the + // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. + // Afterwards, the watch stream will proceed as usual, sending watch events + // corresponding to changes (subsequent to the RV) to objects watched. + // + // When `sendInitialEvents` option is set, we require `resourceVersionMatch` + // option to also be set. The semantic of the watch request is as following: + // - `resourceVersionMatch` = NotOlderThan + // is interpreted as "data at least as new as the provided `resourceVersion`" + // and the bookmark event is send when the state is synced + // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. + // If `resourceVersion` is unset, this is interpreted as "consistent read" and the + // bookmark event is send when the state is synced at least to the moment + // when request started being processed. + // - `resourceVersionMatch` set to any other value or unset + // Invalid error is returned. + // + // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward + // compatibility reasons) and to false otherwise. + // +optional + sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) +} + +// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch +// may only be set if resourceVersion is also set. +// +// "NotOlderThan" matches data at least as new as the provided resourceVersion. +// "Exact" matches data at the exact resourceVersion provided. +// +// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for +// details. +#ResourceVersionMatch: string // #enumResourceVersionMatch + +#enumResourceVersionMatch: + #ResourceVersionMatchNotOlderThan | + #ResourceVersionMatchExact + +// ResourceVersionMatchNotOlderThan matches data at least as new as the provided +// resourceVersion. +#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" + +// ResourceVersionMatchExact matches data at the exact resourceVersion +// provided. +#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" + +// GetOptions is the standard query options to the standard REST get call. +#GetOptions: { + #TypeMeta + + // resourceVersion sets a constraint on what resource versions a request may be served from. + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for + // details. + // + // Defaults to unset + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) +} + +// DeletionPropagation decides if a deletion will propagate to the dependents of +// the object, and how the garbage collector will handle the propagation. +#DeletionPropagation: string // #enumDeletionPropagation + +#enumDeletionPropagation: + #DeletePropagationOrphan | + #DeletePropagationBackground | + #DeletePropagationForeground + +// Orphans the dependents. +#DeletePropagationOrphan: #DeletionPropagation & "Orphan" + +// Deletes the object from the key-value store, the garbage collector will +// delete the dependents in the background. +#DeletePropagationBackground: #DeletionPropagation & "Background" + +// The object exists in the key-value store until the garbage collector +// deletes all the dependents whose ownerReference.blockOwnerDeletion=true +// from the key-value store. API sever will put the "foregroundDeletion" +// finalizer on the object, and sets its deletionTimestamp. This policy is +// cascading, i.e., the dependents will be deleted with Foreground. +#DeletePropagationForeground: #DeletionPropagation & "Foreground" + +// DryRunAll means to complete all processing stages, but don't +// persist changes to storage. +#DryRunAll: "All" + +// DeleteOptions may be provided when deleting an API object. +#DeleteOptions: { + #TypeMeta + + // The duration in seconds before the object should be deleted. Value must be non-negative integer. + // The value zero indicates delete immediately. If this value is nil, the default grace period for the + // specified type will be used. + // Defaults to a per object value if not specified. zero means delete immediately. + // +optional + gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) + + // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be + // returned. + // +k8s:conversion-gen=false + // +optional + preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) + + // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. + // Should the dependent objects be orphaned. If true/false, the "orphan" + // finalizer will be added to/removed from the object's finalizers list. + // Either this field or PropagationPolicy may be set, but not both. + // +optional + orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) + + // Whether and how garbage collection will be performed. + // Either this field or OrphanDependents may be set, but not both. + // The default policy is decided by the existing finalizer set in the + // metadata.finalizers and the resource-specific default policy. + // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - + // allow the garbage collector to delete the dependents in the background; + // 'Foreground' - a cascading policy that deletes all dependents in the + // foreground. + // +optional + propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) +} + +// FieldValidationIgnore ignores unknown/duplicate fields +#FieldValidationIgnore: "Ignore" + +// FieldValidationWarn responds with a warning, but successfully serve the request +#FieldValidationWarn: "Warn" + +// FieldValidationStrict fails the request on unknown/duplicate fields +#FieldValidationStrict: "Strict" + +// CreateOptions may be provided when creating an API object. +#CreateOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. + // +optional + fieldManager?: string @go(FieldManager) @protobuf(3,bytes) + + // fieldValidation instructs the server on how to handle + // objects in the request (POST/PUT/PATCH) containing unknown + // or duplicate fields. Valid values are: + // - Ignore: This will ignore any unknown fields that are silently + // dropped from the object, and will ignore all but the last duplicate + // field that the decoder encounters. This is the default behavior + // prior to v1.23. + // - Warn: This will send a warning via the standard warning response + // header for each unknown field that is dropped from the object, and + // for each duplicate field that is encountered. The request will + // still succeed if there are no other errors, and will only persist + // the last of any duplicate fields. This is the default in v1.23+ + // - Strict: This will fail the request with a BadRequest error if + // any unknown fields would be dropped from the object, or if any + // duplicate fields are present. The error returned from the server + // will contain all unknown and duplicate fields encountered. + // +optional + fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) +} + +// PatchOptions may be provided when patching an API object. +// PatchOptions is meant to be a superset of UpdateOptions. +#PatchOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // Force is going to "force" Apply requests. It means user will + // re-acquire conflicting fields owned by other people. Force + // flag must be unset for non-apply patch requests. + // +optional + force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. This + // field is required for apply requests + // (application/apply-patch) but optional for non-apply patch + // types (JsonPatch, MergePatch, StrategicMergePatch). + // +optional + fieldManager?: string @go(FieldManager) @protobuf(3,bytes) + + // fieldValidation instructs the server on how to handle + // objects in the request (POST/PUT/PATCH) containing unknown + // or duplicate fields. Valid values are: + // - Ignore: This will ignore any unknown fields that are silently + // dropped from the object, and will ignore all but the last duplicate + // field that the decoder encounters. This is the default behavior + // prior to v1.23. + // - Warn: This will send a warning via the standard warning response + // header for each unknown field that is dropped from the object, and + // for each duplicate field that is encountered. The request will + // still succeed if there are no other errors, and will only persist + // the last of any duplicate fields. This is the default in v1.23+ + // - Strict: This will fail the request with a BadRequest error if + // any unknown fields would be dropped from the object, or if any + // duplicate fields are present. The error returned from the server + // will contain all unknown and duplicate fields encountered. + // +optional + fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) +} + +// ApplyOptions may be provided when applying an API object. +// FieldManager is required for apply requests. +// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation +// that speaks specifically to how the options fields relate to apply. +#ApplyOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // Force is going to "force" Apply requests. It means user will + // re-acquire conflicting fields owned by other people. + force: bool @go(Force) @protobuf(2,varint,opt) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. This + // field is required. + fieldManager: string @go(FieldManager) @protobuf(3,bytes) +} + +// UpdateOptions may be provided when updating an API object. +// All fields in UpdateOptions should also be present in PatchOptions. +#UpdateOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. + // +optional + fieldManager?: string @go(FieldManager) @protobuf(2,bytes) + + // fieldValidation instructs the server on how to handle + // objects in the request (POST/PUT/PATCH) containing unknown + // or duplicate fields. Valid values are: + // - Ignore: This will ignore any unknown fields that are silently + // dropped from the object, and will ignore all but the last duplicate + // field that the decoder encounters. This is the default behavior + // prior to v1.23. + // - Warn: This will send a warning via the standard warning response + // header for each unknown field that is dropped from the object, and + // for each duplicate field that is encountered. The request will + // still succeed if there are no other errors, and will only persist + // the last of any duplicate fields. This is the default in v1.23+ + // - Strict: This will fail the request with a BadRequest error if + // any unknown fields would be dropped from the object, or if any + // duplicate fields are present. The error returned from the server + // will contain all unknown and duplicate fields encountered. + // +optional + fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) +} + +// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. +#Preconditions: { + // Specifies the target UID. + // +optional + uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // Specifies the target ResourceVersion + // +optional + resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) +} + +// Status is a return value for calls that don't return other objects. +#Status: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Status of the operation. + // One of: "Success" or "Failure". + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: string @go(Status) @protobuf(2,bytes,opt) + + // A human-readable description of the status of this operation. + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // A machine-readable description of why this operation is in the + // "Failure" status. If this value is empty there + // is no information available. A Reason clarifies an HTTP status + // code but does not override it. + // +optional + reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) + + // Extended data associated with the reason. Each reason may define its + // own extended details. This field is optional and the data returned + // is not guaranteed to conform to any schema except that defined by + // the reason type. + // +optional + details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) + + // Suggested HTTP return code for this status, 0 if not set. + // +optional + code?: int32 @go(Code) @protobuf(6,varint,opt) +} + +// StatusDetails is a set of additional properties that MAY be set by the +// server to provide additional information about a response. The Reason +// field of a Status object defines what attributes will be set. Clients +// must ignore fields that do not match the defined type of each attribute, +// and should assume that any attribute may be empty, invalid, or under +// defined. +#StatusDetails: { + // The name attribute of the resource associated with the status StatusReason + // (when there is a single name which can be described). + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // The group attribute of the resource associated with the status StatusReason. + // +optional + group?: string @go(Group) @protobuf(2,bytes,opt) + + // The kind attribute of the resource associated with the status StatusReason. + // On some operations may differ from the requested resource Kind. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + kind?: string @go(Kind) @protobuf(3,bytes,opt) + + // UID of the resource. + // (when there is a single resource which can be described). + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + // +optional + uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // The Causes array includes more details associated with the StatusReason + // failure. Not all StatusReasons may provide detailed causes. + // +optional + causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) + + // If specified, the time in seconds before the operation should be retried. Some errors may indicate + // the client must take an alternate action - for those errors this field may indicate how long to wait + // before taking the alternate action. + // +optional + retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) +} + +#StatusSuccess: "Success" +#StatusFailure: "Failure" + +// StatusReason is an enumeration of possible failure causes. Each StatusReason +// must map to a single HTTP status code, but multiple reasons may map +// to the same HTTP status code. +// TODO: move to apiserver +#StatusReason: string // #enumStatusReason + +#enumStatusReason: + #StatusReasonUnknown | + #StatusReasonUnauthorized | + #StatusReasonForbidden | + #StatusReasonNotFound | + #StatusReasonAlreadyExists | + #StatusReasonConflict | + #StatusReasonGone | + #StatusReasonInvalid | + #StatusReasonServerTimeout | + #StatusReasonTimeout | + #StatusReasonTooManyRequests | + #StatusReasonBadRequest | + #StatusReasonMethodNotAllowed | + #StatusReasonNotAcceptable | + #StatusReasonRequestEntityTooLarge | + #StatusReasonUnsupportedMediaType | + #StatusReasonInternalError | + #StatusReasonExpired | + #StatusReasonServiceUnavailable + +// StatusReasonUnknown means the server has declined to indicate a specific reason. +// The details field may contain other information about this error. +// Status code 500. +#StatusReasonUnknown: #StatusReason & "" + +// StatusReasonUnauthorized means the server can be reached and understood the request, but requires +// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) +// in order for the action to be completed. If the user has specified credentials on the request, the +// server considers them insufficient. +// Status code 401 +#StatusReasonUnauthorized: #StatusReason & "Unauthorized" + +// StatusReasonForbidden means the server can be reached and understood the request, but refuses +// to take any further action. It is the result of the server being configured to deny access for some reason +// to the requested resource by the client. +// Details (optional): +// "kind" string - the kind attribute of the forbidden resource +// on some operations may differ from the requested +// resource. +// "id" string - the identifier of the forbidden resource +// Status code 403 +#StatusReasonForbidden: #StatusReason & "Forbidden" + +// StatusReasonNotFound means one or more resources required for this operation +// could not be found. +// Details (optional): +// "kind" string - the kind attribute of the missing resource +// on some operations may differ from the requested +// resource. +// "id" string - the identifier of the missing resource +// Status code 404 +#StatusReasonNotFound: #StatusReason & "NotFound" + +// StatusReasonAlreadyExists means the resource you are creating already exists. +// Details (optional): +// "kind" string - the kind attribute of the conflicting resource +// "id" string - the identifier of the conflicting resource +// Status code 409 +#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" + +// StatusReasonConflict means the requested operation cannot be completed +// due to a conflict in the operation. The client may need to alter the +// request. Each resource may define custom details that indicate the +// nature of the conflict. +// Status code 409 +#StatusReasonConflict: #StatusReason & "Conflict" + +// StatusReasonGone means the item is no longer available at the server and no +// forwarding address is known. +// Status code 410 +#StatusReasonGone: #StatusReason & "Gone" + +// StatusReasonInvalid means the requested create or update operation cannot be +// completed due to invalid data provided as part of the request. The client may +// need to alter the request. When set, the client may use the StatusDetails +// message field as a summary of the issues encountered. +// Details (optional): +// "kind" string - the kind attribute of the invalid resource +// "id" string - the identifier of the invalid resource +// "causes" - one or more StatusCause entries indicating the data in the +// provided resource that was invalid. The code, message, and +// field attributes will be set. +// Status code 422 +#StatusReasonInvalid: #StatusReason & "Invalid" + +// StatusReasonServerTimeout means the server can be reached and understood the request, +// but cannot complete the action in a reasonable time. The client should retry the request. +// This is may be due to temporary server load or a transient communication issue with +// another server. Status code 500 is used because the HTTP spec provides no suitable +// server-requested client retry and the 5xx class represents actionable errors. +// Details (optional): +// "kind" string - the kind attribute of the resource being acted on. +// "id" string - the operation that is being attempted. +// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried +// Status code 500 +#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" + +// StatusReasonTimeout means that the request could not be completed within the given time. +// Clients can get this response only when they specified a timeout param in the request, +// or if the server cannot complete the operation within a reasonable amount of time. +// The request might succeed with an increased value of timeout param. The client *should* +// wait at least the number of seconds specified by the retryAfterSeconds field. +// Details (optional): +// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried +// Status code 504 +#StatusReasonTimeout: #StatusReason & "Timeout" + +// StatusReasonTooManyRequests means the server experienced too many requests within a +// given window and that the client must wait to perform the action again. A client may +// always retry the request that led to this error, although the client should wait at least +// the number of seconds specified by the retryAfterSeconds field. +// Details (optional): +// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried +// Status code 429 +#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" + +// StatusReasonBadRequest means that the request itself was invalid, because the request +// doesn't make any sense, for example deleting a read-only object. This is different than +// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the +// data was invalid. API calls that return BadRequest can never succeed. +// Status code 400 +#StatusReasonBadRequest: #StatusReason & "BadRequest" + +// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the +// resource was not supported by the code - for instance, attempting to delete a resource that +// can only be created. API calls that return MethodNotAllowed can never succeed. +// Status code 405 +#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" + +// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable +// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. +// API calls that return NotAcceptable can never succeed. +// Status code 406 +#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" + +// StatusReasonRequestEntityTooLarge means that the request entity is too large. +// Status code 413 +#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" + +// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable +// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. +// API calls that return UnsupportedMediaType can never succeed. +// Status code 415 +#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" + +// StatusReasonInternalError indicates that an internal error occurred, it is unexpected +// and the outcome of the call is unknown. +// Details (optional): +// "causes" - The original error +// Status code 500 +#StatusReasonInternalError: #StatusReason & "InternalError" + +// StatusReasonExpired indicates that the request is invalid because the content you are requesting +// has expired and is no longer available. It is typically associated with watches that can't be +// serviced. +// Status code 410 (gone) +#StatusReasonExpired: #StatusReason & "Expired" + +// StatusReasonServiceUnavailable means that the request itself was valid, +// but the requested service is unavailable at this time. +// Retrying the request after some time might succeed. +// Status code 503 +#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" + +// StatusCause provides more information about an api.Status failure, including +// cases when multiple errors are encountered. +#StatusCause: { + // A machine-readable description of the cause of the error. If this value is + // empty there is no information available. + // +optional + reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) + + // A human-readable description of the cause of the error. This field may be + // presented as-is to a reader. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) + + // The field of the resource that has caused this error, as named by its JSON + // serialization. May include dot and postfix notation for nested attributes. + // Arrays are zero-indexed. Fields may appear more than once in an array of + // causes due to fields having multiple errors. + // Optional. + // + // Examples: + // "name" - the field "name" on the current resource + // "items[0].name" - the field "name" on the first array entry in "items" + // +optional + field?: string @go(Field) @protobuf(3,bytes,opt) +} + +// CauseType is a machine readable value providing more detail about what +// occurred in a status response. An operation may have multiple causes for a +// status (whether Failure or Success). +#CauseType: string // #enumCauseType + +#enumCauseType: + #CauseTypeFieldValueNotFound | + #CauseTypeFieldValueRequired | + #CauseTypeFieldValueDuplicate | + #CauseTypeFieldValueInvalid | + #CauseTypeFieldValueNotSupported | + #CauseTypeForbidden | + #CauseTypeTooLong | + #CauseTypeTooMany | + #CauseTypeInternal | + #CauseTypeTypeInvalid | + #CauseTypeUnexpectedServerResponse | + #CauseTypeFieldManagerConflict | + #CauseTypeResourceVersionTooLarge + +// CauseTypeFieldValueNotFound is used to report failure to find a requested value +// (e.g. looking up an ID). +#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" + +// CauseTypeFieldValueRequired is used to report required values that are not +// provided (e.g. empty strings, null values, or empty arrays). +#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" + +// CauseTypeFieldValueDuplicate is used to report collisions of values that must be +// unique (e.g. unique IDs). +#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" + +// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex +// match). +#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" + +// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) +// values that can not be handled (e.g. an enumerated string). +#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" + +// CauseTypeForbidden is used to report valid (as per formatting rules) +// values which would be accepted under some conditions, but which are not +// permitted by the current conditions (such as security policy). See +// Forbidden(). +#CauseTypeForbidden: #CauseType & "FieldValueForbidden" + +// CauseTypeTooLong is used to report that the given value is too long. +// This is similar to ErrorTypeInvalid, but the error will not include the +// too-long value. See TooLong(). +#CauseTypeTooLong: #CauseType & "FieldValueTooLong" + +// CauseTypeTooMany is used to report "too many". This is used to +// report that a given list has too many items. This is similar to FieldValueTooLong, +// but the error indicates quantity instead of length. +#CauseTypeTooMany: #CauseType & "FieldValueTooMany" + +// CauseTypeInternal is used to report other errors that are not related +// to user input. See InternalError(). +#CauseTypeInternal: #CauseType & "InternalError" + +// CauseTypeTypeInvalid is for the value did not match the schema type for that field +#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" + +// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client +// without the expected return type. The presence of this cause indicates the error may be +// due to an intervening proxy or the server software malfunctioning. +#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" + +// FieldManagerConflict is used to report when another client claims to manage this field, +// It should only be returned for a request using server-side apply. +#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" + +// CauseTypeResourceVersionTooLarge is used to report that the requested resource version +// is newer than the data observed by the API server, so the request cannot be served. +#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" + +// List holds a list of objects, which may not be known by the server. +#List: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of objects + items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) +} + +// APIVersions lists the versions that are available, to allow clients to +// discover the API at /api, which is the root path of the legacy v1 API. +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#APIVersions: { + #TypeMeta + + // versions are the api versions that are available. + versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) + + // a map of client CIDR to server address that is serving this group. + // This is to help clients reach servers in the most network-efficient way possible. + // Clients can use the appropriate server address as per the CIDR that they match. + // In case of multiple matches, clients should use the longest matching CIDR. + // The server returns only those CIDRs that it thinks that the client can match. + // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. + // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. + serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) +} + +// APIGroupList is a list of APIGroup, to allow clients to discover the API at +// /apis. +#APIGroupList: { + #TypeMeta + + // groups is a list of APIGroup. + groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) +} + +// APIGroup contains the name, the supported versions, and the preferred version +// of a group. +#APIGroup: { + #TypeMeta + + // name is the name of the group. + name: string @go(Name) @protobuf(1,bytes,opt) + + // versions are the versions supported in this group. + versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) + + // preferredVersion is the version preferred by the API server, which + // probably is the storage version. + // +optional + preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) + + // a map of client CIDR to server address that is serving this group. + // This is to help clients reach servers in the most network-efficient way possible. + // Clients can use the appropriate server address as per the CIDR that they match. + // In case of multiple matches, clients should use the longest matching CIDR. + // The server returns only those CIDRs that it thinks that the client can match. + // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. + // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. + // +optional + serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) +} + +// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. +#ServerAddressByClientCIDR: { + // The CIDR with which clients can match their IP to figure out the server address that they should use. + clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) + + // Address of this server, suitable for a client that matches the above CIDR. + // This can be a hostname, hostname:port, IP or IP:port. + serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) +} + +// GroupVersion contains the "group/version" and "version" string of a version. +// It is made a struct to keep extensibility. +#GroupVersionForDiscovery: { + // groupVersion specifies the API group and version in the form "group/version" + groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) + + // version specifies the version in the form of "version". This is to save + // the clients the trouble of splitting the GroupVersion. + version: string @go(Version) @protobuf(2,bytes,opt) +} + +// APIResource specifies the name of a resource and whether it is namespaced. +#APIResource: { + // name is the plural name of the resource. + name: string @go(Name) @protobuf(1,bytes,opt) + + // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. + // The singularName is more correct for reporting status on a single item and both singular and plural are allowed + // from the kubectl CLI interface. + singularName: string @go(SingularName) @protobuf(6,bytes,opt) + + // namespaced indicates if a resource is namespaced or not. + namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) + + // group is the preferred group of the resource. Empty implies the group of the containing resource list. + // For subresources, this may have a different value, for example: Scale". + group?: string @go(Group) @protobuf(8,bytes,opt) + + // version is the preferred version of the resource. Empty implies the version of the containing resource list + // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". + version?: string @go(Version) @protobuf(9,bytes,opt) + + // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') + kind: string @go(Kind) @protobuf(3,bytes,opt) + + // verbs is a list of supported kube verbs (this includes get, list, watch, create, + // update, patch, delete, deletecollection, and proxy) + verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) + + // shortNames is a list of suggested short names of the resource. + shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) + + // categories is a list of the grouped resources this resource belongs to (e.g. 'all') + categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) + + // The hash value of the storage version, the version this resource is + // converted to when written to the data store. Value must be treated + // as opaque by clients. Only equality comparison on the value is valid. + // This is an alpha feature and may change or be removed in the future. + // The field is populated by the apiserver only if the + // StorageVersionHash feature gate is enabled. + // This field will remain optional even if it graduates. + // +optional + storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) +} + +// Verbs masks the value so protobuf can generate +// +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +#Verbs: [...string] + +// APIResourceList is a list of APIResource, it is used to expose the name of the +// resources supported in a specific group and version, and if the resource +// is namespaced. +#APIResourceList: { + #TypeMeta + + // groupVersion is the group and version this APIResourceList is for. + groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) + + // resources contains the name of the resources and if they are namespaced. + resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) +} + +// RootPaths lists the paths available at root. +// For example: "/healthz", "/apis". +#RootPaths: { + // paths are the paths available at root. + paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) +} + +// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. +#Patch: { +} + +// A label selector is a label query over a set of resources. The result of matchLabels and +// matchExpressions are ANDed. An empty label selector matches all objects. A null +// label selector matches no objects. +// +structType=atomic +#LabelSelector: { + // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + // map is equivalent to an element of matchExpressions, whose key field is "key", the + // operator is "In", and the values array contains only "value". The requirements are ANDed. + // +optional + matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) + + // matchExpressions is a list of label selector requirements. The requirements are ANDed. + // +optional + matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) +} + +// A label selector requirement is a selector that contains values, a key, and an operator that +// relates the key and values. +#LabelSelectorRequirement: { + // key is the label key that the selector applies to. + key: string @go(Key) @protobuf(1,bytes,opt) + + // operator represents a key's relationship to a set of values. + // Valid operators are In, NotIn, Exists and DoesNotExist. + operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) + + // values is an array of string values. If the operator is In or NotIn, + // the values array must be non-empty. If the operator is Exists or DoesNotExist, + // the values array must be empty. This array is replaced during a strategic + // merge patch. + // +optional + values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) +} + +// A label selector operator is the set of operators that can be used in a selector requirement. +#LabelSelectorOperator: string // #enumLabelSelectorOperator + +#enumLabelSelectorOperator: + #LabelSelectorOpIn | + #LabelSelectorOpNotIn | + #LabelSelectorOpExists | + #LabelSelectorOpDoesNotExist + +#LabelSelectorOpIn: #LabelSelectorOperator & "In" +#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" +#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" +#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" + +// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource +// that the fieldset applies to. +#ManagedFieldsEntry: { + // Manager is an identifier of the workflow managing these fields. + manager?: string @go(Manager) @protobuf(1,bytes,opt) + + // Operation is the type of operation which lead to this ManagedFieldsEntry being created. + // The only valid values for this field are 'Apply' and 'Update'. + operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) + + // APIVersion defines the version of this resource that this field set + // applies to. The format is "group/version" just like the top-level + // APIVersion field. It is necessary to track the version of a field + // set because it cannot be automatically converted. + apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) + + // Time is the timestamp of when the ManagedFields entry was added. The + // timestamp will also be updated if a field is added, the manager + // changes any of the owned fields value or removes a field. The + // timestamp does not update when a field is removed from the entry + // because another manager took it over. + // +optional + time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) + + // FieldsType is the discriminator for the different fields format and version. + // There is currently only one possible value: "FieldsV1" + fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) + + // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. + // +optional + fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) + + // Subresource is the name of the subresource used to update that object, or + // empty string if the object was updated through the main resource. The + // value of this field is used to distinguish between managers, even if they + // share the same name. For example, a status update will be distinct from a + // regular update using the same manager name. + // Note that the APIVersion field is not related to the Subresource field and + // it always corresponds to the version of the main resource. + subresource?: string @go(Subresource) @protobuf(8,bytes,opt) +} + +// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. +#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType + +#enumManagedFieldsOperationType: + #ManagedFieldsOperationApply | + #ManagedFieldsOperationUpdate + +#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" +#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" + +// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. +// +// Each key is either a '.' representing the field itself, and will always map to an empty set, +// or a string representing a sub-field or item. The string will follow one of these four formats: +// 'f:', where is the name of a field in a struct, or key in a map +// 'v:', where is the exact json formatted value of a list item +// 'i:', where is position of a item in a list +// 'k:', where is a map of a list item's key fields to their unique values +// If a key maps to an empty Fields value, the field that key represents is part of the set. +// +// The exact format is defined in sigs.k8s.io/structured-merge-diff +// +protobuf.options.(gogoproto.goproto_stringer)=false +#FieldsV1: _ + +// Table is a tabular representation of a set of API resources. The server transforms the +// object into a set of preferred columns for quickly reviewing the objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +protobuf=false +#Table: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) + + // columnDefinitions describes each column in the returned items array. The number of cells per row + // will always match the number of column definitions. + columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) + + // rows is the list of items in the table. + rows: [...#TableRow] @go(Rows,[]TableRow) +} + +// TableColumnDefinition contains information about a column returned in the Table. +// +protobuf=false +#TableColumnDefinition: { + // name is a human readable name for the column. + name: string @go(Name) + + // type is an OpenAPI type definition for this column, such as number, integer, string, or + // array. + // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. + type: string @go(Type) + + // format is an optional OpenAPI type modifier for this column. A format modifies the type and + // imposes additional rules, like date or time formatting for a string. The 'name' format is applied + // to the primary identifier column which has type 'string' to assist in clients identifying column + // is the resource name. + // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. + format: string @go(Format) + + // description is a human readable description of this column. + description: string @go(Description) + + // priority is an integer defining the relative importance of this column compared to others. Lower + // numbers are considered higher priority. Columns that may be omitted in limited space scenarios + // should be given a higher priority. + priority: int32 @go(Priority) +} + +// TableRow is an individual row in a table. +// +protobuf=false +#TableRow: { + // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or + // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a + // more detailed description. + cells: [...] @go(Cells,[]interface{}) + + // conditions describe additional status of a row that are relevant for a human user. These conditions + // apply to the row, not to the object, and will be specific to table output. The only defined + // condition type is 'Completed', for a row that indicates a resource that has run to completion and + // can be given less visual priority. + // +optional + conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) + + // This field contains the requested additional information about each object based on the includeObject + // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the + // default serialization of the object for the current API version, and if "Metadata" (the default) will + // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. + // The media type of the object will always match the enclosing list - if this as a JSON table, these + // will be JSON encoded objects. + // +optional + object?: runtime.#RawExtension @go(Object) +} + +// TableRowCondition allows a row to be marked with additional information. +// +protobuf=false +#TableRowCondition: { + // Type of row condition. The only defined value is 'Completed' indicating that the + // object this row represents has reached a completed state and may be given less visual + // priority than other rows. Clients are not required to honor any conditions but should + // be consistent where possible about handling the conditions. + type: #RowConditionType @go(Type) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) + + // (brief) machine readable reason for the condition's last transition. + // +optional + reason?: string @go(Reason) + + // Human readable message indicating details about last transition. + // +optional + message?: string @go(Message) +} + +#RowConditionType: string // #enumRowConditionType + +#enumRowConditionType: + #RowCompleted + +// RowCompleted means the underlying resource has reached completion and may be given less +// visual priority than other resources. +#RowCompleted: #RowConditionType & "Completed" + +#ConditionStatus: string // #enumConditionStatus + +#enumConditionStatus: + #ConditionTrue | + #ConditionFalse | + #ConditionUnknown + +#ConditionTrue: #ConditionStatus & "True" +#ConditionFalse: #ConditionStatus & "False" +#ConditionUnknown: #ConditionStatus & "Unknown" + +// IncludeObjectPolicy controls which portion of the object is returned with a Table. +#IncludeObjectPolicy: string // #enumIncludeObjectPolicy + +#enumIncludeObjectPolicy: + #IncludeNone | + #IncludeMetadata | + #IncludeObject + +// IncludeNone returns no object. +#IncludeNone: #IncludeObjectPolicy & "None" + +// IncludeMetadata serializes the object containing only its metadata field. +#IncludeMetadata: #IncludeObjectPolicy & "Metadata" + +// IncludeObject contains the full object. +#IncludeObject: #IncludeObjectPolicy & "Object" + +// TableOptions are used when a Table is requested by the caller. +// +k8s:conversion-gen:explicit-from=net/url.Values +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#TableOptions: { + #TypeMeta + + // includeObject decides whether to include each object along with its columnar information. + // Specifying "None" will return no object, specifying "Object" will return the full object contents, and + // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind + // in version v1beta1 of the meta.k8s.io API group. + includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) +} + +// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients +// to get access to a particular ObjectMeta schema without knowing the details of the version. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#PartialObjectMetadata: { + #TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) +} + +// PartialObjectMetadataList contains a list of objects containing only their metadata +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#PartialObjectMetadataList: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items contains each of the included items. + items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) +} + +// Condition contains details for one aspect of the current state of this API Resource. +// --- +// This struct is intended for direct use as an array at the field path .status.conditions. For example, +// +// type FooStatus struct{ +// // Represents the observations of a foo's current state. +// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" +// // +patchMergeKey=type +// // +patchStrategy=merge +// // +listType=map +// // +listMapKey=type +// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +// +// // other fields +// } +#Condition: { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + type: string @go(Type) @protobuf(1,bytes,opt) + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) + + // observedGeneration represents the .metadata.generation that the condition was set based upon. + // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the instance. + // +optional + // +kubebuilder:validation:Minimum=0 + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // reason contains a programmatic identifier indicating the reason for the condition's last transition. + // Producers of specific condition types may define expected values and meanings for this field, + // and whether the values are considered a guaranteed API. + // The value should be a CamelCase string. + // This field may not be empty. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` + reason: string @go(Reason) @protobuf(5,bytes,opt) + + // message is a human readable message indicating details about the transition. + // This may be an empty string. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=32768 + message: string @go(Message) @protobuf(6,bytes,opt) +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue new file mode 100644 index 00000000..12f5f1b6 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue @@ -0,0 +1,30 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" +) + +// Event represents a single event to a watched resource. +// +// +protobuf=true +// +k8s:deepcopy-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#WatchEvent: { + type: string @go(Type) @protobuf(1,bytes,opt) + + // Object is: + // * If Type is Added or Modified: the new state of the object. + // * If Type is Deleted: the state of the object immediately before deletion. + // * If Type is Error: *Status is recommended; other types may make sense + // depending on context. + object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) +} + +// InternalEvent makes watch.Event versioned +// +protobuf=false +#InternalEvent: watch.#Event diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue new file mode 100644 index 00000000..43474c39 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// SimpleAllocator a wrapper around make([]byte) +// conforms to the MemoryAllocator interface +#SimpleAllocator: { +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue new file mode 100644 index 00000000..a05de5d5 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue @@ -0,0 +1,37 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// codec binds an encoder and decoder. +_#codec: { + Encoder: #Encoder + Decoder: #Decoder +} + +// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. +#NoopEncoder: { + Decoder: #Decoder +} + +_#noopEncoderIdentifier: #Identifier & "noop" + +// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. +#NoopDecoder: { + Encoder: #Encoder +} + +_#base64Serializer: { + Encoder: #Encoder + Decoder: #Decoder +} + +_#internalGroupVersionerIdentifier: "internal" +_#disabledGroupVersionerIdentifier: "disabled" + +_#internalGroupVersioner: { +} + +_#disabledGroupVersioner: { +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue new file mode 100644 index 00000000..ce6d644c --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +// Package runtime defines conversions between generic types and structs to map query strings +// to struct objects. +package runtime diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue new file mode 100644 index 00000000..f49ad1e3 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// UnstructuredConverter is an interface for converting between interface{} +// and map[string]interface representation. +#UnstructuredConverter: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue new file mode 100644 index 00000000..89c5c51b --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue @@ -0,0 +1,39 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +// Package runtime includes helper functions for working with API objects +// that follow the kubernetes API object conventions, which are: +// +// 0. Your API objects have a common metadata struct member, TypeMeta. +// +// 1. Your code refers to an internal set of API objects. +// +// 2. In a separate package, you have an external set of API objects. +// +// 3. The external set is considered to be versioned, and no breaking +// changes are ever made to it (fields may be added but not changed +// or removed). +// +// 4. As your api evolves, you'll make an additional versioned package +// with every major change. +// +// 5. Versioned packages have conversion functions which convert to +// and from the internal version. +// +// 6. You'll continue to support older versions according to your +// deprecation policy, and you can easily provide a program/library +// to update old versions into new versions because of 5. +// +// 7. All of your serializations and deserializations are handled in a +// centralized place. +// +// Package runtime provides a conversion helper to make 5 easy, and the +// Encode/Decode/DecodeInto trio to accomplish 7. You can also register +// additional "codecs" which use a version of your choice. It's +// recommended that you register your types with runtime in your +// package's init function. +// +// As a bonus, a few common types useful from all api objects and versions +// are provided in types.go. +package runtime diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue new file mode 100644 index 00000000..d43f15f2 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +_#encodable: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue new file mode 100644 index 00000000..ec8f1f07 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue @@ -0,0 +1,23 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// MultiObjectTyper returns the types of objects across multiple schemes in order. +#MultiObjectTyper: [...#ObjectTyper] + +_#defaultFramer: { +} + +// WithVersionEncoder serializes an object and ensures the GVK is set. +#WithVersionEncoder: { + Version: #GroupVersioner + Encoder: #Encoder + ObjectTyper: #ObjectTyper +} + +// WithoutVersionDecoder clears the group version kind of a deserialized object. +#WithoutVersionDecoder: { + Decoder: #Decoder +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue new file mode 100644 index 00000000..22abcb62 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue @@ -0,0 +1,165 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// APIVersionInternal may be used if you are registering a type that should not +// be considered stable or serialized - it is a convention only and has no +// special behavior in this package. +#APIVersionInternal: "__internal" + +// GroupVersioner refines a set of possible conversion targets into a single option. +#GroupVersioner: _ + +// Identifier represents an identifier. +// Identitier of two different objects should be equal if and only if for every +// input the output they produce is exactly the same. +#Identifier: string // #enumIdentifier + +#enumIdentifier: + _#noopEncoderIdentifier + +// Encoder writes objects to a serialized form +#Encoder: _ + +// MemoryAllocator is responsible for allocating memory. +// By encapsulating memory allocation into its own interface, we can reuse the memory +// across many operations in places we know it can significantly improve the performance. +#MemoryAllocator: _ + +// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. +#EncoderWithAllocator: _ + +// Decoder attempts to load an object from data. +#Decoder: _ + +// Serializer is the core interface for transforming objects into a serialized format and back. +// Implementations may choose to perform conversion of the object, but no assumptions should be made. +#Serializer: _ + +// Codec is a Serializer that deals with the details of versioning objects. It offers the same +// interface as Serializer, so this is a marker to consumers that care about the version of the objects +// they receive. +#Codec: #Serializer + +// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and +// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing +// and the desired version must be specified. +#ParameterCodec: _ + +// Framer is a factory for creating readers and writers that obey a particular framing pattern. +#Framer: _ + +// SerializerInfo contains information about a specific serialization format +#SerializerInfo: { + // MediaType is the value that represents this serializer over the wire. + MediaType: string + + // MediaTypeType is the first part of the MediaType ("application" in "application/json"). + MediaTypeType: string + + // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). + MediaTypeSubType: string + + // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. + EncodesAsText: bool + + // Serializer is the individual object serializer for this media type. + Serializer: #Serializer + + // PrettySerializer, if set, can serialize this object in a form biased towards + // readability. + PrettySerializer: #Serializer + + // StrictSerializer, if set, deserializes this object strictly, + // erring on unknown fields. + StrictSerializer: #Serializer + + // StreamSerializer, if set, describes the streaming serialization format + // for this media type. + StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) +} + +// StreamSerializerInfo contains information about a specific stream serialization format +#StreamSerializerInfo: { + // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. + EncodesAsText: bool + + // Serializer is the top level object serializer for this type when streaming + Serializer: #Serializer + + // Framer is the factory for retrieving streams that separate objects on the wire + Framer: #Framer +} + +// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers +// for multiple supported media types. This would commonly be accepted by a server component +// that performs HTTP content negotiation to accept multiple formats. +#NegotiatedSerializer: _ + +// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. +// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from +// a NegotiatedSerializer. +#ClientNegotiator: _ + +// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers +// that can read and write data at rest. This would commonly be used by client tools that must +// read files, or server side storage interfaces that persist restful objects. +#StorageSerializer: _ + +// NestedObjectEncoder is an optional interface that objects may implement to be given +// an opportunity to encode any nested Objects / RawExtensions during serialization. +#NestedObjectEncoder: _ + +// NestedObjectDecoder is an optional interface that objects may implement to be given +// an opportunity to decode any nested Objects / RawExtensions during serialization. +// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding +// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). +// As such it is important for callers of DecodeNestedObjects to check to confirm whether +// an error is a runtime.StrictDecodingError before short circuiting. +// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError +// is only returned when the rest of decoding has succeeded. +#NestedObjectDecoder: _ + +#ObjectDefaulter: _ + +#ObjectVersioner: _ + +// ObjectConvertor converts an object to a different version. +#ObjectConvertor: _ + +// ObjectTyper contains methods for extracting the APIVersion and Kind +// of objects. +#ObjectTyper: _ + +// ObjectCreater contains methods for instantiating an object by kind and version. +#ObjectCreater: _ + +// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource +#EquivalentResourceMapper: _ + +// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, +// and allows registering known resource[/subresource] -> kind +#EquivalentResourceRegistry: _ + +// ResourceVersioner provides methods for setting and retrieving +// the resource version from an API object. +#ResourceVersioner: _ + +// Namer provides methods for retrieving name and namespace of an API object. +#Namer: _ + +// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are +// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows +// serializers to set the kind, version, and group the object is represented as. An Object may choose +// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. +#Object: _ + +// CacheableObject allows an object to cache its different serializations +// to avoid performing the same serialization multiple times. +#CacheableObject: _ + +// Unstructured objects store values as map[string]interface{}, with only values that can be serialized +// to JSON allowed. +#Unstructured: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue new file mode 100644 index 00000000..7580f467 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// NegotiateError is returned when a ClientNegotiator is unable to locate +// a serializer for the requested operation. +#NegotiateError: { + ContentType: string + Stream: bool +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue new file mode 100644 index 00000000..bd9c409a --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// Splice is the interface that wraps the Splice method. +// +// Splice moves data from given slice without copying the underlying data for +// efficiency purpose. Therefore, the caller should make sure the underlying +// data is not changed later. +#Splice: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue new file mode 100644 index 00000000..9dfc078b --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue @@ -0,0 +1,14 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// Pair of strings. We keed the name of fields and the doc +#Pair: { + Name: string + Doc: string +} + +// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself +#KubeTypes: [...#Pair] diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue new file mode 100644 index 00000000..d1ee609a --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue @@ -0,0 +1,97 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, +// like this: +// +// type MyAwesomeAPIObject struct { +// runtime.TypeMeta `json:",inline"` +// ... // other fields +// } +// +// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind +// +// TypeMeta is provided here for convenience. You may use it directly from this package or define +// your own with the same fields. +// +// +k8s:deepcopy-gen=false +// +protobuf=true +// +k8s:openapi-gen=true +#TypeMeta: { + // +optional + apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) + + // +optional + kind?: string @go(Kind) @protobuf(2,bytes,opt) +} + +#ContentTypeJSON: "application/json" +#ContentTypeYAML: "application/yaml" +#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" + +// RawExtension is used to hold extensions in external versions. +// +// To use this, make a field which has RawExtension as its type in your external, versioned +// struct, and Object in your internal struct. You also need to register your +// various plugin types. +// +// // Internal package: +// +// type MyAPIObject struct { +// runtime.TypeMeta `json:",inline"` +// MyPlugin runtime.Object `json:"myPlugin"` +// } +// +// type PluginA struct { +// AOption string `json:"aOption"` +// } +// +// // External package: +// +// type MyAPIObject struct { +// runtime.TypeMeta `json:",inline"` +// MyPlugin runtime.RawExtension `json:"myPlugin"` +// } +// +// type PluginA struct { +// AOption string `json:"aOption"` +// } +// +// // On the wire, the JSON will look something like this: +// +// { +// "kind":"MyAPIObject", +// "apiVersion":"v1", +// "myPlugin": { +// "kind":"PluginA", +// "aOption":"foo", +// }, +// } +// +// So what happens? Decode first uses json or yaml to unmarshal the serialized data into +// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. +// The next step is to copy (using pkg/conversion) into the internal struct. The runtime +// package's DefaultScheme has conversion functions installed which will unpack the +// JSON stored in RawExtension, turning it into the correct object type, and storing it +// in the Object. (TODO: In the case where the object is of an unknown type, a +// runtime.Unknown object will be created and stored.) +// +// +k8s:deepcopy-gen=true +// +protobuf=true +// +k8s:openapi-gen=true +#RawExtension: _ + +// Unknown allows api objects with unknown types to be passed-through. This can be used +// to deal with the API objects from a plug-in. Unknown objects still have functioning +// TypeMeta features-- kind, version, etc. +// TODO: Make this object have easy access to field based accessors and settors for +// metadata and field mutatation. +// +// +k8s:deepcopy-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +protobuf=true +// +k8s:openapi-gen=true +#Unknown: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue new file mode 100644 index 00000000..8b8ddf89 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +#ProtobufMarshaller: _ + +#ProtobufReverseMarshaller: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue new file mode 100644 index 00000000..bfb4bcda --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue @@ -0,0 +1,6 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +// Package types implements various generic types used throughout kubernetes. +package types diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue new file mode 100644 index 00000000..7cb2745a --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +#NamespacedName: { + Namespace: string + Name: string +} + +#Separator: 47 // '/' diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue new file mode 100644 index 00000000..8b264b80 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue @@ -0,0 +1,31 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +// NodeName is a type that holds a api.Node's Name identifier. +// Being a type captures intent and helps make sure that the node name +// is not confused with similar concepts (the hostname, the cloud provider id, +// the cloud provider name etc) +// +// To clarify the various types: +// +// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. +// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. +// +// - Hostname is the hostname of the local machine (from uname -n). +// However, some components allow the user to pass in a --hostname-override flag, +// which will override this in most places. In the absence of anything more meaningful, +// kubelet will use Hostname as the Node.Name when it creates the Node. +// +// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. +// +// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the +// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up +// to the cloudprovider how to do this mapping. +// +// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the +// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if +// we are using a custom DHCP domain it won't be. +#NodeName: string diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue new file mode 100644 index 00000000..3de5d80f --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue @@ -0,0 +1,21 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +// Similarly to above, these are constants to support HTTP PATCH utilized by +// both the client and server that didn't make sense for a whole package to be +// dedicated to. +#PatchType: string // #enumPatchType + +#enumPatchType: + #JSONPatchType | + #MergePatchType | + #StrategicMergePatchType | + #ApplyPatchType + +#JSONPatchType: #PatchType & "application/json-patch+json" +#MergePatchType: #PatchType & "application/merge-patch+json" +#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" +#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue new file mode 100644 index 00000000..40bdd828 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +// UID is a type that holds unique ID values, including UUIDs. Because we +// don't ONLY use UUIDs, this is an alias to string. Being a type captures +// intent and helps make sure that UIDs and names do not get conflated. +#UID: string diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue new file mode 100644 index 00000000..2c8cc365 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue @@ -0,0 +1,31 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr + +package intstr + +// IntOrString is a type that can hold an int32 or a string. When used in +// JSON or YAML marshalling and unmarshalling, it produces or consumes the +// inner type. This allows you to have, for example, a JSON field that can +// accept a name or number. +// TODO: Rename to Int32OrString +// +// +protobuf=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:openapi-gen=true +#IntOrString: _ + +// Type represents the stored type of IntOrString. +#Type: int64 // #enumType + +#enumType: + #Int | + #String + +#values_Type: { + Int: #Int + String: #String +} + +#Int: #Type & 0 +#String: #Type & 1 diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue new file mode 100644 index 00000000..bc1b9189 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +// Package watch contains a generic watchable interface, and a fake for +// testing code that uses the watch interface. +package watch diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue new file mode 100644 index 00000000..045e8ec8 --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +// Recorder records all events that are sent from the watch until it is closed. +#Recorder: { + Interface: #Interface +} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue new file mode 100644 index 00000000..dcf72d5b --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue @@ -0,0 +1,25 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch +// channel is full. +#FullChannelBehavior: int // #enumFullChannelBehavior + +#enumFullChannelBehavior: + #WaitIfChannelFull | + #DropIfChannelFull + +#values_FullChannelBehavior: { + WaitIfChannelFull: #WaitIfChannelFull + DropIfChannelFull: #DropIfChannelFull +} + +#WaitIfChannelFull: #FullChannelBehavior & 0 +#DropIfChannelFull: #FullChannelBehavior & 1 + +_#incomingQueueLength: 25 + +_#internalRunFunctionMarker: "internal-do-function" diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue new file mode 100644 index 00000000..f0805cfb --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. +#Decoder: _ + +// Reporter hides the details of how an error is turned into a runtime.Object for +// reporting on a watch stream since this package may not import a higher level report. +#Reporter: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue new file mode 100644 index 00000000..0db2e6be --- /dev/null +++ b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue @@ -0,0 +1,48 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +import "k8s.io/apimachinery/pkg/runtime" + +// Interface can be implemented by anything that knows how to watch and report changes. +#Interface: _ + +// EventType defines the possible types of events. +#EventType: string // #enumEventType + +#enumEventType: + #Added | + #Modified | + #Deleted | + #Bookmark | + #Error + +#Added: #EventType & "ADDED" +#Modified: #EventType & "MODIFIED" +#Deleted: #EventType & "DELETED" +#Bookmark: #EventType & "BOOKMARK" +#Error: #EventType & "ERROR" + +// Event represents a single event to a watched resource. +// +k8s:deepcopy-gen=true +#Event: { + Type: #EventType + + // Object is: + // * If Type is Added or Modified: the new state of the object. + // * If Type is Deleted: the state of the object immediately before deletion. + // * If Type is Bookmark: the object (instance of a type being watched) where + // only ResourceVersion field is set. On successful restart of watch from a + // bookmark resourceVersion, client is guaranteed to not get repeat event + // nor miss any events. + // * If Type is Error: *api.Status is recommended; other types may make sense + // depending on context. + Object: runtime.#Object +} + +// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. +#RaceFreeFakeWatcher: { + Stopped: bool +} diff --git a/test/cue.mod/module.cue b/test/cue.mod/module.cue new file mode 100644 index 00000000..1507ea27 --- /dev/null +++ b/test/cue.mod/module.cue @@ -0,0 +1,2 @@ +module: "timoni.sh/test" +language: version: "v0.9.0" diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue new file mode 100644 index 00000000..2c579e99 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue @@ -0,0 +1,26 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +// Action holds the list of annotations for controlling +// Timoni's apply behaviour of Kubernetes resources. +Action: { + // Force annotation for recreating immutable resources such as Kubernetes Jobs. + Force: { + "action.timoni.sh/force": ActionStatus.Enabled + } + // One-off annotation for appling resources only if they don't exist on the cluster. + Oneoff: { + "action.timoni.sh/one-off": ActionStatus.Enabled + } + // Keep annotation for preventing Timoni's garbage collector from deleting resources. + Keep: { + "action.timoni.sh/prune": ActionStatus.Disabled + } +} + +ActionStatus: { + Enabled: "enabled" + Disabled: "disabled" +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue new file mode 100644 index 00000000..1535ea43 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue @@ -0,0 +1,50 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "strings" +) + +// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. +#Image: { + + // Repository is the address of a container registry repository. + // An image repository is made up of slash-separated name components, optionally + // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. + repository!: string + + // Tag identifies an image in the repository. + // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. + // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. + tag!: string & strings.MaxRunes(128) + + // Digest uniquely and immutably identifies an image in the repository. + // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. + digest!: string + + // PullPolicy defines the pull policy for the image. + // By default, it is set to IfNotPresent. + pullPolicy: *"IfNotPresent" | "Always" | "Never" + + // Reference is the image address computed from repository, tag and digest + // in the format [REPOSITORY]:[TAG]@[DIGEST]. + reference: string + + if digest != "" && tag != "" { + reference: "\(repository):\(tag)@\(digest)" + } + + if digest != "" && tag == "" { + reference: "\(repository)@\(digest)" + } + + if digest == "" && tag != "" { + reference: "\(repository):\(tag)" + } + + if digest == "" && tag == "" { + reference: "\(repository):latest" + } +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue new file mode 100644 index 00000000..19f09896 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue @@ -0,0 +1,47 @@ +// Copyright 2024 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "encoding/base64" + "strings" +) + +// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. +// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. +#ImagePullSecret: { + // Metadata is the Kubernetes object's metadata generated by Timoni. + #Meta!: #Metadata + + // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. + #Registry!: string + + // Username is the username used to authenticate to the container registry. + #Username!: string + + // Password is the password used to authenticate to the container registry. + #Password!: string + + // Optional suffix used to generate the Secret name. + #Suffix: *"" | string & strings.MaxRunes(30) + + let auth = base64.Encode(null, #Username+":"+#Password) + + apiVersion: "v1" + kind: "Secret" + type: "kubernetes.io/dockerconfigjson" + metadata: { + name: #Meta.name + #Suffix + namespace: #Meta.namespace + labels: #Meta.labels + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + } + stringData: { + ".dockerconfigjson": """ + {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} + """ + } +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue new file mode 100644 index 00000000..7b31c23e --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue @@ -0,0 +1,49 @@ +// Copyright 2024 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "encoding/json" + "strings" + "uuid" +) + +#ConfigMapKind: "ConfigMap" +#SecretKind: "Secret" + +// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. +// The metadata.name of the generated object is suffixed with the hash of the input data. +#ImmutableConfig: { + // Kind of the generated object. + #Kind: *#ConfigMapKind | #SecretKind + + // Metadata of the generated object. + #Meta: #Metadata + + // Optional suffix appended to the generate name. + #Suffix: *"" | string + + // Data of the generated object. + #Data: {[string]: string} + + let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] + + apiVersion: "v1" + kind: #Kind + metadata: { + name: #Meta.name + #Suffix + "-" + hash + namespace: #Meta.namespace + labels: #Meta.labels + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + } + immutable: true + if kind == #ConfigMapKind { + data: #Data + } + if kind == #SecretKind { + stringData: #Data + } +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue new file mode 100644 index 00000000..ad96b062 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue @@ -0,0 +1,27 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "strings" + +// InstanceName defines the schema for the name of a Timoni instance. +// The instance name is used as a Kubernetes label value and must be 63 characters or less. +#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) + +// InstanceNamespace defines the schema for the namespace of a Timoni instance. +// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. +#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) + +// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. +#InstanceOwnerReference: { + #Name: "instance.timoni.sh/name" + #Namespace: "instance.timoni.sh/namespace" +} + +// InstanceModule defines the schema for the Module of a Timoni instance. +#InstanceModule: { + url: string & =~"^((oci|file)://.*)$" + version: *"latest" | string + digest?: string +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue new file mode 100644 index 00000000..188ff505 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue @@ -0,0 +1,120 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "strings" + +// Annotations defines the schema for Kubernetes object metadata annotations. +#Annotations: {[string & strings.MaxRunes(253)]: string} + +// Labels defines the schema for Kubernetes object metadata labels. +#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} + +#StdLabelName: "app.kubernetes.io/name" +#StdLabelVersion: "app.kubernetes.io/version" +#StdLabelPartOf: "app.kubernetes.io/part-of" +#StdLabelManagedBy: "app.kubernetes.io/managed-by" +#StdLabelComponent: "app.kubernetes.io/component" +#StdLabelInstance: "app.kubernetes.io/instance" + +// Metadata defines the schema for Kubernetes object metadata. +#Metadata: { + // Version should be in the strict semver format. Is required when creating resources. + #Version!: string & strings.MaxRunes(63) + + // Name must be unique within a namespace. Is required when creating resources. + // Name is primarily intended for creation idempotence and configuration definition. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + name!: #InstanceName + + // Namespace defines the space within which each name must be unique. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces + namespace!: #InstanceNamespace + + // Annotations is an unstructured key value map stored with a resource that may be + // set to store and retrieve arbitrary metadata. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + annotations?: #Annotations + + // Map of string keys and values that can be used to organize and categorize (scope and select) objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + labels: #Labels + + // Standard Kubernetes labels: app name, version and managed-by. + labels: { + (#StdLabelName): name + (#StdLabelVersion): #Version + (#StdLabelManagedBy): "timoni" + } + + // LabelSelector selects Pods based on the app.kubernetes.io/name label. + #LabelSelector: #Labels & { + (#StdLabelName): name + } + + // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions + // are met before it fully deletes resources marked for deletion. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ + finalizers?: [...string] +} + +// MetaComponent generates the Kubernetes object metadata for a module namespaced component. +// The metadata.name is composed of the instance name and the component name. +// The metadata.labels contain the app.kubernetes.io/component label. +#MetaComponent: { + // Meta is the Kubernetes object's metadata generated by Timoni. + #Meta!: #Metadata + + // Component is the name of the component used + // as a suffix for the generate object name. + #Component!: string & strings.MaxRunes(30) + + name: #Meta.name + "-" + #Component + namespace: #Meta.namespace + + labels: #Meta.labels + labels: (#StdLabelComponent): #Component + + annotations?: #Annotations + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + + // LabelSelector selects Pods based on the app.kubernetes.io/name + // and app.kubernetes.io/component labels. + #LabelSelector: #Labels & { + (#StdLabelComponent): #Component + (#StdLabelName): #Meta.name + } +} + +// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. +// The metadata.name is composed of the instance name and the component name. +// The metadata.namespace is unset. +// The metadata.labels contain the app.kubernetes.io/component label. +#MetaClusterComponent: { + // Meta is the Kubernetes object's metadata generated by Timoni. + #Meta!: #Metadata + + // Component is the name of the component used + // as a suffix for the generate object name. + #Component!: string & strings.MaxRunes(30) + + name: #Meta.name + "-" + #Component + + labels: #Meta.labels + labels: (#StdLabelComponent): #Component + + annotations?: #Annotations + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + + // LabelSelector selects Pods based on the app.kubernetes.io/name + // and app.kubernetes.io/component labels. + #LabelSelector: #Labels & { + (#StdLabelComponent): #Component + (#StdLabelName): #Meta.name + } +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue new file mode 100644 index 00000000..1dcdb699 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue @@ -0,0 +1,21 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "strings" + +// ObjectReference is a reference to a Kubernetes object. +#ObjectReference: { + // Name of the referent. + name!: string & strings.MaxRunes(256) + + // Namespace of the referent. + namespace?: string & strings.MaxRunes(256) + + // API version of the referent. + apiVersion?: string & strings.MaxRunes(256) + + // Kind of the referent. + kind?: string & strings.MaxRunes(256) +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue new file mode 100644 index 00000000..d3b5573a --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue @@ -0,0 +1,40 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "strconv" + "strings" +) + +// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. +#CPUQuantity: string & =~"^[1-9]\\d*m$" + +// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. +#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" + +// ResourceRequirement defines the schema for the CPU and Memory resource requirements. +#ResourceRequirement: { + cpu?: #CPUQuantity + memory?: #MemoryQuantity +} + +// ResourceRequirements defines the schema for the compute resource requirements of a container. +// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. +#ResourceRequirements: { + // Limits describes the maximum amount of compute resources allowed. + limits?: #ResourceRequirement + + // Requests describes the minimum amount of compute resources required. + // Requests cannot exceed Limits. + requests?: #ResourceRequirement & { + if limits != _|_ { + if limits.cpu != _|_ { + _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) + _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) + #cpu: int & >=_rc & _lc + } + } + } +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue new file mode 100644 index 00000000..9c4f2384 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue @@ -0,0 +1,19 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. +#Selector: { + // Name must be unique within a namespace. Is required when creating resources. + // Name is primarily intended for creation idempotence and configuration definition. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + #Name!: #InstanceName + + // Map of string keys and values that can be used to organize and categorize (scope and select) objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + labels: #Labels + + // Standard Kubernetes label: app name. + labels: (#StdLabelName): #Name +} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue new file mode 100644 index 00000000..ecd1e397 --- /dev/null +++ b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue @@ -0,0 +1,29 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "strconv" + "strings" +) + +// SemVer validates the input version string and extracts the major and minor version numbers. +// When Minimum is set, the major and minor parts must be greater or equal to the minimum +// or a validation error is returned. +#SemVer: { + // Input version string in strict semver format. + #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" + + // Minimum is the minimum allowed MAJOR.MINOR version. + #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" + + let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) + let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) + + major: int & >=minMajor + major: strconv.Atoi(strings.Split(#Version, ".")[0]) + + minor: int & >=minMinor + minor: strconv.Atoi(strings.Split(#Version, ".")[1]) +} diff --git a/test/debug_tool.cue b/test/debug_tool.cue new file mode 100644 index 00000000..cf9c1472 --- /dev/null +++ b/test/debug_tool.cue @@ -0,0 +1,35 @@ +package main + +import ( + "tool/cli" + "encoding/yaml" + "text/tabwriter" +) + +_resources: timoni.apply.app + timoni.apply.test + +// The build command generates the Kubernetes manifests and prints the multi-docs YAML to stdout. +// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. +command: build: { + task: print: cli.Print & { + text: yaml.MarshalStream(_resources) + } +} + +// The ls command prints a table with the Kubernetes resources kind, namespace, name and version. +// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 ls'. +command: ls: { + task: print: cli.Print & { + text: tabwriter.Write([ + "RESOURCE \tAPI VERSION", + for r in _resources { + if r.metadata.namespace == _|_ { + "\(r.kind)/\(r.metadata.name) \t\(r.apiVersion)" + } + if r.metadata.namespace != _|_ { + "\(r.kind)/\(r.metadata.namespace)/\(r.metadata.name) \t\(r.apiVersion)" + } + }, + ]) + } +} diff --git a/test/debug_values.cue b/test/debug_values.cue new file mode 100644 index 00000000..d888c34f --- /dev/null +++ b/test/debug_values.cue @@ -0,0 +1,30 @@ +@if(debug) + +package main + +// Values used by debug_tool.cue. +// Debug example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. +values: { + podAnnotations: "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" + message: "Hello Debug" + image: { + repository: "docker.io/nginx" + tag: "1-alpine" + digest: "" + } + test: { + enabled: true + image: { + repository: "docker.io/curlimages/curl" + tag: "latest" + digest: "" + } + } + affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [{ + matchExpressions: [{ + key: "kubernetes.io/os" + operator: "In" + values: ["linux"] + }] + }] +} diff --git a/test/templates/config.cue b/test/templates/config.cue new file mode 100644 index 00000000..5769b01f --- /dev/null +++ b/test/templates/config.cue @@ -0,0 +1,113 @@ +package templates + +import ( + corev1 "k8s.io/api/core/v1" + timoniv1 "timoni.sh/core/v1alpha1" +) + +// Config defines the schema and defaults for the Instance values. +#Config: { + // The kubeVersion is a required field, set at apply-time + // via timoni.cue by querying the user's Kubernetes API. + kubeVersion!: string + // Using the kubeVersion you can enforce a minimum Kubernetes minor version. + // By default, the minimum Kubernetes version is set to 1.20. + clusterVersion: timoniv1.#SemVer & {#Version: kubeVersion, #Minimum: "1.20.0"} + + // The moduleVersion is set from the user-supplied module version. + // This field is used for the `app.kubernetes.io/version` label. + moduleVersion!: string + + // The Kubernetes metadata common to all resources. + // The `metadata.name` and `metadata.namespace` fields are + // set from the user-supplied instance name and namespace. + metadata: timoniv1.#Metadata & {#Version: moduleVersion} + + // The labels allows adding `metadata.labels` to all resources. + // The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels + // are automatically generated and can't be overwritten. + metadata: labels: timoniv1.#Labels + + // The annotations allows adding `metadata.annotations` to all resources. + metadata: annotations?: timoniv1.#Annotations + + // The selector allows adding label selectors to Deployments and Services. + // The `app.kubernetes.io/name` label selector is automatically generated + // from the instance name and can't be overwritten. + selector: timoniv1.#Selector & {#Name: metadata.name} + + // The image allows setting the container image repository, + // tag, digest and pull policy. + // The default image repository and tag is set in `values.cue`. + image!: timoniv1.#Image + + // The resources allows setting the container resource requirements. + // By default, the container requests 10m CPU and 32Mi memory. + resources: timoniv1.#ResourceRequirements & { + requests: { + cpu: *"10m" | timoniv1.#CPUQuantity + memory: *"32Mi" | timoniv1.#MemoryQuantity + } + } + + // The number of pods replicas. + // By default, the number of replicas is 1. + replicas: *1 | int & >0 + + // The securityContext allows setting the container security context. + // By default, the container is denined privilege escalation. + securityContext: corev1.#SecurityContext & { + allowPrivilegeEscalation: *false | true + privileged: *false | true + capabilities: + { + drop: *["ALL"] | [string] + add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] + } + } + + // The service allows setting the Kubernetes Service annotations and port. + // By default, the HTTP port is 80. + service: { + annotations?: timoniv1.#Annotations + + port: *80 | int & >0 & <=65535 + } + + // Pod optional settings. + podAnnotations?: {[string]: string} + podSecurityContext?: corev1.#PodSecurityContext + imagePullSecrets?: [...timoniv1.#ObjectReference] + tolerations?: [...corev1.#Toleration] + affinity?: corev1.#Affinity + topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint] + + // Test Job disabled by default. + test: { + enabled: *false | bool + image!: timoniv1.#Image + } + + // App settings. + message!: string +} + +// Instance takes the config values and outputs the Kubernetes objects. +#Instance: { + config: #Config + + objects: { + sa: #ServiceAccount & {#config: config} + svc: #Service & {#config: config} + cm: #ConfigMap & {#config: config} + + deploy: #Deployment & { + #config: config + #cmName: objects.cm.metadata.name + } + } + + tests: { + "test-svc": #TestJob & {#config: config} + } +} diff --git a/test/templates/configmap.cue b/test/templates/configmap.cue new file mode 100644 index 00000000..7f591f15 --- /dev/null +++ b/test/templates/configmap.cue @@ -0,0 +1,55 @@ +package templates + +import ( + timoniv1 "timoni.sh/core/v1alpha1" +) + +#ConfigMap: timoniv1.#ImmutableConfig & { + #config: #Config + #Kind: timoniv1.#ConfigMapKind + #Meta: #config.metadata + #Data: { + "nginx.default.conf": """ + server { + listen 8080; + server_name \(#config.metadata.name); + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + location /healthz { + access_log off; + default_type text/plain; + return 200 "OK"; + } + + error_page 404 /404.html; + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + """ + "index.html": """ + + + + + + \(#config.metadata.name) + + + +

\(#config.message) from \(#config.metadata.name)!

+

If you see this page, the \(#config.metadata.name) instance is successfully deployed in the \(#config.metadata.namespace) namespace by Timoni.

+ + + """ + } +} diff --git a/test/templates/deployment.cue b/test/templates/deployment.cue new file mode 100644 index 00000000..e73b35eb --- /dev/null +++ b/test/templates/deployment.cue @@ -0,0 +1,104 @@ +package templates + +import ( + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" +) + +#Deployment: appsv1.#Deployment & { + #config: #Config + #cmName: string + apiVersion: "apps/v1" + kind: "Deployment" + metadata: #config.metadata + spec: appsv1.#DeploymentSpec & { + replicas: #config.replicas + selector: matchLabels: #config.selector.labels + template: { + metadata: { + labels: #config.selector.labels + if #config.podAnnotations != _|_ { + annotations: #config.podAnnotations + } + } + spec: corev1.#PodSpec & { + serviceAccountName: #config.metadata.name + containers: [ + { + name: #config.metadata.name + image: #config.image.reference + imagePullPolicy: #config.image.pullPolicy + ports: [ + { + name: "http" + containerPort: 8080 + protocol: "TCP" + }, + ] + livenessProbe: { + httpGet: { + path: "/healthz" + port: "http" + } + } + readinessProbe: { + httpGet: { + path: "/healthz" + port: "http" + } + } + volumeMounts: [ + { + mountPath: "/etc/nginx/conf.d" + name: "config" + }, + { + mountPath: "/usr/share/nginx/html" + name: "html" + }, + ] + resources: #config.resources + securityContext: #config.securityContext + }, + ] + volumes: [ + { + name: "config" + configMap: { + name: #cmName + items: [{ + key: "nginx.default.conf" + path: key + }] + } + }, + { + name: "html" + configMap: { + name: #cmName + items: [{ + key: "index.html" + path: key + }] + } + }, + ] + if #config.podSecurityContext != _|_ { + securityContext: #config.podSecurityContext + } + if #config.topologySpreadConstraints != _|_ { + topologySpreadConstraints: #config.topologySpreadConstraints + } + if #config.affinity != _|_ { + affinity: #config.affinity + } + if #config.tolerations != _|_ { + tolerations: #config.tolerations + } + if #config.imagePullSecrets != _|_ { + imagePullSecrets: #config.imagePullSecrets + } + } + } + } +} diff --git a/test/templates/job.cue b/test/templates/job.cue new file mode 100644 index 00000000..80b9bdf8 --- /dev/null +++ b/test/templates/job.cue @@ -0,0 +1,58 @@ +package templates + +import ( + "encoding/yaml" + "uuid" + + corev1 "k8s.io/api/core/v1" + batchv1 "k8s.io/api/batch/v1" + timoniv1 "timoni.sh/core/v1alpha1" +) + +#TestJob: batchv1.#Job & { + #config: #Config + apiVersion: "batch/v1" + kind: "Job" + metadata: timoniv1.#MetaComponent & { + #Meta: #config.metadata + #Component: "test" + } + metadata: annotations: timoniv1.Action.Force + spec: batchv1.#JobSpec & { + template: corev1.#PodTemplateSpec & { + let _checksum = uuid.SHA1(uuid.ns.DNS, yaml.Marshal(#config)) + metadata: annotations: "timoni.sh/checksum": "\(_checksum)" + spec: { + containers: [{ + name: "curl" + image: #config.test.image.reference + imagePullPolicy: #config.test.image.pullPolicy + command: [ + "curl", + "-v", + "-m", + "5", + "\(#config.metadata.name):\(#config.service.port)", + ] + }] + restartPolicy: "Never" + if #config.podSecurityContext != _|_ { + securityContext: #config.podSecurityContext + } + if #config.topologySpreadConstraints != _|_ { + topologySpreadConstraints: #config.topologySpreadConstraints + } + if #config.affinity != _|_ { + affinity: #config.affinity + } + if #config.tolerations != _|_ { + tolerations: #config.tolerations + } + if #config.imagePullSecrets != _|_ { + imagePullSecrets: #config.imagePullSecrets + } + } + } + backoffLimit: 1 + } +} diff --git a/test/templates/service.cue b/test/templates/service.cue new file mode 100644 index 00000000..e6dbe5cf --- /dev/null +++ b/test/templates/service.cue @@ -0,0 +1,27 @@ +package templates + +import ( + corev1 "k8s.io/api/core/v1" +) + +#Service: corev1.#Service & { + #config: #Config + apiVersion: "v1" + kind: "Service" + metadata: #config.metadata + if #config.service.annotations != _|_ { + metadata: annotations: #config.service.annotations + } + spec: corev1.#ServiceSpec & { + type: corev1.#ServiceTypeClusterIP + selector: #config.selector.labels + ports: [ + { + port: #config.service.port + protocol: "TCP" + name: "http" + targetPort: name + }, + ] + } +} diff --git a/test/templates/serviceaccount.cue b/test/templates/serviceaccount.cue new file mode 100644 index 00000000..f07f5748 --- /dev/null +++ b/test/templates/serviceaccount.cue @@ -0,0 +1,12 @@ +package templates + +import ( + corev1 "k8s.io/api/core/v1" +) + +#ServiceAccount: corev1.#ServiceAccount & { + #config: #Config + apiVersion: "v1" + kind: "ServiceAccount" + metadata: #config.metadata +} diff --git a/test/timoni.cue b/test/timoni.cue new file mode 100644 index 00000000..7a0f360c --- /dev/null +++ b/test/timoni.cue @@ -0,0 +1,47 @@ +// Code generated by timoni. +// Note that this file is required and should contain +// the values schema and the timoni workflow. + +package main + +import ( + templates "timoni.sh/test/templates" +) + +// Define the schema for the user-supplied values. +// At runtime, Timoni injects the supplied values +// and validates them according to the Config schema. +values: templates.#Config + +// Define how Timoni should build, validate and +// apply the Kubernetes resources. +timoni: { + apiVersion: "v1alpha1" + + // Define the instance that outputs the Kubernetes resources. + // At runtime, Timoni builds the instance and validates + // the resulting resources according to their Kubernetes schema. + instance: templates.#Instance & { + // The user-supplied values are merged with the + // default values at runtime by Timoni. + config: values + // These values are injected at runtime by Timoni. + config: { + metadata: { + name: string @tag(name) + namespace: string @tag(namespace) + } + moduleVersion: string @tag(mv, var=moduleVersion) + kubeVersion: string @tag(kv, var=kubeVersion) + } + } + + // Pass Kubernetes resources outputted by the instance + // to Timoni's multi-step apply. + apply: app: [for obj in instance.objects {obj}] + + // Conditionally run tests after an install or upgrade. + if instance.config.test.enabled { + apply: test: [for obj in instance.tests {obj}] + } +} diff --git a/test/timoni.ignore b/test/timoni.ignore new file mode 100644 index 00000000..0722c348 --- /dev/null +++ b/test/timoni.ignore @@ -0,0 +1,14 @@ +# VCS +.git/ +.gitignore +.gitmodules +.gitattributes + +# Go +vendor/ +go.mod +go.sum + +# CUE +*_tool.cue +debug_values.cue diff --git a/test/values.cue b/test/values.cue new file mode 100644 index 00000000..140dcda8 --- /dev/null +++ b/test/values.cue @@ -0,0 +1,21 @@ +// Code generated by timoni. +// Note that this file must have no imports and all values must be concrete. + +@if(!debug) + +package main + +// Defaults +values: { + message: "Hello World" + image: { + repository: "cgr.dev/chainguard/nginx" + digest: "sha256:3dd8fa303f77d7eb6ce541cb05009a5e8723bd7e3778b95131ab4a2d12fadb8f" + tag: "1.25.3" + } + test: image: { + repository: "cgr.dev/chainguard/curl" + digest: "" + tag: "latest" + } +} From d55ffeb4ce58f9780764c796549a311bf79e683b Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 12:21:32 -0800 Subject: [PATCH 03/17] wip: fixes conditional --- actions/setup/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/setup/action.yml b/actions/setup/action.yml index 04b03f74..8bb2dfe1 100644 --- a/actions/setup/action.yml +++ b/actions/setup/action.yml @@ -185,7 +185,7 @@ runs: BP=$(forge dump .) TIMONI=$(echo "$BP" | jq -r .global.ci.providers.timoni.install) - if [[ "$TIMONI" != "true" ]]; then + if [[ "$TIMONI" == "true" ]]; then INSTALL=1 echo "install=$INSTALL" >> $GITHUB_OUTPUT else From ef3e97e668e9dff0290ee9df7cf091acdc91f87e Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 12:29:18 -0800 Subject: [PATCH 04/17] wip: testing --- .github/workflows/ci.yml | 145 ++++++++++++++-------------- cli/pkg/release/providers/timoni.go | 3 +- 2 files changed, 75 insertions(+), 73 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5947b9c9..aa94053c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -79,67 +79,68 @@ jobs: ${{ env.FORGE_REGEX_RELEASE }} ${{ env.FORGE_REGEX_PUBLISH }} - check: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - needs: [discover] - if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled() - with: - earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$']) }} - forge_version: ${{ inputs.forge_version }} - local: ${{ inputs.local }} - verbosity: ${{ inputs.verbosity }} - secrets: - earthly_token: ${{ secrets.earthly_token }} + # check: + # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release + # needs: [discover] + # if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled() + # with: + # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$']) }} + # forge_version: ${{ inputs.forge_version }} + # local: ${{ inputs.local }} + # verbosity: ${{ inputs.verbosity }} + # secrets: + # earthly_token: ${{ secrets.earthly_token }} - build: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - needs: [discover, check] - if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled() - with: - earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$']) }} - forge_version: ${{ inputs.forge_version }} - local: ${{ inputs.local }} - verbosity: ${{ inputs.verbosity }} - secrets: - earthly_token: ${{ secrets.earthly_token }} + # build: + # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release + # needs: [discover, check] + # if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled() + # with: + # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$']) }} + # forge_version: ${{ inputs.forge_version }} + # local: ${{ inputs.local }} + # verbosity: ${{ inputs.verbosity }} + # secrets: + # earthly_token: ${{ secrets.earthly_token }} - package: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - needs: [discover, check, build] - if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled() - with: - earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$']) }} - forge_version: ${{ inputs.forge_version }} - local: ${{ inputs.local }} - verbosity: ${{ inputs.verbosity }} - secrets: - earthly_token: ${{ secrets.earthly_token }} + # package: + # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release + # needs: [discover, check, build] + # if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled() + # with: + # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$']) }} + # forge_version: ${{ inputs.forge_version }} + # local: ${{ inputs.local }} + # verbosity: ${{ inputs.verbosity }} + # secrets: + # earthly_token: ${{ secrets.earthly_token }} - test: - uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - needs: [discover, check, build, package] - if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled() - with: - earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$']) }} - forge_version: ${{ inputs.forge_version }} - local: ${{ inputs.local }} - verbosity: ${{ inputs.verbosity }} - secrets: - earthly_token: ${{ secrets.earthly_token }} + # test: + # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release + # needs: [discover, check, build, package] + # if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled() + # with: + # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$']) }} + # forge_version: ${{ inputs.forge_version }} + # local: ${{ inputs.local }} + # verbosity: ${{ inputs.verbosity }} + # secrets: + # earthly_token: ${{ secrets.earthly_token }} - docs: - uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@adds-timoni-release - needs: [discover, check, build, test] - if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled() - with: - earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$']) }} - forge_version: ${{ inputs.forge_version }} - secrets: - earthly_token: ${{ secrets.earthly_token }} + # docs: + # uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@adds-timoni-release + # needs: [discover, check, build, test] + # if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled() + # with: + # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$']) }} + # forge_version: ${{ inputs.forge_version }} + # secrets: + # earthly_token: ${{ secrets.earthly_token }} release: uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@adds-timoni-release - needs: [discover, check, build, test] + #needs: [discover, check, build, test] + needs: [discover] if: (fromJson(needs.discover.outputs.releases)[0] != null) && !failure() && !cancelled() with: releases: ${{ needs.discover.outputs.releases }} @@ -149,22 +150,22 @@ jobs: secrets: earthly_token: ${{ secrets.earthly_token }} - deploy: - uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@adds-timoni-release - needs: [discover, check, build, test, release] - if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled() - with: - deployments: ${{ needs.discover.outputs.deployments }} - forge_version: ${{ inputs.forge_version }} - local: ${{ inputs.local }} - verbosity: ${{ inputs.verbosity }} - secrets: - earthly_token: ${{ secrets.earthly_token }} + # deploy: + # uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@adds-timoni-release + # needs: [discover, check, build, test, release] + # if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled() + # with: + # deployments: ${{ needs.discover.outputs.deployments }} + # forge_version: ${{ inputs.forge_version }} + # local: ${{ inputs.local }} + # verbosity: ${{ inputs.verbosity }} + # secrets: + # earthly_token: ${{ secrets.earthly_token }} - final: - needs: [check, build, package, test, release] - if: (!failure() && !cancelled()) - runs-on: ubuntu-latest - steps: - - name: Final - run: echo "All done" \ No newline at end of file + # final: + # needs: [check, build, package, test, release] + # if: (!failure() && !cancelled()) + # runs-on: ubuntu-latest + # steps: + # - name: Final + # run: echo "All done" \ No newline at end of file diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index dcbb511b..38058770 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -61,8 +61,9 @@ func (r *TimoniReleaser) Release() error { fullContainer := fmt.Sprintf("oci://%s/%s:%s", registry, container, tag) r.logger.Info("Publishing module", "module", fullContainer) - _, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", fullContainer) + out, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", fullContainer) if err != nil { + r.logger.Error("Failed to push module", "module", fullContainer, "error", err, "output", out) return fmt.Errorf("failed to push module: %w", err) } } From d81b773366cc977665543ea731fa9216fe3eb040 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 12:31:07 -0800 Subject: [PATCH 05/17] wip: testing --- cli/pkg/release/providers/timoni.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index 38058770..c40f2def 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -63,7 +63,7 @@ func (r *TimoniReleaser) Release() error { r.logger.Info("Publishing module", "module", fullContainer) out, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", fullContainer) if err != nil { - r.logger.Error("Failed to push module", "module", fullContainer, "error", err, "output", out) + r.logger.Error("Failed to push module", "module", fullContainer, "error", err, "output", string(out)) return fmt.Errorf("failed to push module: %w", err) } } From 30da6967326a39ede2aa295a53da7cedfa0b858b Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 12:34:09 -0800 Subject: [PATCH 06/17] wip: testing --- cli/pkg/release/providers/timoni.go | 3 ++- test/blueprint.cue | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index c40f2def..5e780264 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -3,6 +3,7 @@ package providers import ( "fmt" "log/slog" + "strings" "github.com/input-output-hk/catalyst-forge/cli/pkg/events" "github.com/input-output-hk/catalyst-forge/cli/pkg/executor" @@ -50,7 +51,7 @@ func (r *TimoniReleaser) Release() error { var tag string if r.project.Tag != nil { - tag = r.project.Tag.Version + tag = strings.TrimPrefix(r.project.Tag.Version, "v") } else if r.config.Tag != "" { tag = r.config.Tag } else { diff --git a/test/blueprint.cue b/test/blueprint.cue index 7d65a2a4..2eaf9a13 100644 --- a/test/blueprint.cue +++ b/test/blueprint.cue @@ -6,7 +6,7 @@ project: { on: always: {} config: { container: "timoni-test" - tag: "v1.0.0" + tag: "1.0.0" } } } From c57c63c7752c67516b84416edd011239f567da9a Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 13:02:47 -0800 Subject: [PATCH 07/17] wip: testing --- cli/pkg/release/providers/timoni.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index 5e780264..cd4ac5e8 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -60,9 +60,13 @@ func (r *TimoniReleaser) Release() error { for _, registry := range registries { fullContainer := fmt.Sprintf("oci://%s/%s:%s", registry, container, tag) + path, err := r.project.GetRelativePath() + if err != nil { + return fmt.Errorf("failed to get relative path: %w", err) + } - r.logger.Info("Publishing module", "module", fullContainer) - out, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", fullContainer) + r.logger.Info("Publishing module", "path", path, "module", fullContainer) + out, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", path, fullContainer) if err != nil { r.logger.Error("Failed to push module", "module", fullContainer, "error", err, "output", string(out)) return fmt.Errorf("failed to push module: %w", err) From a87881c14851ee759c592af8bcf07bd6787b446b Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 13:08:02 -0800 Subject: [PATCH 08/17] wip: testing --- cli/pkg/release/providers/timoni.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index cd4ac5e8..1cbc8ff4 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -59,7 +59,7 @@ func (r *TimoniReleaser) Release() error { } for _, registry := range registries { - fullContainer := fmt.Sprintf("oci://%s/%s:%s", registry, container, tag) + fullContainer := fmt.Sprintf("oci://%s/%s", registry, container) path, err := r.project.GetRelativePath() if err != nil { return fmt.Errorf("failed to get relative path: %w", err) From 98311f2ecbbef42987cf6ab7f518e566b92ae526 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 13:11:53 -0800 Subject: [PATCH 09/17] wip: testing --- cli/pkg/release/providers/timoni.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index 1cbc8ff4..500abfd7 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -65,7 +65,7 @@ func (r *TimoniReleaser) Release() error { return fmt.Errorf("failed to get relative path: %w", err) } - r.logger.Info("Publishing module", "path", path, "module", fullContainer) + r.logger.Info("Publishing module", "path", path, "container", fullContainer, "tag", tag) out, err := r.timoni.Execute("mod", "push", "--version", tag, "--latest=false", path, fullContainer) if err != nil { r.logger.Error("Failed to push module", "module", fullContainer, "error", err, "output", string(out)) From c3809babeb229e0b2701f200d158b0cad592a266 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 13:19:42 -0800 Subject: [PATCH 10/17] wip: allow specifying version --- actions/setup/action.yml | 4 +++- lib/project/schema/_embed/schema.cue | 12 +++++++++--- lib/project/schema/providers.go | 4 ++++ lib/project/schema/providers_go_gen.cue | 4 ++++ lib/project/schema/schema_overrides.cue | 4 ++++ 5 files changed, 24 insertions(+), 4 deletions(-) diff --git a/actions/setup/action.yml b/actions/setup/action.yml index 8bb2dfe1..c07259fe 100644 --- a/actions/setup/action.yml +++ b/actions/setup/action.yml @@ -187,7 +187,9 @@ runs: TIMONI=$(echo "$BP" | jq -r .global.ci.providers.timoni.install) if [[ "$TIMONI" == "true" ]]; then INSTALL=1 + VERSION=$(echo "$BP" | jq -r .global.ci.providers.timoni.version) echo "install=$INSTALL" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> $GITHUB_OUTPUT else echo "Not installing Timoni CLI" fi @@ -195,4 +197,4 @@ runs: uses: stefanprodan/timoni/actions/setup@main if: steps.timoni.outputs.install && steps.timoni.conclusion == 'success' with: - version: latest \ No newline at end of file + version: ${{ steps.timoni.outputs.version }} \ No newline at end of file diff --git a/lib/project/schema/_embed/schema.cue b/lib/project/schema/_embed/schema.cue index ea904e6a..5f1b18d0 100644 --- a/lib/project/schema/_embed/schema.cue +++ b/lib/project/schema/_embed/schema.cue @@ -247,6 +247,9 @@ version: "1.0" // +optional target?: string @go(Target) } +#Tagging: { + strategy: "commit" +} #GlobalRepo: { // Name contains the name of the repository (e.g. "owner/repo-name"). name: string @go(Name) @@ -287,6 +290,12 @@ version: "1.0" // Registries contains the registries to use for publishing Timoni modules registries: [...string] @go(Registries,[]string) + + // The version of Timoni to use in CI. + // +optional + version: (_ | *"latest") & { + string + } @go(Version) } // Secret contains the secret provider and a list of mappings @@ -313,6 +322,3 @@ version: "1.0" // Provider contains the provider to use for the secret. provider: string @go(Provider) } -#Tagging: { - strategy: "commit" -} diff --git a/lib/project/schema/providers.go b/lib/project/schema/providers.go index c70207b9..8d721742 100644 --- a/lib/project/schema/providers.go +++ b/lib/project/schema/providers.go @@ -90,4 +90,8 @@ type TimoniProvider struct { // Registries contains the registries to use for publishing Timoni modules Registries []string `json:"registries"` + + // The version of Timoni to use in CI. + // +optional + Version string `json:"version"` } diff --git a/lib/project/schema/providers_go_gen.cue b/lib/project/schema/providers_go_gen.cue index fa2208d0..35e2ea5f 100644 --- a/lib/project/schema/providers_go_gen.cue +++ b/lib/project/schema/providers_go_gen.cue @@ -94,4 +94,8 @@ package schema // Registries contains the registries to use for publishing Timoni modules registries: [...string] @go(Registries,[]string) + + // The version of Timoni to use in CI. + // +optional + version?: string @go(Version) } diff --git a/lib/project/schema/schema_overrides.cue b/lib/project/schema/schema_overrides.cue index 595961e4..5c88ff87 100644 --- a/lib/project/schema/schema_overrides.cue +++ b/lib/project/schema/schema_overrides.cue @@ -20,3 +20,7 @@ package schema #Tagging: { strategy: _ & "commit" } + +#TimoniProvider: { + version: _ | *"latest" +} From ee846f4b17de46ee76770367736dd966591f361b Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 13:25:30 -0800 Subject: [PATCH 11/17] wip: testing --- blueprint.cue | 11 +++++------ lib/project/schema/_embed/schema.cue | 3 ++- lib/project/schema/providers.go | 1 + lib/project/schema/providers_go_gen.cue | 1 + lib/project/schema/schema_overrides.cue | 1 + 5 files changed, 10 insertions(+), 7 deletions(-) diff --git a/blueprint.cue b/blueprint.cue index da98ebaf..a643c2c2 100644 --- a/blueprint.cue +++ b/blueprint.cue @@ -44,12 +44,11 @@ global: { } registry: "ghcr.io" } - timoni: { - install: true - registries: [ - aws.registry, - ] - } + // timoni: { + // registries: [ + // aws.registry, + // ] + // } } secrets: [ { diff --git a/lib/project/schema/_embed/schema.cue b/lib/project/schema/_embed/schema.cue index 5f1b18d0..953ade58 100644 --- a/lib/project/schema/_embed/schema.cue +++ b/lib/project/schema/_embed/schema.cue @@ -286,7 +286,8 @@ version: "1.0" // TimoniProvider contains the configuration for the Timoni provider. #TimoniProvider: { // Install contains whether to install Timoni in the CI environment. - install?: null | bool @go(Install,*bool) + // +optional + install: (null | bool) & (_ | *true) @go(Install,*bool) // Registries contains the registries to use for publishing Timoni modules registries: [...string] @go(Registries,[]string) diff --git a/lib/project/schema/providers.go b/lib/project/schema/providers.go index 8d721742..b5db8556 100644 --- a/lib/project/schema/providers.go +++ b/lib/project/schema/providers.go @@ -86,6 +86,7 @@ type ProviderGithub struct { // TimoniProvider contains the configuration for the Timoni provider. type TimoniProvider struct { // Install contains whether to install Timoni in the CI environment. + // +optional Install *bool `json:"install"` // Registries contains the registries to use for publishing Timoni modules diff --git a/lib/project/schema/providers_go_gen.cue b/lib/project/schema/providers_go_gen.cue index 35e2ea5f..28a9400a 100644 --- a/lib/project/schema/providers_go_gen.cue +++ b/lib/project/schema/providers_go_gen.cue @@ -90,6 +90,7 @@ package schema // TimoniProvider contains the configuration for the Timoni provider. #TimoniProvider: { // Install contains whether to install Timoni in the CI environment. + // +optional install?: null | bool @go(Install,*bool) // Registries contains the registries to use for publishing Timoni modules diff --git a/lib/project/schema/schema_overrides.cue b/lib/project/schema/schema_overrides.cue index 5c88ff87..4b2f878d 100644 --- a/lib/project/schema/schema_overrides.cue +++ b/lib/project/schema/schema_overrides.cue @@ -22,5 +22,6 @@ package schema } #TimoniProvider: { + install: _ | *true version: _ | *"latest" } From 3302e86844657fbad81b1aba1f1c473cd4a59aa1 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 13:28:38 -0800 Subject: [PATCH 12/17] wip: testing --- blueprint.cue | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/blueprint.cue b/blueprint.cue index a643c2c2..a51439d2 100644 --- a/blueprint.cue +++ b/blueprint.cue @@ -44,11 +44,11 @@ global: { } registry: "ghcr.io" } - // timoni: { - // registries: [ - // aws.registry, - // ] - // } + timoni: { + registries: [ + aws.registry, + ] + } } secrets: [ { From bd469c76b2e214bc5e354804dd1b705a8f61a42a Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 14:04:55 -0800 Subject: [PATCH 13/17] wip: adds tests --- cli/pkg/release/providers/timoni_test.go | 110 +++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 cli/pkg/release/providers/timoni_test.go diff --git a/cli/pkg/release/providers/timoni_test.go b/cli/pkg/release/providers/timoni_test.go new file mode 100644 index 00000000..9766c273 --- /dev/null +++ b/cli/pkg/release/providers/timoni_test.go @@ -0,0 +1,110 @@ +package providers + +import ( + "testing" + + "github.com/input-output-hk/catalyst-forge/lib/project/project" + "github.com/input-output-hk/catalyst-forge/lib/project/schema" + "github.com/input-output-hk/catalyst-forge/lib/tools/testutils" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestTimoniReleaserRelease(t *testing.T) { + newProject := func( + name string, + registries []string, + ) project.Project { + return project.Project{ + Name: name, + Blueprint: schema.Blueprint{ + Global: schema.Global{ + CI: schema.GlobalCI{ + Providers: schema.Providers{ + Timoni: schema.TimoniProvider{ + Registries: registries, + }, + }, + }, + }, + }, + } + } + + tests := []struct { + name string + project project.Project + release schema.Release + config TimoniReleaserConfig + firing bool + force bool + failOn string + validate func(t *testing.T, calls []string, err error) + }{ + { + name: "full", + project: newProject("test", []string{"test.com"}), + release: schema.Release{}, + config: TimoniReleaserConfig{ + Container: "test", + Tag: "test", + }, + firing: true, + force: false, + failOn: "", + validate: func(t *testing.T, calls []string, err error) { + require.NoError(t, err) + assert.Contains(t, calls, "mod push --version test --latest=false . oci://test.com/test") + }, + }, + { + name: "no container", + project: newProject("test", []string{"test.com"}), + release: schema.Release{}, + config: TimoniReleaserConfig{ + Tag: "test", + }, + firing: true, + force: false, + failOn: "", + validate: func(t *testing.T, calls []string, err error) { + require.NoError(t, err) + assert.Contains(t, calls, "mod push --version test --latest=false . oci://test.com/test-deployment") + }, + }, + { + name: "push fails", + project: newProject("test", []string{"test.com"}), + release: schema.Release{}, + config: TimoniReleaserConfig{ + Container: "test", + Tag: "test", + }, + firing: true, + force: false, + failOn: "mod push", + validate: func(t *testing.T, calls []string, err error) { + require.Error(t, err) + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + var calls []string + timoni := TimoniReleaser{ + config: tt.config, + force: tt.force, + handler: newReleaseEventHandlerMock(tt.firing), + logger: testutils.NewNoopLogger(), + project: tt.project, + release: tt.release, + timoni: newWrappedExecuterMock(&calls, tt.failOn), + } + + err := timoni.Release() + + tt.validate(t, calls, err) + }) + } +} From 5d313a248ea47519c50d0faa2bea6e96ea0d8379 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 14:31:50 -0800 Subject: [PATCH 14/17] wip: cleanup --- cli/pkg/release/providers/timoni.go | 11 +++------- cli/pkg/release/providers/timoni_test.go | 27 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/cli/pkg/release/providers/timoni.go b/cli/pkg/release/providers/timoni.go index 500abfd7..c910bc4a 100644 --- a/cli/pkg/release/providers/timoni.go +++ b/cli/pkg/release/providers/timoni.go @@ -3,7 +3,6 @@ package providers import ( "fmt" "log/slog" - "strings" "github.com/input-output-hk/catalyst-forge/cli/pkg/events" "github.com/input-output-hk/catalyst-forge/cli/pkg/executor" @@ -49,13 +48,9 @@ func (r *TimoniReleaser) Release() error { container = fmt.Sprintf("%s-%s", r.project.Name, "deployment") } - var tag string - if r.project.Tag != nil { - tag = strings.TrimPrefix(r.project.Tag.Version, "v") - } else if r.config.Tag != "" { - tag = r.config.Tag - } else { - return fmt.Errorf("no tag found") + tag := r.config.Tag + if tag == "" { + return fmt.Errorf("no tag specified") } for _, registry := range registries { diff --git a/cli/pkg/release/providers/timoni_test.go b/cli/pkg/release/providers/timoni_test.go index 9766c273..2060158e 100644 --- a/cli/pkg/release/providers/timoni_test.go +++ b/cli/pkg/release/providers/timoni_test.go @@ -72,6 +72,33 @@ func TestTimoniReleaserRelease(t *testing.T) { assert.Contains(t, calls, "mod push --version test --latest=false . oci://test.com/test-deployment") }, }, + { + name: "not firing", + project: newProject("test", []string{"test.com"}), + firing: false, + force: false, + failOn: "", + validate: func(t *testing.T, calls []string, err error) { + require.NoError(t, err) + assert.Len(t, calls, 0) + }, + }, + { + name: "forced", + project: newProject("test", []string{"test.com"}), + release: schema.Release{}, + config: TimoniReleaserConfig{ + Container: "test", + Tag: "test", + }, + firing: false, + force: true, + failOn: "", + validate: func(t *testing.T, calls []string, err error) { + require.NoError(t, err) + assert.Contains(t, calls, "mod push --version test --latest=false . oci://test.com/test") + }, + }, { name: "push fails", project: newProject("test", []string{"test.com"}), From 1719de05f3c7c586b94f80f413e74ab04715ff03 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 14:36:05 -0800 Subject: [PATCH 15/17] wip: cleanup --- test/README.md | 85 - test/blueprint.cue | 13 - .../api/admission/v1/register_go_gen.cue | 7 - .../k8s.io/api/admission/v1/types_go_gen.cue | 172 - .../admissionregistration/v1/doc_go_gen.cue | 9 - .../v1/register_go_gen.cue | 7 - .../admissionregistration/v1/types_go_gen.cue | 645 -- .../k8s.io/api/apps/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 -- .../api/authentication/v1/register_go_gen.cue | 7 - .../api/authentication/v1/types_go_gen.cue | 206 - .../api/authorization/v1/register_go_gen.cue | 7 - .../api/authorization/v1/types_go_gen.cue | 262 - .../api/autoscaling/v1/register_go_gen.cue | 7 - .../api/autoscaling/v1/types_go_gen.cue | 542 -- .../api/autoscaling/v2/register_go_gen.cue | 7 - .../api/autoscaling/v2/types_go_gen.cue | 597 -- .../k8s.io/api/batch/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/batch/v1/types_go_gen.cue | 693 -- .../api/certificates/v1/register_go_gen.cue | 7 - .../api/certificates/v1/types_go_gen.cue | 318 - .../api/coordination/v1/register_go_gen.cue | 7 - .../api/coordination/v1/types_go_gen.cue | 61 - .../v1/annotation_key_constants_go_gen.cue | 147 - .../gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 - .../k8s.io/api/core/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 ----------------- .../api/core/v1/well_known_labels_go_gen.cue | 59 - .../api/core/v1/well_known_taints_go_gen.cue | 38 - .../api/discovery/v1/register_go_gen.cue | 7 - .../k8s.io/api/discovery/v1/types_go_gen.cue | 206 - .../discovery/v1/well_known_labels_go_gen.cue | 20 - .../k8s.io/api/events/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/events/v1/types_go_gen.cue | 111 - .../api/networking/v1/register_go_gen.cue | 7 - .../k8s.io/api/networking/v1/types_go_gen.cue | 588 -- .../v1/well_known_annotations_go_gen.cue | 11 - .../k8s.io/api/node/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/node/v1/types_go_gen.cue | 90 - .../gen/k8s.io/api/policy/v1/doc_go_gen.cue | 8 - .../k8s.io/api/policy/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/policy/v1/types_go_gen.cue | 204 - .../k8s.io/api/rbac/v1/register_go_gen.cue | 7 - .../gen/k8s.io/api/rbac/v1/types_go_gen.cue | 207 - .../api/scheduling/v1/register_go_gen.cue | 7 - .../k8s.io/api/scheduling/v1/types_go_gen.cue | 57 - .../k8s.io/api/storage/v1/register_go_gen.cue | 7 - .../k8s.io/api/storage/v1/types_go_gen.cue | 652 -- .../pkg/apis/apiextensions/v1/doc_go_gen.cue | 6 - .../apis/apiextensions/v1/register_go_gen.cue | 7 - .../apis/apiextensions/v1/types_go_gen.cue | 513 -- .../v1/types_jsonschema_go_gen.cue | 317 - .../pkg/api/resource/amount_go_gen.cue | 47 - .../pkg/api/resource/math_go_gen.cue | 13 - .../pkg/api/resource/quantity_go_gen.cue | 107 - .../pkg/api/resource/suffix_go_gen.cue | 10 - .../pkg/apis/meta/v1/duration_go_gen.cue | 10 - .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 - .../pkg/apis/meta/v1/meta_go_gen.cue | 33 - .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 - .../pkg/apis/meta/v1/register_go_gen.cue | 9 - .../pkg/apis/meta/v1/time_go_gen.cue | 14 - .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 - .../pkg/apis/meta/v1/types_go_gen.cue | 1561 ---- .../pkg/apis/meta/v1/watch_go_gen.cue | 30 - .../pkg/runtime/allocator_go_gen.cue | 10 - .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 - .../pkg/runtime/conversion_go_gen.cue | 7 - .../pkg/runtime/converter_go_gen.cue | 9 - .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 - .../pkg/runtime/embedded_go_gen.cue | 7 - .../pkg/runtime/helper_go_gen.cue | 23 - .../pkg/runtime/interfaces_go_gen.cue | 165 - .../pkg/runtime/negotiate_go_gen.cue | 12 - .../pkg/runtime/splice_go_gen.cue | 12 - .../runtime/swagger_doc_generator_go_gen.cue | 14 - .../apimachinery/pkg/runtime/types_go_gen.cue | 97 - .../pkg/runtime/types_proto_go_gen.cue | 9 - .../apimachinery/pkg/types/doc_go_gen.cue | 6 - .../pkg/types/namespacedname_go_gen.cue | 12 - .../pkg/types/nodename_go_gen.cue | 31 - .../apimachinery/pkg/types/patch_go_gen.cue | 21 - .../apimachinery/pkg/types/uid_go_gen.cue | 10 - .../pkg/util/intstr/intstr_go_gen.cue | 31 - .../apimachinery/pkg/watch/doc_go_gen.cue | 7 - .../apimachinery/pkg/watch/filter_go_gen.cue | 10 - .../apimachinery/pkg/watch/mux_go_gen.cue | 25 - .../pkg/watch/streamwatcher_go_gen.cue | 12 - .../apimachinery/pkg/watch/watch_go_gen.cue | 48 - test/cue.mod/module.cue | 2 - .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 - .../pkg/timoni.sh/core/v1alpha1/image.cue | 50 - .../core/v1alpha1/imagepullsecret.cue | 47 - .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 - .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 - .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 120 - .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 - .../timoni.sh/core/v1alpha1/requirements.cue | 40 - .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 - .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 - test/debug_tool.cue | 35 - test/debug_values.cue | 30 - test/templates/config.cue | 113 - test/templates/configmap.cue | 55 - test/templates/deployment.cue | 104 - test/templates/job.cue | 58 - test/templates/service.cue | 27 - test/templates/serviceaccount.cue | 12 - test/timoni.cue | 47 - test/timoni.ignore | 14 - test/values.cue | 21 - 111 files changed, 19063 deletions(-) delete mode 100644 test/README.md delete mode 100644 test/blueprint.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue delete mode 100644 test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue delete mode 100644 test/cue.mod/module.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue delete mode 100644 test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue delete mode 100644 test/debug_tool.cue delete mode 100644 test/debug_values.cue delete mode 100644 test/templates/config.cue delete mode 100644 test/templates/configmap.cue delete mode 100644 test/templates/deployment.cue delete mode 100644 test/templates/job.cue delete mode 100644 test/templates/service.cue delete mode 100644 test/templates/serviceaccount.cue delete mode 100644 test/timoni.cue delete mode 100644 test/timoni.ignore delete mode 100644 test/values.cue diff --git a/test/README.md b/test/README.md deleted file mode 100644 index dfa037b3..00000000 --- a/test/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# test - -A [timoni.sh](http://timoni.sh) module for deploying test to Kubernetes clusters. - -## Install - -To create an instance using the default values: - -```shell -timoni -n default apply test oci:// -``` - -To change the [default configuration](#configuration), -create one or more `values.cue` files and apply them to the instance. - -For example, create a file `my-values.cue` with the following content: - -```cue -values: { - resources: requests: { - cpu: "100m" - memory: "128Mi" - } -} -``` - -And apply the values with: - -```shell -timoni -n default apply test oci:// \ ---values ./my-values.cue -``` - -## Uninstall - -To uninstall an instance and delete all its Kubernetes resources: - -```shell -timoni -n default delete test -``` - -## Configuration - -### General values - -| Key | Type | Default | Description | -|------------------------------|-----------------------------------------|----------------------------|----------------------------------------------------------------------------------------------------------------------------------------------| -| `image: tag:` | `string` | `` | Container image tag | -| `image: digest:` | `string` | `` | Container image digest, takes precedence over `tag` when specified | -| `image: repository:` | `string` | `cgr.dev/chainguard/nginx` | Container image repository | -| `image: pullPolicy:` | `string` | `IfNotPresent` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | -| `metadata: labels:` | `{[ string]: string}` | `{}` | Common labels for all resources | -| `metadata: annotations:` | `{[ string]: string}` | `{}` | Common annotations for all resources | -| `podAnnotations:` | `{[ string]: string}` | `{}` | Annotations applied to pods | -| `imagePullSecrets:` | `[...timoniv1.ObjectReference]` | `[]` | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) | -| `tolerations:` | `[ ...corev1.#Toleration]` | `[]` | [Kubernetes toleration](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration) | -| `affinity:` | `corev1.#Affinity` | `{}` | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | -| `resources:` | `timoniv1.#ResourceRequirements` | `{}` | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | -| `topologySpreadConstraints:` | `[...corev1.#TopologySpreadConstraint]` | `[]` | [Kubernetes pod topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints) | -| `podSecurityContext:` | `corev1.#PodSecurityContext` | `{}` | [Kubernetes pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | -| `securityContext:` | `corev1.#SecurityContext` | `{}` | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | -| `service: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to the Kubernetes Service | -| `service: port:` | `int` | `80` | Kubernetes Service HTTP port | -| `test: enabled:` | `bool` | `false` | Run end-to-end tests at install and upgrades | - -#### Recommended values - -Comply with the restricted [Kubernetes pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/): - -```cue -values: { - podSecurityContext: { - runAsUser: 65532 - runAsGroup: 65532 - fsGroup: 65532 - } - securityContext: { - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - runAsNonRoot: true - capabilities: drop: ["ALL"] - seccompProfile: type: "RuntimeDefault" - } -} -``` diff --git a/test/blueprint.cue b/test/blueprint.cue deleted file mode 100644 index 2eaf9a13..00000000 --- a/test/blueprint.cue +++ /dev/null @@ -1,13 +0,0 @@ -version: "1.0" -project: { - name: "timoni-test" - release: { - timoni: { - on: always: {} - config: { - container: "timoni-test" - tag: "1.0.0" - } - } - } -} diff --git a/test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue deleted file mode 100644 index 597f5b0e..00000000 --- a/test/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admission/v1 - -package v1 - -#GroupName: "admission.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue deleted file mode 100644 index af26bd06..00000000 --- a/test/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue +++ /dev/null @@ -1,172 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admission/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - authenticationv1 "k8s.io/api/authentication/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// AdmissionReview describes an admission review request/response. -#AdmissionReview: { - metav1.#TypeMeta - - // Request describes the attributes for the admission request. - // +optional - request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt) - - // Response describes the attributes for the admission response. - // +optional - response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt) -} - -// AdmissionRequest describes the admission.Attributes for the admission request. -#AdmissionRequest: { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - uid: types.#UID @go(UID) @protobuf(1,bytes,opt) - - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt) - - // Resource is the fully-qualified resource being requested (for example, v1.pods) - resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt) - - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - subResource?: string @go(SubResource) @protobuf(4,bytes,opt) - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt) - - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt) - - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt) - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - name?: string @go(Name) @protobuf(5,bytes,opt) - - // Namespace is the namespace associated with the request (if any). - // +optional - namespace?: string @go(Namespace) @protobuf(6,bytes,opt) - - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - operation: #Operation @go(Operation) @protobuf(7,bytes,opt) - - // UserInfo is information about the requesting user - userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt) - - // Object is the object from the incoming request. - // +optional - object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt) - - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt) - - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt) - - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt) -} - -// AdmissionResponse describes an admission response. -#AdmissionResponse: { - // UID is an identifier for the individual request/response. - // This must be copied over from the corresponding AdmissionRequest. - uid: types.#UID @go(UID) @protobuf(1,bytes,opt) - - // Allowed indicates whether or not the admission request was permitted. - allowed: bool @go(Allowed) @protobuf(2,varint,opt) - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt) - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt) - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt) - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt) - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep) -} - -// PatchType is the type of patch being used to represent the mutated object -#PatchType: string // #enumPatchType - -#enumPatchType: - #PatchTypeJSONPatch - -#PatchTypeJSONPatch: #PatchType & "JSONPatch" - -// Operation is the type of resource operation being checked for admission control -#Operation: string // #enumOperation - -#enumOperation: - #Create | - #Update | - #Delete | - #Connect - -#Create: #Operation & "CREATE" -#Update: #Operation & "UPDATE" -#Delete: #Operation & "DELETE" -#Connect: #Operation & "CONNECT" diff --git a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue deleted file mode 100644 index 5d30100e..00000000 --- a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -// Package v1 is the v1 version of the API. -// AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration -// MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the -// new dynamic admission controller configuration. -package v1 diff --git a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue deleted file mode 100644 index 93348e91..00000000 --- a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -package v1 - -#GroupName: "admissionregistration.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue deleted file mode 100644 index 7038db05..00000000 --- a/test/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue +++ /dev/null @@ -1,645 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/admissionregistration/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended -// to make sure that all the tuple expansions are valid. -#Rule: { - // APIGroups is the API groups the resources belong to. '*' is all groups. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep) - - // APIVersions is the API versions the resources belong to. '*' is all versions. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. - // - // For example: - // 'pods' means pods. - // 'pods/log' means the log subresource of pods. - // '*' means all resources, but not subresources. - // 'pods/*' means all subresources of pods. - // '*/scale' means all scale subresources. - // '*/*' means all resources and their subresources. - // - // If wildcard is present, the validation rule will ensure resources do not - // overlap with each other. - // - // Depending on the enclosing object, subresources might not be allowed. - // Required. - // +listType=atomic - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // scope specifies the scope of this rule. - // Valid values are "Cluster", "Namespaced", and "*" - // "Cluster" means that only cluster-scoped resources will match this rule. - // Namespace API objects are cluster-scoped. - // "Namespaced" means that only namespaced resources will match this rule. - // "*" means that there are no scope restrictions. - // Subresources match the scope of their parent resource. - // Default is "*". - // - // +optional - scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep) -} - -// ScopeType specifies a scope for a Rule. -// +enum -#ScopeType: string // #enumScopeType - -#enumScopeType: - #ClusterScope | - #NamespacedScope | - #AllScopes - -// ClusterScope means that scope is limited to cluster-scoped objects. -// Namespace objects are cluster-scoped. -#ClusterScope: #ScopeType & "Cluster" - -// NamespacedScope means that scope is limited to namespaced objects. -#NamespacedScope: #ScopeType & "Namespaced" - -// AllScopes means that all scopes are included. -#AllScopes: #ScopeType & "*" - -// FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled. -// +enum -#FailurePolicyType: string // #enumFailurePolicyType - -#enumFailurePolicyType: - #Ignore | - #Fail - -// Ignore means that an error calling the webhook is ignored. -#Ignore: #FailurePolicyType & "Ignore" - -// Fail means that an error calling the webhook causes the admission to fail. -#Fail: #FailurePolicyType & "Fail" - -// MatchPolicyType specifies the type of match policy. -// +enum -#MatchPolicyType: string // #enumMatchPolicyType - -#enumMatchPolicyType: - #Exact | - #Equivalent - -// Exact means requests should only be sent to the webhook if they exactly match a given rule. -#Exact: #MatchPolicyType & "Exact" - -// Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version. -#Equivalent: #MatchPolicyType & "Equivalent" - -// SideEffectClass specifies the types of side effects a webhook may have. -// +enum -#SideEffectClass: string // #enumSideEffectClass - -#enumSideEffectClass: - #SideEffectClassUnknown | - #SideEffectClassNone | - #SideEffectClassSome | - #SideEffectClassNoneOnDryRun - -// SideEffectClassUnknown means that no information is known about the side effects of calling the webhook. -// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. -#SideEffectClassUnknown: #SideEffectClass & "Unknown" - -// SideEffectClassNone means that calling the webhook will have no side effects. -#SideEffectClassNone: #SideEffectClass & "None" - -// SideEffectClassSome means that calling the webhook will possibly have side effects. -// If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail. -#SideEffectClassSome: #SideEffectClass & "Some" - -// SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the -// request being reviewed has the dry-run attribute, the side effects will be suppressed. -#SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun" - -// ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it. -#ValidatingWebhookConfiguration: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) -} - -// ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration. -#ValidatingWebhookConfigurationList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ValidatingWebhookConfiguration. - items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep) -} - -// MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object. -#MutatingWebhookConfiguration: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Webhooks is a list of webhooks and the affected resources and operations. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks) -} - -// MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration. -#MutatingWebhookConfigurationList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of MutatingWebhookConfiguration. - items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep) -} - -// ValidatingWebhook describes an admission webhook and the resources and operations it applies to. -#ValidatingWebhook: { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // ClientConfig defines how to communicate with the hook. - // Required - clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks - // from putting the cluster in a state which cannot be recovered from without completely - // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called - // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. - rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Fail. - // +optional - failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // Defaults to "Equivalent" - // +optional - matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt) - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. - sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // Default to 10 seconds. - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If a persisted webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail - // and be subject to the failure policy. - admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) - - // MatchConditions is a list of conditions that must be met for a request to be sent to this - // webhook. Match conditions filter requests that have already been matched by the rules, - // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. - // There are a maximum of 64 match conditions allowed. - // - // The exact matching logic is (in order): - // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. - // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. - // 3. If any matchCondition evaluates to an error (but none are FALSE): - // - If failurePolicy=Fail, reject the request - // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - // - // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=AdmissionWebhookMatchConditions - // +optional - matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(11,bytes,opt) -} - -// MutatingWebhook describes an admission webhook and the resources and operations it applies to. -#MutatingWebhook: { - // The name of the admission webhook. - // Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where - // "imagepolicy" is the name of the webhook, and kubernetes.io is the name - // of the organization. - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // ClientConfig defines how to communicate with the hook. - // Required - clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt) - - // Rules describes what operations on what resources/subresources the webhook cares about. - // The webhook cares about an operation if it matches _any_ Rule. - // However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks - // from putting the cluster in a state which cannot be recovered from without completely - // disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called - // on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects. - rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep) - - // FailurePolicy defines how unrecognized errors from the admission endpoint are handled - - // allowed values are Ignore or Fail. Defaults to Fail. - // +optional - failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType) - - // matchPolicy defines how the "rules" list is used to match incoming requests. - // Allowed values are "Exact" or "Equivalent". - // - // - Exact: match a request only if it exactly matches a specified rule. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook. - // - // - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. - // For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, - // and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, - // a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook. - // - // Defaults to "Equivalent" - // +optional - matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType) - - // NamespaceSelector decides whether to run the webhook on an object based - // on whether the namespace for that object matches the selector. If the - // object itself is a namespace, the matching is performed on - // object.metadata.labels. If the object is another cluster scoped resource, - // it never skips the webhook. - // - // For example, to run the webhook on any objects whose namespace is not - // associated with "runlevel" of "0" or "1"; you will set the selector as - // follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "runlevel", - // "operator": "NotIn", - // "values": [ - // "0", - // "1" - // ] - // } - // ] - // } - // - // If instead you want to only run the webhook on any objects whose - // namespace is associated with the "environment" of "prod" or "staging"; - // you will set the selector as follows: - // "namespaceSelector": { - // "matchExpressions": [ - // { - // "key": "environment", - // "operator": "In", - // "values": [ - // "prod", - // "staging" - // ] - // } - // ] - // } - // - // See - // https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // for more examples of label selectors. - // - // Default to the empty LabelSelector, which matches everything. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt) - - // ObjectSelector decides whether to run the webhook based on if the - // object has matching labels. objectSelector is evaluated against both - // the oldObject and newObject that would be sent to the webhook, and - // is considered to match if either object matches the selector. A null - // object (oldObject in the case of create, or newObject in the case of - // delete) or an object that cannot have labels (like a - // DeploymentRollback or a PodProxyOptions object) is not considered to - // match. - // Use the object selector only if the webhook is opt-in, because end - // users may skip the admission webhook by setting the labels. - // Default to the empty LabelSelector, which matches everything. - // +optional - objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt) - - // SideEffects states whether this webhook has side effects. - // Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). - // Webhooks with side effects MUST implement a reconciliation system, since a request may be - // rejected by a future step in the admission chain and the side effects therefore need to be undone. - // Requests with the dryRun attribute will be auto-rejected if they match a webhook with - // sideEffects == Unknown or Some. - sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass) - - // TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, - // the webhook call will be ignored or the API call will fail based on the - // failure policy. - // The timeout value must be between 1 and 30 seconds. - // Default to 10 seconds. - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt) - - // AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` - // versions the Webhook expects. API server will try to use first version in - // the list which it supports. If none of the versions specified in this list - // supported by API server, validation will fail for this object. - // If a persisted webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail - // and be subject to the failure policy. - admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep) - - // reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. - // Allowed values are "Never" and "IfNeeded". - // - // Never: the webhook will not be called more than once in a single admission evaluation. - // - // IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation - // if the object being admitted is modified by other admission plugins after the initial webhook call. - // Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. - // Note: - // * the number of additional invocations is not guaranteed to be exactly one. - // * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. - // * webhooks that use this option may be reordered to minimize the number of additional invocations. - // * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead. - // - // Defaults to "Never". - // +optional - reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType) - - // MatchConditions is a list of conditions that must be met for a request to be sent to this - // webhook. Match conditions filter requests that have already been matched by the rules, - // namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. - // There are a maximum of 64 match conditions allowed. - // - // The exact matching logic is (in order): - // 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped. - // 2. If ALL matchConditions evaluate to TRUE, the webhook is called. - // 3. If any matchCondition evaluates to an error (but none are FALSE): - // - If failurePolicy=Fail, reject the request - // - If failurePolicy=Ignore, the error is ignored and the webhook is skipped - // - // This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=AdmissionWebhookMatchConditions - // +optional - matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(12,bytes,opt) -} - -// ReinvocationPolicyType specifies what type of policy the admission hook uses. -// +enum -#ReinvocationPolicyType: string // #enumReinvocationPolicyType - -#enumReinvocationPolicyType: - #NeverReinvocationPolicy | - #IfNeededReinvocationPolicy - -// NeverReinvocationPolicy indicates that the webhook must not be called more than once in a -// single admission evaluation. -#NeverReinvocationPolicy: #ReinvocationPolicyType & "Never" - -// IfNeededReinvocationPolicy indicates that the webhook may be called at least one -// additional time as part of the admission evaluation if the object being admitted is -// modified by other admission plugins after the initial webhook call. -#IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded" - -// RuleWithOperations is a tuple of Operations and Resources. It is recommended to make -// sure that all the tuple expansions are valid. -#RuleWithOperations: { - // Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * - // for all of those operations and any future admission operations that are added. - // If '*' is present, the length of the slice must be one. - // Required. - // +listType=atomic - operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType) - - #Rule -} - -// OperationType specifies an operation for a request. -// +enum -#OperationType: string // #enumOperationType - -#enumOperationType: - #OperationAll | - #Create | - #Update | - #Delete | - #Connect - -#OperationAll: #OperationType & "*" -#Create: #OperationType & "CREATE" -#Update: #OperationType & "UPDATE" -#Delete: #OperationType & "DELETE" -#Connect: #OperationType & "CONNECT" - -// WebhookClientConfig contains the information to make a TLS -// connection with the webhook -#WebhookClientConfig: { - // `url` gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) - - // `service` is a reference to the service for this webhook. Either - // `service` or `url` must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) - - // `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -#ServiceReference: { - // `namespace` is the namespace of the service. - // Required - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // `name` is the name of the service. - // Required - name: string @go(Name) @protobuf(2,bytes,opt) - - // `path` is an optional URL path which will be sent in any request to - // this service. - // +optional - path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) - - // If specified, the port on the service that hosting webhook. - // Default to 443 for backward compatibility. - // `port` should be a valid port number (1-65535, inclusive). - // +optional - port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) -} - -// MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook. -#MatchCondition: { - // Name is an identifier for this match condition, used for strategic merging of MatchConditions, - // as well as providing an identifier for logging purposes. A good name should be descriptive of - // the associated expression. - // Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and - // must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or - // '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an - // optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName') - // - // Required. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. - // CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables: - // - // 'object' - The object from the incoming request. The value is null for DELETE requests. - // 'oldObject' - The existing object. The value is null for CREATE requests. - // 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). - // 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request. - // See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz - // 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the - // request resource. - // Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/ - // - // Required. - expression: string @go(Expression) @protobuf(2,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue deleted file mode 100644 index c2497a51..00000000 --- a/test/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -#GroupName: "apps" diff --git a/test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue deleted file mode 100644 index d3ecc834..00000000 --- a/test/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue +++ /dev/null @@ -1,946 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/apps/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -#ControllerRevisionHashLabelKey: "controller-revision-hash" -#StatefulSetRevisionLabel: "controller-revision-hash" -#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" -#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" -#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" -#PodIndexLabel: "apps.kubernetes.io/pod-index" - -// StatefulSet represents a set of pods with consistent identities. -// Identities are defined as: -// - Network: A single stable DNS and hostname. -// - Storage: As many VolumeClaims as requested. -// -// The StatefulSet guarantees that a given network identity will always -// map to the same storage identity. -#StatefulSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired identities of pods in this set. - // +optional - spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the current status of Pods in this StatefulSet. This data - // may be out of date by some window of time. - // +optional - status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodManagementPolicyType defines the policy for creating pods under a stateful set. -// +enum -#PodManagementPolicyType: string // #enumPodManagementPolicyType - -#enumPodManagementPolicyType: - #OrderedReadyPodManagement | - #ParallelPodManagement - -// OrderedReadyPodManagement will create pods in strictly increasing order on -// scale up and strictly decreasing order on scale down, progressing only when -// the previous pod is ready or terminated. At most one pod will be changed -// at any time. -#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" - -// ParallelPodManagement will create and delete pods as soon as the stateful set -// replica count is changed, and will not wait for pods to be ready or complete -// termination. -#ParallelPodManagement: #PodManagementPolicyType & "Parallel" - -// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet -// controller will use to perform updates. It includes any additional parameters -// necessary to perform the update for the indicated strategy. -#StatefulSetUpdateStrategy: { - // Type indicates the type of the StatefulSetUpdateStrategy. - // Default is RollingUpdate. - // +optional - type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) - - // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. - // +optional - rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) -} - -// StatefulSetUpdateStrategyType is a string enumeration type that enumerates -// all possible update strategies for the StatefulSet controller. -// +enum -#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType - -#enumStatefulSetUpdateStrategyType: - #RollingUpdateStatefulSetStrategyType | - #OnDeleteStatefulSetStrategyType - -// RollingUpdateStatefulSetStrategyType indicates that update will be -// applied to all Pods in the StatefulSet with respect to the StatefulSet -// ordering constraints. When a scale operation is performed with this -// strategy, new Pods will be created from the specification version indicated -// by the StatefulSet's updateRevision. -#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" - -// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version -// tracking and ordered rolling restarts are disabled. Pods are recreated -// from the StatefulSetSpec when they are manually deleted. When a scale -// operation is performed with this strategy,specification version indicated -// by the StatefulSet's currentRevision. -#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" - -// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. -#RollingUpdateStatefulSetStrategy: { - // Partition indicates the ordinal at which the StatefulSet should be partitioned - // for updates. During a rolling update, all pods from ordinal Replicas-1 to - // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - // This is helpful in being able to do a canary based deployment. The default value is 0. - // +optional - partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) - - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding up. This can not be 0. - // Defaults to 1. This field is alpha-level and is only honored by servers that enable the - // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - // will be counted towards MaxUnavailable. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) -} - -// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine -// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is -// deleted or scaled down. -#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType - -#enumPersistentVolumeClaimRetentionPolicyType: - #RetainPersistentVolumeClaimRetentionPolicyType | - #DeletePersistentVolumeClaimRetentionPolicyType - -// RetainPersistentVolumeClaimRetentionPolicyType is the default -// PersistentVolumeClaimRetentionPolicy and specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will not be deleted. -#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" - -// RetentionPersistentVolumeClaimRetentionPolicyType specifies that -// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates -// will be deleted in the scenario specified in -// StatefulSetPersistentVolumeClaimRetentionPolicy. -#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" - -// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs -// created from the StatefulSet VolumeClaimTemplates. -#StatefulSetPersistentVolumeClaimRetentionPolicy: { - // WhenDeleted specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is deleted. The default policy - // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The - // `Delete` policy causes those PVCs to be deleted. - whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) - - // WhenScaled specifies what happens to PVCs created from StatefulSet - // VolumeClaimTemplates when the StatefulSet is scaled down. The default - // policy of `Retain` causes PVCs to not be affected by a scaledown. The - // `Delete` policy causes the associated PVCs for any excess pods above - // the replica count to be deleted. - whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) -} - -// StatefulSetOrdinals describes the policy used for replica ordinal assignment -// in this StatefulSet. -#StatefulSetOrdinals: { - // start is the number representing the first replica's index. It may be used - // to number replicas from an alternate index (eg: 1-indexed) over the default - // 0-indexed names, or to orchestrate progressive movement of replicas from - // one StatefulSet to another. - // If set, replica indices will be in the range: - // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). - // If unset, defaults to 0. Replica indices will be in the range: - // [0, .spec.replicas). - // +optional - start: int32 @go(Start) @protobuf(1,varint,opt) -} - -// A StatefulSetSpec is the specification of a StatefulSet. -#StatefulSetSpec: { - // replicas is the desired number of replicas of the given Template. - // These are replicas in the sense that they are instantiations of the - // same Template, but individual replicas also have a consistent identity. - // If unspecified, defaults to 1. - // TODO: Consider a rename of this field. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // selector is a label query over pods that should match the replica count. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // template is the object that describes the pod that will be created if - // insufficient replicas are detected. Each pod stamped out by the StatefulSet - // will fulfill this Template, but have a unique identity from the rest - // of the StatefulSet. Each pod will be named with the format - // -. For example, a pod in a StatefulSet named - // "web" with index number "3" would be named "web-3". - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // volumeClaimTemplates is a list of claims that pods are allowed to reference. - // The StatefulSet controller is responsible for mapping network identities to - // claims in a way that maintains the identity of a pod. Every claim in - // this list must have at least one matching (by name) volumeMount in one - // container in the template. A claim in this list takes precedence over - // any volumes in the template, with the same name. - // TODO: Define the behavior if a claim already exists with the same name. - // +optional - volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) - - // serviceName is the name of the service that governs this StatefulSet. - // This service must exist before the StatefulSet, and is responsible for - // the network identity of the set. Pods get DNS/hostnames that follow the - // pattern: pod-specific-string.serviceName.default.svc.cluster.local - // where "pod-specific-string" is managed by the StatefulSet controller. - serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) - - // podManagementPolicy controls how pods are created during initial scale up, - // when replacing pods on nodes, or when scaling down. The default policy is - // `OrderedReady`, where pods are created in increasing order (pod-0, then - // pod-1, etc) and the controller will wait until each pod is ready before - // continuing. When scaling down, the pods are removed in the opposite order. - // The alternative policy is `Parallel` which will create pods in parallel - // to match the desired scale without waiting, and on scale down will delete - // all pods at once. - // +optional - podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) - - // updateStrategy indicates the StatefulSetUpdateStrategy that will be - // employed to update Pods in the StatefulSet when a revision is made to - // Template. - updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) - - // revisionHistoryLimit is the maximum number of revisions that will - // be maintained in the StatefulSet's revision history. The revision history - // consists of all revisions not represented by a currently applied - // StatefulSetSpec version. The default value is 10. - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) - - // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent - // volume claims created from volumeClaimTemplates. By default, all persistent - // volume claims are created as needed and retained until manually deleted. This - // policy allows the lifecycle to be altered, for example by deleting persistent - // volume claims when their stateful set is deleted, or when their pod is scaled - // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, - // which is alpha. +optional - persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) - - // ordinals controls the numbering of replica indices in a StatefulSet. The - // default ordinals behavior assigns a "0" index to the first replica and - // increments the index by one for each additional replica requested. Using - // the ordinals field requires the StatefulSetStartOrdinal feature gate to be - // enabled, which is beta. - // +optional - ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) -} - -// StatefulSetStatus represents the current state of a StatefulSet. -#StatefulSetStatus: { - // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the - // StatefulSet's generation, which is updated on mutation by the API Server. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // replicas is the number of Pods created by the StatefulSet controller. - replicas: int32 @go(Replicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) - - // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by currentRevision. - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) - - // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version - // indicated by updateRevision. - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) - - // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the - // sequence [0,currentReplicas). - currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) - - // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence - // [replicas-updatedReplicas,replicas) - updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) - - // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller - // uses this field as a collision avoidance mechanism when it needs to create the name for the - // newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a statefulset's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. - // +optional - availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) -} - -#StatefulSetConditionType: string - -// StatefulSetCondition describes the state of a statefulset at a certain point. -#StatefulSetCondition: { - // Type of statefulset condition. - type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// StatefulSetList is a collection of StatefulSets. -#StatefulSetList: { - metav1.#TypeMeta - - // Standard list's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of stateful sets. - items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) -} - -// Deployment enables declarative updates for Pods and ReplicaSets. -#Deployment: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the Deployment. - // +optional - spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the Deployment. - // +optional - status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DeploymentSpec is the specification of the desired behavior of the Deployment. -#DeploymentSpec: { - // Number of desired pods. This is a pointer to distinguish between explicit - // zero and not specified. Defaults to 1. - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Label selector for pods. Existing ReplicaSets whose pods are - // selected by this will be the ones affected by this deployment. - // It must match the pod template's labels. - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template describes the pods that will be created. - // The only allowed template.spec.restartPolicy value is "Always". - template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) - - // The deployment strategy to use to replace existing pods with new ones. - // +optional - // +patchStrategy=retainKeys - strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) - - // The number of old ReplicaSets to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) - - // Indicates that the deployment is paused. - // +optional - paused?: bool @go(Paused) @protobuf(7,varint,opt) - - // The maximum time in seconds for a deployment to make progress before it - // is considered to be failed. The deployment controller will continue to - // process failed deployments and a condition with a ProgressDeadlineExceeded - // reason will be surfaced in the deployment status. Note that progress will - // not be estimated during the time a deployment is paused. Defaults to 600s. - progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) -} - -// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added -// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets -// to select new pods (and old pods being select by new ReplicaSet). -#DefaultDeploymentUniqueLabelKey: "pod-template-hash" - -// DeploymentStrategy describes how to replace existing pods with new ones. -#DeploymentStrategy: { - // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - // +optional - type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) - - // Rolling update config params. Present only if DeploymentStrategyType = - // RollingUpdate. - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. - // +optional - rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) -} - -// +enum -#DeploymentStrategyType: string // #enumDeploymentStrategyType - -#enumDeploymentStrategyType: - #RecreateDeploymentStrategyType | - #RollingUpdateDeploymentStrategyType - -// Kill all existing pods before creating new ones. -#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" - -// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. -#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" - -// Spec to control the desired behavior of rolling update. -#RollingUpdateDeployment: { - // The maximum number of pods that can be unavailable during the update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // Absolute number is calculated from percentage by rounding down. - // This can not be 0 if MaxSurge is 0. - // Defaults to 25%. - // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods - // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet - // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring - // that the total number of pods available at all times during the update is at - // least 70% of desired pods. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of pods that can be scheduled above the desired number of - // pods. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up. - // Defaults to 25%. - // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when - // the rolling update starts, such that the total number of old and new pods do not exceed - // 130% of desired pods. Once old pods have been killed, - // new ReplicaSet can be scaled up further, ensuring that total number of pods running - // at any time during the update is at most 130% of desired pods. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DeploymentStatus is the most recently observed status of the Deployment. -#DeploymentStatus: { - // The generation observed by the deployment controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // Total number of non-terminated pods targeted by this deployment (their labels match the selector). - // +optional - replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) - - // Total number of non-terminated pods targeted by this deployment that have the desired template spec. - // +optional - updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) - - // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) - - // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) - - // Total number of unavailable pods targeted by this deployment. This is the total number of - // pods that are still required for the deployment to have 100% available capacity. They may - // either be pods that are running but not yet available or pods that still have not been created. - // +optional - unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) - - // Represents the latest available observations of a deployment's current state. - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) - - // Count of hash collisions for the Deployment. The Deployment controller uses this - // field as a collision avoidance mechanism when it needs to create the name for the - // newest ReplicaSet. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) -} - -#DeploymentConditionType: string // #enumDeploymentConditionType - -#enumDeploymentConditionType: - #DeploymentAvailable | - #DeploymentProgressing | - #DeploymentReplicaFailure - -// Available means the deployment is available, ie. at least the minimum available -// replicas required are up and running for at least minReadySeconds. -#DeploymentAvailable: #DeploymentConditionType & "Available" - -// Progressing means the deployment is progressing. Progress for a deployment is -// considered when a new replica set is created or adopted, and when new pods scale -// up or old pods scale down. Progress is not estimated for paused deployments or -// when progressDeadlineSeconds is not specified. -#DeploymentProgressing: #DeploymentConditionType & "Progressing" - -// ReplicaFailure is added in a deployment when one of its pods fails to be created -// or deleted. -#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" - -// DeploymentCondition describes the state of a deployment at a certain point. -#DeploymentCondition: { - // Type of deployment condition. - type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time this condition was updated. - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) - - // Last time the condition transitioned from one status to another. - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) - - // The reason for the condition's last transition. - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DeploymentList is a list of Deployments. -#DeploymentList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Deployments. - items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) -} - -// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. -#DaemonSetUpdateStrategy: { - // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. - // +optional - type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) - - // Rolling update config params. Present only if type = "RollingUpdate". - //--- - // TODO: Update this to follow our convention for oneOf, whatever we decide it - // to be. Same as Deployment `strategy.rollingUpdate`. - // See https://github.com/kubernetes/kubernetes/issues/35345 - // +optional - rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) -} - -// +enum -#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType - -#enumDaemonSetUpdateStrategyType: - #RollingUpdateDaemonSetStrategyType | - #OnDeleteDaemonSetStrategyType - -// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. -#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" - -// Replace the old daemons only when it's killed -#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" - -// Spec to control the desired behavior of daemon set rolling update. -#RollingUpdateDaemonSet: { - // The maximum number of DaemonSet pods that can be unavailable during the - // update. Value can be an absolute number (ex: 5) or a percentage of total - // number of DaemonSet pods at the start of the update (ex: 10%). Absolute - // number is calculated from percentage by rounding up. - // This cannot be 0 if MaxSurge is 0 - // Default value is 1. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their pods stopped for an update at any given time. The update - // starts by stopping at most 30% of those DaemonSet pods and then brings - // up new DaemonSet pods in their place. Once the new pods are available, - // it then proceeds onto other DaemonSet pods, thus ensuring that at least - // 70% of original number of DaemonSet pods are available at all times during - // the update. - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // The maximum number of nodes with an existing available DaemonSet pod that - // can have an updated DaemonSet pod during during an update. - // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - // This can not be 0 if MaxUnavailable is 0. - // Absolute number is calculated from percentage by rounding up to a minimum of 1. - // Default value is 0. - // Example: when this is set to 30%, at most 30% of the total number of nodes - // that should be running the daemon pod (i.e. status.desiredNumberScheduled) - // can have their a new pod created before the old pod is marked as deleted. - // The update starts by launching new pods on 30% of nodes. Once an updated - // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod - // on that node is marked deleted. If the old pod becomes unavailable for any - // reason (Ready transitions to false, is evicted, or is drained) an updated - // pod is immediatedly created on that node without considering surge limits. - // Allowing surge implies the possibility that the resources consumed by the - // daemonset on any given node can double if the readiness check fails, and - // so resource intensive daemonsets should take into account that they may - // cause evictions during disruption. - // +optional - maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) -} - -// DaemonSetSpec is the specification of a daemon set. -#DaemonSetSpec: { - // A label query over pods that are managed by the daemon set. - // Must match in order to be controlled. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // An object that describes the pod that will be created. - // The DaemonSet will create exactly one copy of this pod on every node - // that matches the template's node selector (or on every node if no node - // selector is specified). - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) - - // An update strategy to replace existing DaemonSet pods with new pods. - // +optional - updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) - - // The minimum number of seconds for which a newly created DaemonSet pod should - // be ready without any of its container crashing, for it to be considered - // available. Defaults to 0 (pod will be considered available as soon as it - // is ready). - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // The number of old history to retain to allow rollback. - // This is a pointer to distinguish between explicit zero and not specified. - // Defaults to 10. - // +optional - revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) -} - -// DaemonSetStatus represents the current status of a daemon set. -#DaemonSetStatus: { - // The number of nodes that are running at least 1 - // daemon pod and are supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) - - // The number of nodes that are running the daemon pod, but are - // not supposed to run the daemon pod. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) - - // The total number of nodes that should be running the daemon - // pod (including nodes correctly running the daemon pod). - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ - desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) - - // numberReady is the number of nodes that should be running the daemon pod and have one - // or more of the daemon pod running with a Ready Condition. - numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) - - // The most recent generation observed by the daemon set controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) - - // The total number of nodes that are running updated daemon pod - // +optional - updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have one or more of the daemon pod running and - // available (ready for at least spec.minReadySeconds) - // +optional - numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) - - // The number of nodes that should be running the - // daemon pod and have none of the daemon pod running and available - // (ready for at least spec.minReadySeconds) - // +optional - numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) - - // Count of hash collisions for the DaemonSet. The DaemonSet controller - // uses this field as a collision avoidance mechanism when it needs to - // create the name for the newest ControllerRevision. - // +optional - collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) - - // Represents the latest available observations of a DaemonSet's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) -} - -#DaemonSetConditionType: string - -// DaemonSetCondition describes the state of a DaemonSet at a certain point. -#DaemonSetCondition: { - // Type of DaemonSet condition. - type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// DaemonSet represents the configuration of a daemon set. -#DaemonSet: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The desired behavior of this daemon set. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // The current status of this daemon set. This data may be - // out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// DefaultDaemonSetUniqueLabelKey is the default label key that is added -// to existing DaemonSet pods to distinguish between old and new -// DaemonSet pods during DaemonSet template updates. -#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" - -// DaemonSetList is a collection of daemon sets. -#DaemonSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // A list of daemon sets. - items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) -} - -// ReplicaSet ensures that a specified number of pod replicas are running at any given time. -#ReplicaSet: { - metav1.#TypeMeta - - // If the Labels of a ReplicaSet are empty, they are defaulted to - // be the same as the Pod(s) that the ReplicaSet manages. - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the ReplicaSet. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the ReplicaSet. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicaSetList is a collection of ReplicaSets. -#ReplicaSetList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ReplicaSets. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) -} - -// ReplicaSetSpec is the specification of a ReplicaSet. -#ReplicaSetSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the replica count. - // Label keys and values that must match in order to be controlled by this replica set. - // It must match the pod template's labels. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) -} - -// ReplicaSetStatus represents the current status of a ReplicaSet. -#ReplicaSetStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replicaset. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replica set. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replica set's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) -} - -#ReplicaSetConditionType: string // #enumReplicaSetConditionType - -#enumReplicaSetConditionType: - #ReplicaSetReplicaFailure - -// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created -// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted -// due to kubelet being down or finalizers are failing. -#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" - -// ReplicaSetCondition describes the state of a replica set at a certain point. -#ReplicaSetCondition: { - // Type of replica set condition. - type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) - - // Status of the condition, one of True, False, Unknown. - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ControllerRevision implements an immutable snapshot of state data. Clients -// are responsible for serializing and deserializing the objects that contain -// their internal state. -// Once a ControllerRevision has been successfully created, it can not be updated. -// The API Server will fail validation of all requests that attempt to mutate -// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both -// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, -// it may be subject to name and representation changes in future releases, and clients should not -// depend on its stability. It is primarily for internal use by controllers. -#ControllerRevision: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Data is the serialized representation of the state. - data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) - - // Revision indicates the revision of the state represented by Data. - revision: int64 @go(Revision) @protobuf(3,varint,opt) -} - -// ControllerRevisionList is a resource containing a list of ControllerRevision objects. -#ControllerRevisionList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ControllerRevisions - items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue deleted file mode 100644 index 08256009..00000000 --- a/test/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authentication/v1 - -package v1 - -#GroupName: "authentication.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue deleted file mode 100644 index 5f0127a6..00000000 --- a/test/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue +++ /dev/null @@ -1,206 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authentication/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -// ImpersonateUserHeader is used to impersonate a particular user during an API server request -#ImpersonateUserHeader: "Impersonate-User" - -// ImpersonateGroupHeader is used to impersonate a particular group during an API server request. -// It can be repeated multiplied times for multiple groups. -#ImpersonateGroupHeader: "Impersonate-Group" - -// ImpersonateUIDHeader is used to impersonate a particular UID during an API server request -#ImpersonateUIDHeader: "Impersonate-Uid" - -// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the -// extra map[string][]string for user.Info. The key will be every after the prefix. -// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple -// times to have multiple elements in the slice under a single key -#ImpersonateUserExtraHeaderPrefix: "Impersonate-Extra-" - -// TokenReview attempts to authenticate a token to a known user. -// Note: TokenReview requests may be cached by the webhook token authenticator -// plugin in the kube-apiserver. -#TokenReview: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #TokenReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request can be authenticated. - // +optional - status?: #TokenReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// TokenReviewSpec is a description of the token authentication request. -#TokenReviewSpec: { - // Token is the opaque bearer token. - // +optional - token?: string @go(Token) @protobuf(1,bytes,opt) - - // Audiences is a list of the identifiers that the resource server presented - // with the token identifies as. Audience-aware token authenticators will - // verify that the token was intended for at least one of the audiences in - // this list. If no audiences are provided, the audience will default to the - // audience of the Kubernetes apiserver. - // +optional - audiences?: [...string] @go(Audiences,[]string) @protobuf(2,bytes,rep) -} - -// TokenReviewStatus is the result of the token authentication request. -#TokenReviewStatus: { - // Authenticated indicates that the token was associated with a known user. - // +optional - authenticated?: bool @go(Authenticated) @protobuf(1,varint,opt) - - // User is the UserInfo associated with the provided token. - // +optional - user?: #UserInfo @go(User) @protobuf(2,bytes,opt) - - // Audiences are audience identifiers chosen by the authenticator that are - // compatible with both the TokenReview and token. An identifier is any - // identifier in the intersection of the TokenReviewSpec audiences and the - // token's audiences. A client of the TokenReview API that sets the - // spec.audiences field should validate that a compatible audience identifier - // is returned in the status.audiences field to ensure that the TokenReview - // server is audience aware. If a TokenReview returns an empty - // status.audience field where status.authenticated is "true", the token is - // valid against the audience of the Kubernetes API server. - // +optional - audiences?: [...string] @go(Audiences,[]string) @protobuf(4,bytes,rep) - - // Error indicates that the token couldn't be checked - // +optional - error?: string @go(Error) @protobuf(3,bytes,opt) -} - -// UserInfo holds the information about the user needed to implement the -// user.Info interface. -#UserInfo: { - // The name that uniquely identifies this user among all active users. - // +optional - username?: string @go(Username) @protobuf(1,bytes,opt) - - // A unique value that identifies this user across time. If this user is - // deleted and another user by the same name is added, they will have - // different UIDs. - // +optional - uid?: string @go(UID) @protobuf(2,bytes,opt) - - // The names of groups this user is a part of. - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(3,bytes,rep) - - // Any additional information provided by the authenticator. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(4,bytes,rep) -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// TokenRequest requests a token for a given service account. -#TokenRequest: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #TokenRequestSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the token can be authenticated. - // +optional - status?: #TokenRequestStatus @go(Status) @protobuf(3,bytes,opt) -} - -// TokenRequestSpec contains client provided parameters of a token request. -#TokenRequestSpec: { - // Audiences are the intendend audiences of the token. A recipient of a - // token must identify themself with an identifier in the list of - // audiences of the token, and otherwise should reject the token. A - // token issued for multiple audiences may be used to authenticate - // against any of the audiences listed but implies a high degree of - // trust between the target audiences. - audiences: [...string] @go(Audiences,[]string) @protobuf(1,bytes,rep) - - // ExpirationSeconds is the requested duration of validity of the request. The - // token issuer may return a token with a different validity duration so a - // client needs to check the 'expiration' field in a response. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(4,varint,opt) - - // BoundObjectRef is a reference to an object that the token will be bound to. - // The token will only be valid for as long as the bound object exists. - // NOTE: The API server's TokenReview endpoint will validate the - // BoundObjectRef, but other audiences may not. Keep ExpirationSeconds - // small if you want prompt revocation. - // +optional - boundObjectRef?: null | #BoundObjectReference @go(BoundObjectRef,*BoundObjectReference) @protobuf(3,bytes,opt) -} - -// TokenRequestStatus is the result of a token request. -#TokenRequestStatus: { - // Token is the opaque bearer token. - token: string @go(Token) @protobuf(1,bytes,opt) - - // ExpirationTimestamp is the time of expiration of the returned token. - expirationTimestamp: metav1.#Time @go(ExpirationTimestamp) @protobuf(2,bytes,opt) -} - -// BoundObjectReference is a reference to an object that a token is bound to. -#BoundObjectReference: { - // Kind of the referent. Valid kinds are 'Pod' and 'Secret'. - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) - - // Name of the referent. - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. -// When using impersonation, users will receive the user info of the user being impersonated. If impersonation or -// request header authentication is used, any extra keys will have their case ignored and returned as lowercase. -#SelfSubjectReview: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Status is filled in by the server with the user attributes. - status?: #SelfSubjectReviewStatus @go(Status) @protobuf(2,bytes,opt) -} - -// SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user. -#SelfSubjectReviewStatus: { - // User attributes of the user making this request. - // +optional - userInfo?: #UserInfo @go(UserInfo) @protobuf(1,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue deleted file mode 100644 index afd54ec0..00000000 --- a/test/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authorization/v1 - -package v1 - -#GroupName: "authorization.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue deleted file mode 100644 index 6eaf8187..00000000 --- a/test/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue +++ /dev/null @@ -1,262 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/authorization/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// SubjectAccessReview checks whether or not a user or group can perform an action. -#SubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated - spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a -// spec.namespace means "in all namespaces". Self is a special case, because users should always be able -// to check whether they can perform an action -#SelfSubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. user and groups must be empty - spec: #SelfSubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. -// Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions -// checking. -#LocalSubjectAccessReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace - // you made the request against. If empty, it is defaulted. - spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates whether the request is allowed or not - // +optional - status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface -#ResourceAttributes: { - // Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces - // "" (empty) is defaulted for LocalSubjectAccessReviews - // "" (empty) is empty for cluster-scoped resources - // "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview - // +optional - namespace?: string @go(Namespace) @protobuf(1,bytes,opt) - - // Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all. - // +optional - verb?: string @go(Verb) @protobuf(2,bytes,opt) - - // Group is the API Group of the Resource. "*" means all. - // +optional - group?: string @go(Group) @protobuf(3,bytes,opt) - - // Version is the API Version of the Resource. "*" means all. - // +optional - version?: string @go(Version) @protobuf(4,bytes,opt) - - // Resource is one of the existing resource types. "*" means all. - // +optional - resource?: string @go(Resource) @protobuf(5,bytes,opt) - - // Subresource is one of the existing resource types. "" means none. - // +optional - subresource?: string @go(Subresource) @protobuf(6,bytes,opt) - - // Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all. - // +optional - name?: string @go(Name) @protobuf(7,bytes,opt) -} - -// NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface -#NonResourceAttributes: { - // Path is the URL path of the request - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Verb is the standard HTTP verb - // +optional - verb?: string @go(Verb) @protobuf(2,bytes,opt) -} - -// SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes -// and NonResourceAuthorizationAttributes must be set -#SubjectAccessReviewSpec: { - // ResourceAuthorizationAttributes describes information for a resource access request - // +optional - resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) - - // NonResourceAttributes describes information for a non-resource access request - // +optional - nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) - - // User is the user you're testing for. - // If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // Groups is the groups you're testing for. - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) - - // Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer - // it needs a reflection here. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(5,bytes,rep) - - // UID information about the requesting user. - // +optional - uid?: string @go(UID) @protobuf(6,bytes,opt) -} - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes -// and NonResourceAuthorizationAttributes must be set -#SelfSubjectAccessReviewSpec: { - // ResourceAuthorizationAttributes describes information for a resource access request - // +optional - resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt) - - // NonResourceAttributes describes information for a non-resource access request - // +optional - nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt) -} - -// SubjectAccessReviewStatus -#SubjectAccessReviewStatus: { - // Allowed is required. True if the action would be allowed, false otherwise. - allowed: bool @go(Allowed) @protobuf(1,varint,opt) - - // Denied is optional. True if the action would be denied, otherwise - // false. If both allowed is false and denied is false, then the - // authorizer has no opinion on whether to authorize the action. Denied - // may not be true if Allowed is true. - // +optional - denied?: bool @go(Denied) @protobuf(4,varint,opt) - - // Reason is optional. It indicates why a request was allowed or denied. - // +optional - reason?: string @go(Reason) @protobuf(2,bytes,opt) - - // EvaluationError is an indication that some error occurred during the authorization check. - // It is entirely possible to get an error and be able to continue determine authorization status in spite of it. - // For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request. - // +optional - evaluationError?: string @go(EvaluationError) @protobuf(3,bytes,opt) -} - -// SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. -// The returned list of actions may be incomplete depending on the server's authorization mode, -// and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, -// or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to -// drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. -// SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server. -#SelfSubjectRulesReview: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec holds information about the request being evaluated. - spec: #SelfSubjectRulesReviewSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is filled in by the server and indicates the set of actions a user can perform. - // +optional - status?: #SubjectRulesReviewStatus @go(Status) @protobuf(3,bytes,opt) -} - -// SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview. -#SelfSubjectRulesReviewSpec: { - // Namespace to evaluate rules for. Required. - namespace?: string @go(Namespace) @protobuf(1,bytes,opt) -} - -// SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on -// the set of authorizers the server is configured with and any errors experienced during evaluation. -// Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, -// even if that list is incomplete. -#SubjectRulesReviewStatus: { - // ResourceRules is the list of actions the subject is allowed to perform on resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - resourceRules: [...#ResourceRule] @go(ResourceRules,[]ResourceRule) @protobuf(1,bytes,rep) - - // NonResourceRules is the list of actions the subject is allowed to perform on non-resources. - // The list ordering isn't significant, may contain duplicates, and possibly be incomplete. - nonResourceRules: [...#NonResourceRule] @go(NonResourceRules,[]NonResourceRule) @protobuf(2,bytes,rep) - - // Incomplete is true when the rules returned by this call are incomplete. This is most commonly - // encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation. - incomplete: bool @go(Incomplete) @protobuf(3,bytes,rep) - - // EvaluationError can appear in combination with Rules. It indicates an error occurred during - // rule evaluation, such as an authorizer that doesn't support rule evaluation, and that - // ResourceRules and/or NonResourceRules may be incomplete. - // +optional - evaluationError?: string @go(EvaluationError) @protobuf(4,bytes,opt) -} - -// ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, -// may contain duplicates, and possibly be incomplete. -#ResourceRule: { - // Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "*" means all. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. "*" means all in the specified apiGroups. - // "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) -} - -// NonResourceRule holds information that describes a rule for the non-resource -#NonResourceRule: { - // Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, - // final step in the path. "*" means all. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue deleted file mode 100644 index 0a7f3423..00000000 --- a/test/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v1 - -package v1 - -#GroupName: "autoscaling" diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue deleted file mode 100644 index 6e873a35..00000000 --- a/test/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue +++ /dev/null @@ -1,542 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/api/core/v1" -) - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -// +structType=atomic -#CrossVersionObjectReference: { - // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(2,bytes,opt) - - // apiVersion is the API version of the referent - // +optional - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) -} - -// specification of a horizontal pod autoscaler. -#HorizontalPodAutoscalerSpec: { - // reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption - // and will set the desired number of pods by using its Scale subresource. - scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) - - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) - - // maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas. - maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) - - // targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods; - // if not specified the default autoscaling policy will be used. - // +optional - targetCPUUtilizationPercentage?: null | int32 @go(TargetCPUUtilizationPercentage,*int32) @protobuf(4,varint,opt) -} - -// current status of a horizontal pod autoscaler -#HorizontalPodAutoscalerStatus: { - // observedGeneration is the most recent generation observed by this autoscaler. - // +optional - observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) - - // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods; - // used by the autoscaler to control how often the number of pods is changed. - // +optional - lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) - - // currentReplicas is the current number of replicas of pods managed by this autoscaler. - currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) - - // desiredReplicas is the desired number of replicas of pods managed by this autoscaler. - desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) - - // currentCPUUtilizationPercentage is the current average CPU utilization over all pods, represented as a percentage of requested CPU, - // e.g. 70 means that an average pod is using now 70% of its requested CPU. - // +optional - currentCPUUtilizationPercentage?: null | int32 @go(CurrentCPUUtilizationPercentage,*int32) @protobuf(5,varint,opt) -} - -// configuration of a horizontal pod autoscaler. -#HorizontalPodAutoscaler: { - metav1.#TypeMeta - - // Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current information about the autoscaler. - // +optional - status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// list of horizontal pod autoscaler objects. -#HorizontalPodAutoscalerList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of horizontal pod autoscaler objects. - items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) -} - -// Scale represents a scaling request for a resource. -#Scale: { - metav1.#TypeMeta - - // Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only. - // +optional - status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ScaleSpec describes the attributes of a scale subresource. -#ScaleSpec: { - // replicas is the desired number of instances for the scaled object. - // +optional - replicas?: int32 @go(Replicas) @protobuf(1,varint,opt) -} - -// ScaleStatus represents the current status of a scale subresource. -#ScaleStatus: { - // replicas is the actual number of observed instances of the scaled object. - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // selector is the label query over pods that should match the replicas count. This is same - // as the label selector but in the string format to avoid introspection - // by clients. The string will be in the same format as the query-param syntax. - // More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - // +optional - selector?: string @go(Selector) @protobuf(2,bytes,opt) -} - -// MetricSourceType indicates the type of metric. -// +enum -#MetricSourceType: string // #enumMetricSourceType - -#enumMetricSourceType: - #ObjectMetricSourceType | - #PodsMetricSourceType | - #ResourceMetricSourceType | - #ContainerResourceMetricSourceType | - #ExternalMetricSourceType - -// ObjectMetricSourceType is a metric describing a kubernetes object -// (for example, hits-per-second on an Ingress object). -#ObjectMetricSourceType: #MetricSourceType & "Object" - -// PodsMetricSourceType is a metric describing each pod in the current scale -// target (for example, transactions-processed-per-second). The values -// will be averaged together before being compared to the target value. -#PodsMetricSourceType: #MetricSourceType & "Pods" - -// ResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ResourceMetricSourceType: #MetricSourceType & "Resource" - -// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing a single container in each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" - -// ExternalMetricSourceType is a global metric that is not associated -// with any Kubernetes object. It allows autoscaling based on information -// coming from components running outside of cluster -// (for example length of queue in cloud messaging service, or -// QPS from loadbalancer running outside of cluster). -#ExternalMetricSourceType: #MetricSourceType & "External" - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -#MetricSpec: { - // type is the type of metric source. It should be one of "ContainerResource", - // "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod of the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - // +optional - containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) -} - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricSource: { - // target is the described Kubernetes object. - target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) - - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(2,bytes) - - // targetValue is the target value of the metric (as a quantity). - targetValue: resource.#Quantity @go(TargetValue) @protobuf(3,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric. - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) - - // averageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -#PodsMetricSource: { - // metricName is the name of the metric in question - metricName: string @go(MetricName) @protobuf(1,bytes) - - // targetAverageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - targetAverageValue: resource.#Quantity @go(TargetAverageValue) @protobuf(2,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // targetAverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) - - // targetAverageValue is the target value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in the requests and limits, describing a single container in -// each of the pods of the current scale target(e.g. CPU or memory). The values will be -// averaged together before being compared to the target. Such metrics are built into -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ContainerResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // targetAverageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt) - - // targetAverageValue is the target value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // container is the name of the container in the pods of the scaling target. - container: string @go(Container) @protobuf(5,bytes,opt) -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -#ExternalMetricSource: { - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(1,bytes) - - // metricSelector is used to identify a specific time series - // within a given metric. - // +optional - metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // targetValue is the target value of the metric (as a quantity). - // Mutually exclusive with TargetAverageValue. - // +optional - targetValue?: null | resource.#Quantity @go(TargetValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // targetAverageValue is the target per-pod value of global metric (as a quantity). - // Mutually exclusive with TargetValue. - // +optional - targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) -} - -// MetricStatus describes the last-read state of a single metric. -#MetricStatus: { - // type is the type of metric source. It will be one of "ContainerResource", - // "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) -} - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType - -#enumHorizontalPodAutoscalerConditionType: - #ScalingActive | - #AbleToScale | - #ScalingLimited - -// ScalingActive indicates that the HPA controller is able to scale if necessary: -// it's correctly configured, can fetch the desired metrics, and isn't disabled. -#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" - -// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, -// such as being in a backoff window, or being unable to access/update the target scale. -#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" - -// ScalingLimited indicates that the calculated scale based on metrics would be above or -// below the range for the HPA, and has thus been capped. -#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -#HorizontalPodAutoscalerCondition: { - // type describes the current condition - type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) - - // status is the status of the condition (True, False, Unknown) - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) - - // lastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is the reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable explanation containing details about - // the transition - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricStatus: { - // target is the described Kubernetes object. - target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes) - - // metricName is the name of the metric in question. - metricName: string @go(MetricName) @protobuf(2,bytes) - - // currentValue is the current value of the metric (as a quantity). - currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes) - - // averageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes) -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -#PodsMetricStatus: { - // metricName is the name of the metric in question - metricName: string @go(MetricName) @protobuf(1,bytes) - - // currentAverageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(2,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes) -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. It will only be - // present if `targetAverageValue` was set in the corresponding metric - // specification. - // +optional - currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) - - // currentAverageValue is the current value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // It will always be set, regardless of the corresponding metric specification. - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing a single container in each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ContainerResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. It will only be - // present if `targetAverageValue` was set in the corresponding metric - // specification. - // +optional - currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt) - - // currentAverageValue is the current value of the average of the - // resource metric across all relevant pods, as a raw value (instead of as - // a percentage of the request), similar to the "pods" metric source type. - // It will always be set, regardless of the corresponding metric specification. - currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes) - - // container is the name of the container in the pods of the scaling taget - container: string @go(Container) @protobuf(4,bytes,opt) -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -#ExternalMetricStatus: { - // metricName is the name of a metric used for autoscaling in - // metric system. - metricName: string @go(MetricName) @protobuf(1,bytes) - - // metricSelector is used to identify a specific time series - // within a given metric. - // +optional - metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // currentValue is the current value of the metric (as a quantity) - currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes) - - // currentAverageValue is the current value of metric averaged over autoscaled pods. - // +optional - currentAverageValue?: null | resource.#Quantity @go(CurrentAverageValue,*resource.Quantity) @protobuf(4,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue deleted file mode 100644 index aea0fb26..00000000 --- a/test/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v2 - -package v2 - -#GroupName: "autoscaling" diff --git a/test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue deleted file mode 100644 index 76702085..00000000 --- a/test/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue +++ /dev/null @@ -1,597 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/autoscaling/v2 - -package v2 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// HorizontalPodAutoscaler is the configuration for a horizontal pod -// autoscaler, which automatically manages the replica count of any resource -// implementing the scale subresource based on the metrics specified. -#HorizontalPodAutoscaler: { - metav1.#TypeMeta - - // metadata is the standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the specification for the behaviour of the autoscaler. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. - // +optional - spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current information about the autoscaler. - // +optional - status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler. -#HorizontalPodAutoscalerSpec: { - // scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics - // should be collected, as well as to actually change the replica count. - scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt) - - // minReplicas is the lower limit for the number of replicas to which the autoscaler - // can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - // alpha feature gate HPAScaleToZero is enabled and at least one Object or External - // metric is configured. Scaling is active as long as at least one metric value is - // available. - // +optional - minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt) - - // maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. - // It cannot be less that minReplicas. - maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt) - - // metrics contains the specifications for which to use to calculate the - // desired replica count (the maximum replica count across all metrics will - // be used). The desired replica count is calculated multiplying the - // ratio between the target value and the current value by the current - // number of pods. Ergo, metrics used must decrease as the pod count is - // increased, and vice-versa. See the individual metric source types for - // more information about how each type of metric must respond. - // If not set, the default metric will be set to 80% average CPU utilization. - // +listType=atomic - // +optional - metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep) - - // behavior configures the scaling behavior of the target - // in both Up and Down directions (scaleUp and scaleDown fields respectively). - // If not set, the default HPAScalingRules for scale up and scale down are used. - // +optional - behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt) -} - -// CrossVersionObjectReference contains enough information to let you identify the referred resource. -#CrossVersionObjectReference: { - // kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(2,bytes,opt) - - // apiVersion is the API version of the referent - // +optional - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) -} - -// MetricSpec specifies how to scale based on a single metric -// (only `type` and one other matching field should be set at once). -#MetricSpec: { - // type is the type of metric source. It should be one of "ContainerResource", "External", - // "Object", "Pods" or "Resource", each mapping to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt) - - // containerResource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in - // each pod of the current scale target (e.g. CPU or memory). Such metrics are - // built in to Kubernetes, and have special scaling options on top of those - // available to normal per-pod metrics using the "pods" source. - // This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - // +optional - containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt) -} - -// HorizontalPodAutoscalerBehavior configures the scaling behavior of the target -// in both Up and Down directions (scaleUp and scaleDown fields respectively). -#HorizontalPodAutoscalerBehavior: { - // scaleUp is scaling policy for scaling Up. - // If not set, the default value is the higher of: - // * increase no more than 4 pods per 60 seconds - // * double the number of pods per 60 seconds - // No stabilization is used. - // +optional - scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt) - - // scaleDown is scaling policy for scaling Down. - // If not set, the default value is to allow to scale down to minReplicas pods, with a - // 300 second stabilization window (i.e., the highest recommendation for - // the last 300sec is used). - // +optional - scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt) -} - -// ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction -#ScalingPolicySelect: string // #enumScalingPolicySelect - -#enumScalingPolicySelect: - #MaxChangePolicySelect | - #MinChangePolicySelect | - #DisabledPolicySelect - -// MaxChangePolicySelect selects the policy with the highest possible change. -#MaxChangePolicySelect: #ScalingPolicySelect & "Max" - -// MinChangePolicySelect selects the policy with the lowest possible change. -#MinChangePolicySelect: #ScalingPolicySelect & "Min" - -// DisabledPolicySelect disables the scaling in this direction. -#DisabledPolicySelect: #ScalingPolicySelect & "Disabled" - -// HPAScalingRules configures the scaling behavior for one direction. -// These Rules are applied after calculating DesiredReplicas from metrics for the HPA. -// They can limit the scaling velocity by specifying scaling policies. -// They can prevent flapping by specifying the stabilization window, so that the -// number of replicas is not set instantly, instead, the safest value from the stabilization -// window is chosen. -#HPAScalingRules: { - // stabilizationWindowSeconds is the number of seconds for which past recommendations should be - // considered while scaling up or scaling down. - // StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - // If not set, use the default values: - // - For scale up: 0 (i.e. no stabilization is done). - // - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - // +optional - stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt) - - // selectPolicy is used to specify which policy should be used. - // If not set, the default value Max is used. - // +optional - selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt) - - // policies is a list of potential scaling polices which can be used during scaling. - // At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - // +listType=atomic - // +optional - policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep) -} - -// HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions. -#HPAScalingPolicyType: string // #enumHPAScalingPolicyType - -#enumHPAScalingPolicyType: - #PodsScalingPolicy | - #PercentScalingPolicy - -// PodsScalingPolicy is a policy used to specify a change in absolute number of pods. -#PodsScalingPolicy: #HPAScalingPolicyType & "Pods" - -// PercentScalingPolicy is a policy used to specify a relative amount of change with respect to -// the current number of pods. -#PercentScalingPolicy: #HPAScalingPolicyType & "Percent" - -// HPAScalingPolicy is a single policy which must hold true for a specified past interval. -#HPAScalingPolicy: { - // type is used to specify the scaling policy. - type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType) - - // value contains the amount of change which is permitted by the policy. - // It must be greater than zero - value: int32 @go(Value) @protobuf(2,varint,opt) - - // periodSeconds specifies the window of time for which the policy should hold true. - // PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt) -} - -// MetricSourceType indicates the type of metric. -#MetricSourceType: string // #enumMetricSourceType - -#enumMetricSourceType: - #ObjectMetricSourceType | - #PodsMetricSourceType | - #ResourceMetricSourceType | - #ContainerResourceMetricSourceType | - #ExternalMetricSourceType - -// ObjectMetricSourceType is a metric describing a kubernetes object -// (for example, hits-per-second on an Ingress object). -#ObjectMetricSourceType: #MetricSourceType & "Object" - -// PodsMetricSourceType is a metric describing each pod in the current scale -// target (for example, transactions-processed-per-second). The values -// will be averaged together before being compared to the target value. -#PodsMetricSourceType: #MetricSourceType & "Pods" - -// ResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ResourceMetricSourceType: #MetricSourceType & "Resource" - -// ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as -// specified in requests and limits, describing a single container in each pod in the current -// scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available -// to normal per-pod metrics (the "pods" source). -#ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource" - -// ExternalMetricSourceType is a global metric that is not associated -// with any Kubernetes object. It allows autoscaling based on information -// coming from components running outside of cluster -// (for example length of queue in cloud messaging service, or -// QPS from loadbalancer running outside of cluster). -#ExternalMetricSourceType: #MetricSourceType & "External" - -// ObjectMetricSource indicates how to scale on a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricSource: { - // describedObject specifies the descriptions of a object,such as kind,name apiVersion - describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) - - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes) -} - -// PodsMetricSource indicates how to scale on a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -// The values will be averaged together before being compared to the target -// value. -#PodsMetricSource: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// ResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// ContainerResourceMetricSource indicates how to scale on a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). The values will be averaged -// together before being compared to the target. Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. Only one "target" type -// should be set. -#ContainerResourceMetricSource: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) - - // container is the name of the container in the pods of the scaling target - container: string @go(Container) @protobuf(3,bytes,opt) -} - -// ExternalMetricSource indicates how to scale on a metric not associated with -// any Kubernetes object (for example length of queue in cloud -// messaging service, or QPS from loadbalancer running outside of cluster). -#ExternalMetricSource: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // target specifies the target value for the given metric - target: #MetricTarget @go(Target) @protobuf(2,bytes) -} - -// MetricIdentifier defines the name and optionally selector for a metric -#MetricIdentifier: { - // name is the name of the given metric - name: string @go(Name) @protobuf(1,bytes) - - // selector is the string-encoded form of a standard kubernetes label selector for the given metric - // When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - // When unset, just the metricName will be used to gather metrics. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes) -} - -// MetricTarget defines the target value, average value, or average utilization of a specific metric -#MetricTarget: { - // type represents whether the metric type is Utilization, Value, or AverageValue - type: #MetricTargetType @go(Type) @protobuf(1,bytes) - - // value is the target value of the metric (as a quantity). - // +optional - value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt) - - // averageValue is the target value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt) - - // averageUtilization is the target value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // Currently only valid for Resource metric source type - // +optional - averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt) -} - -// MetricTargetType specifies the type of metric being targeted, and should be either -// "Value", "AverageValue", or "Utilization" -#MetricTargetType: string // #enumMetricTargetType - -#enumMetricTargetType: - #UtilizationMetricType | - #ValueMetricType | - #AverageValueMetricType - -// UtilizationMetricType declares a MetricTarget is an AverageUtilization value -#UtilizationMetricType: #MetricTargetType & "Utilization" - -// ValueMetricType declares a MetricTarget is a raw value -#ValueMetricType: #MetricTargetType & "Value" - -// AverageValueMetricType declares a MetricTarget is an -#AverageValueMetricType: #MetricTargetType & "AverageValue" - -// HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler. -#HorizontalPodAutoscalerStatus: { - // observedGeneration is the most recent generation observed by this autoscaler. - // +optional - observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt) - - // lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods, - // used by the autoscaler to control how often the number of pods is changed. - // +optional - lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt) - - // currentReplicas is current number of replicas of pods managed by this autoscaler, - // as last seen by the autoscaler. - // +optional - currentReplicas?: int32 @go(CurrentReplicas) @protobuf(3,varint,opt) - - // desiredReplicas is the desired number of replicas of pods managed by this autoscaler, - // as last calculated by the autoscaler. - desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt) - - // currentMetrics is the last read state of the metrics used by this autoscaler. - // +listType=atomic - // +optional - currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep) - - // conditions is the set of conditions required for this autoscaler to scale its target, - // and indicates whether or not those conditions are met. - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - // +optional - conditions?: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep) -} - -// HorizontalPodAutoscalerConditionType are the valid conditions of -// a HorizontalPodAutoscaler. -#HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType - -#enumHorizontalPodAutoscalerConditionType: - #ScalingActive | - #AbleToScale | - #ScalingLimited - -// ScalingActive indicates that the HPA controller is able to scale if necessary: -// it's correctly configured, can fetch the desired metrics, and isn't disabled. -#ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive" - -// AbleToScale indicates a lack of transient issues which prevent scaling from occurring, -// such as being in a backoff window, or being unable to access/update the target scale. -#AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale" - -// ScalingLimited indicates that the calculated scale based on metrics would be above or -// below the range for the HPA, and has thus been capped. -#ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited" - -// HorizontalPodAutoscalerCondition describes the state of -// a HorizontalPodAutoscaler at a certain point. -#HorizontalPodAutoscalerCondition: { - // type describes the current condition - type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes) - - // status is the status of the condition (True, False, Unknown) - status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes) - - // lastTransitionTime is the last time the condition transitioned from - // one status to another - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is the reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable explanation containing details about - // the transition - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// MetricStatus describes the last-read state of a single metric. -#MetricStatus: { - // type is the type of metric source. It will be one of "ContainerResource", "External", - // "Object", "Pods" or "Resource", each corresponds to a matching field in the object. - // Note: "ContainerResource" type is available on when the feature-gate - // HPAContainerMetrics is enabled - type: #MetricSourceType @go(Type) @protobuf(1,bytes) - - // object refers to a metric describing a single kubernetes object - // (for example, hits-per-second on an Ingress object). - // +optional - object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt) - - // pods refers to a metric describing each pod in the current scale target - // (for example, transactions-processed-per-second). The values will be - // averaged together before being compared to the target value. - // +optional - pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt) - - // resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt) - - // container resource refers to a resource metric (such as those specified in - // requests and limits) known to Kubernetes describing a single container in each pod in the - // current scale target (e.g. CPU or memory). Such metrics are built in to - // Kubernetes, and have special scaling options on top of those available - // to normal per-pod metrics using the "pods" source. - // +optional - containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt) - - // external refers to a global metric that is not associated - // with any Kubernetes object. It allows autoscaling based on information - // coming from components running outside of cluster - // (for example length of queue in cloud messaging service, or - // QPS from loadbalancer running outside of cluster). - // +optional - external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt) -} - -// ObjectMetricStatus indicates the current value of a metric describing a -// kubernetes object (for example, hits-per-second on an Ingress object). -#ObjectMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) - - // DescribedObject specifies the descriptions of a object,such as kind,name apiVersion - describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes) -} - -// PodsMetricStatus indicates the current value of a metric describing each pod in -// the current scale target (for example, transactions-processed-per-second). -#PodsMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// ResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// ContainerResourceMetricStatus indicates the current value of a resource metric known to -// Kubernetes, as specified in requests and limits, describing a single container in each pod in the -// current scale target (e.g. CPU or memory). Such metrics are built in to -// Kubernetes, and have special scaling options on top of those available to -// normal per-pod metrics using the "pods" source. -#ContainerResourceMetricStatus: { - // name is the name of the resource in question. - name: v1.#ResourceName @go(Name) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) - - // container is the name of the container in the pods of the scaling target - container: string @go(Container) @protobuf(3,bytes,opt) -} - -// ExternalMetricStatus indicates the current value of a global metric -// not associated with any Kubernetes object. -#ExternalMetricStatus: { - // metric identifies the target metric by name and selector - metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes) - - // current contains the current value for the given metric - current: #MetricValueStatus @go(Current) @protobuf(2,bytes) -} - -// MetricValueStatus holds the current value for a metric -#MetricValueStatus: { - // value is the current value of the metric (as a quantity). - // +optional - value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt) - - // averageValue is the current value of the average of the - // metric across all relevant pods (as a quantity) - // +optional - averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt) - - // currentAverageUtilization is the current value of the average of the - // resource metric across all relevant pods, represented as a percentage of - // the requested value of the resource for the pods. - // +optional - averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt) -} - -// HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects. -#HorizontalPodAutoscalerList: { - metav1.#TypeMeta - - // metadata is the standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of horizontal pod autoscaler objects. - items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue deleted file mode 100644 index 5c489087..00000000 --- a/test/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/batch/v1 - -package v1 - -#GroupName: "batch" diff --git a/test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue deleted file mode 100644 index 3cbdc66f..00000000 --- a/test/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue +++ /dev/null @@ -1,693 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/batch/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" -) - -// All Kubernetes labels need to be prefixed with Kubernetes to distinguish them from end-user labels -// More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions -_#labelPrefix: "batch.kubernetes.io/" - -// CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job. -// It records the original/expected scheduled timestamp for the running job, represented in RFC3339. -// The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled. -#CronJobScheduledTimestampAnnotation: "batch.kubernetes.io/cronjob-scheduled-timestamp" -#JobCompletionIndexAnnotation: "batch.kubernetes.io/job-completion-index" - -// JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from -// being deleted before being accounted in the Job status. -// -// Additionally, the apiserver and job controller use this string as a Job -// annotation, to mark Jobs that are being tracked using pod finalizers. -// However, this behavior is deprecated in kubernetes 1.26. This means that, in -// 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the -// apiserver and job controller will ignore this annotation and they will -// always track jobs using finalizers. -#JobTrackingFinalizer: "batch.kubernetes.io/job-tracking" - -// The Job labels will use batch.kubernetes.io as a prefix for all labels -// Historically the job controller uses unprefixed labels for job-name and controller-uid and -// Kubernetes continutes to recognize those unprefixed labels for consistency. -#JobNameLabel: "batch.kubernetes.io/job-name" - -// ControllerUid is used to programatically get pods corresponding to a Job. -// There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons. -#ControllerUidLabel: "batch.kubernetes.io/controller-uid" - -// Annotation indicating the number of failures for the index corresponding -// to the pod, which are counted towards the backoff limit. -#JobIndexFailureCountAnnotation: "batch.kubernetes.io/job-index-failure-count" - -// Annotation indicating the number of failures for the index corresponding -// to the pod, which don't count towards the backoff limit, according to the -// pod failure policy. When the annotation is absent zero is implied. -#JobIndexIgnoredFailureCountAnnotation: "batch.kubernetes.io/job-index-ignored-failure-count" - -// Job represents the configuration of a single job. -#Job: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) - - // Current status of a job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #JobStatus @go(Status) @protobuf(3,bytes,opt) -} - -// JobList is a collection of jobs. -#JobList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Jobs. - items: [...#Job] @go(Items,[]Job) @protobuf(2,bytes,rep) -} - -// CompletionMode specifies how Pod completions of a Job are tracked. -// +enum -#CompletionMode: string // #enumCompletionMode - -#enumCompletionMode: - #NonIndexedCompletion | - #IndexedCompletion - -// NonIndexedCompletion is a Job completion mode. In this mode, the Job is -// considered complete when there have been .spec.completions -// successfully completed Pods. Pod completions are homologous to each other. -#NonIndexedCompletion: #CompletionMode & "NonIndexed" - -// IndexedCompletion is a Job completion mode. In this mode, the Pods of a -// Job get an associated completion index from 0 to (.spec.completions - 1). -// The Job is considered complete when a Pod completes for each completion -// index. -#IndexedCompletion: #CompletionMode & "Indexed" - -// PodFailurePolicyAction specifies how a Pod failure is handled. -// +enum -#PodFailurePolicyAction: string // #enumPodFailurePolicyAction - -#enumPodFailurePolicyAction: - #PodFailurePolicyActionFailJob | - #PodFailurePolicyActionFailIndex | - #PodFailurePolicyActionIgnore | - #PodFailurePolicyActionCount - -// This is an action which might be taken on a pod failure - mark the -// pod's job as Failed and terminate all running pods. -#PodFailurePolicyActionFailJob: #PodFailurePolicyAction & "FailJob" - -// This is an action which might be taken on a pod failure - mark the -// Job's index as failed to avoid restarts within this index. This action -// can only be used when backoffLimitPerIndex is set. -#PodFailurePolicyActionFailIndex: #PodFailurePolicyAction & "FailIndex" - -// This is an action which might be taken on a pod failure - the counter towards -// .backoffLimit, represented by the job's .status.failed field, is not -// incremented and a replacement pod is created. -#PodFailurePolicyActionIgnore: #PodFailurePolicyAction & "Ignore" - -// This is an action which might be taken on a pod failure - the pod failure -// is handled in the default way - the counter towards .backoffLimit, -// represented by the job's .status.failed field, is incremented. -#PodFailurePolicyActionCount: #PodFailurePolicyAction & "Count" - -// +enum -#PodFailurePolicyOnExitCodesOperator: string // #enumPodFailurePolicyOnExitCodesOperator - -#enumPodFailurePolicyOnExitCodesOperator: - #PodFailurePolicyOnExitCodesOpIn | - #PodFailurePolicyOnExitCodesOpNotIn - -#PodFailurePolicyOnExitCodesOpIn: #PodFailurePolicyOnExitCodesOperator & "In" -#PodFailurePolicyOnExitCodesOpNotIn: #PodFailurePolicyOnExitCodesOperator & "NotIn" - -// PodReplacementPolicy specifies the policy for creating pod replacements. -// +enum -#PodReplacementPolicy: string // #enumPodReplacementPolicy - -#enumPodReplacementPolicy: - #TerminatingOrFailed | - #Failed - -// TerminatingOrFailed means that we recreate pods -// when they are terminating (has a metadata.deletionTimestamp) or failed. -#TerminatingOrFailed: #PodReplacementPolicy & "TerminatingOrFailed" - -// Failed means to wait until a previously created Pod is fully terminated (has phase -// Failed or Succeeded) before creating a replacement Pod. -#Failed: #PodReplacementPolicy & "Failed" - -// PodFailurePolicyOnExitCodesRequirement describes the requirement for handling -// a failed pod based on its container exit codes. In particular, it lookups the -// .state.terminated.exitCode for each app container and init container status, -// represented by the .status.containerStatuses and .status.initContainerStatuses -// fields in the Pod status, respectively. Containers completed with success -// (exit code 0) are excluded from the requirement check. -#PodFailurePolicyOnExitCodesRequirement: { - // Restricts the check for exit codes to the container with the - // specified name. When null, the rule applies to all containers. - // When specified, it should match one the container or initContainer - // names in the pod template. - // +optional - containerName?: null | string @go(ContainerName,*string) @protobuf(1,bytes,opt) - - // Represents the relationship between the container exit code(s) and the - // specified values. Containers completed with success (exit code 0) are - // excluded from the requirement check. Possible values are: - // - // - In: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is in the set of specified values. - // - NotIn: the requirement is satisfied if at least one container exit code - // (might be multiple if there are multiple containers not restricted - // by the 'containerName' field) is not in the set of specified values. - // Additional values are considered to be added in the future. Clients should - // react to an unknown operator by assuming the requirement is not satisfied. - operator: #PodFailurePolicyOnExitCodesOperator @go(Operator) @protobuf(2,bytes,req) - - // Specifies the set of values. Each returned container exit code (might be - // multiple in case of multiple containers) is checked against this set of - // values with respect to the operator. The list of values must be ordered - // and must not contain duplicates. Value '0' cannot be used for the In operator. - // At least one element is required. At most 255 elements are allowed. - // +listType=set - values: [...int32] @go(Values,[]int32) @protobuf(3,varint,rep) -} - -// PodFailurePolicyOnPodConditionsPattern describes a pattern for matching -// an actual pod condition type. -#PodFailurePolicyOnPodConditionsPattern: { - // Specifies the required Pod condition type. To match a pod condition - // it is required that specified type equals the pod condition type. - type: corev1.#PodConditionType @go(Type) @protobuf(1,bytes,req) - - // Specifies the required Pod condition status. To match a pod condition - // it is required that the specified status equals the pod condition status. - // Defaults to True. - status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,req) -} - -// PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. -// One of onExitCodes and onPodConditions, but not both, can be used in each rule. -#PodFailurePolicyRule: { - // Specifies the action taken on a pod failure when the requirements are satisfied. - // Possible values are: - // - // - FailJob: indicates that the pod's job is marked as Failed and all - // running pods are terminated. - // - FailIndex: indicates that the pod's index is marked as Failed and will - // not be restarted. - // This value is alpha-level. It can be used when the - // `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default). - // - Ignore: indicates that the counter towards the .backoffLimit is not - // incremented and a replacement pod is created. - // - Count: indicates that the pod is handled in the default way - the - // counter towards the .backoffLimit is incremented. - // Additional values are considered to be added in the future. Clients should - // react to an unknown action by skipping the rule. - action: #PodFailurePolicyAction @go(Action) @protobuf(1,bytes,req) - - // Represents the requirement on the container exit codes. - // +optional - onExitCodes?: null | #PodFailurePolicyOnExitCodesRequirement @go(OnExitCodes,*PodFailurePolicyOnExitCodesRequirement) @protobuf(2,bytes,opt) - - // Represents the requirement on the pod conditions. The requirement is represented - // as a list of pod condition patterns. The requirement is satisfied if at - // least one pattern matches an actual pod condition. At most 20 elements are allowed. - // +listType=atomic - // +optional - onPodConditions: [...#PodFailurePolicyOnPodConditionsPattern] @go(OnPodConditions,[]PodFailurePolicyOnPodConditionsPattern) @protobuf(3,bytes,opt) -} - -// PodFailurePolicy describes how failed pods influence the backoffLimit. -#PodFailurePolicy: { - // A list of pod failure policy rules. The rules are evaluated in order. - // Once a rule matches a Pod failure, the remaining of the rules are ignored. - // When no rule matches the Pod failure, the default handling applies - the - // counter of pod failures is incremented and it is checked against - // the backoffLimit. At most 20 elements are allowed. - // +listType=atomic - rules: [...#PodFailurePolicyRule] @go(Rules,[]PodFailurePolicyRule) @protobuf(1,bytes,opt) -} - -// JobSpec describes how the job execution will look like. -#JobSpec: { - // Specifies the maximum desired number of pods the job should - // run at any given time. The actual number of pods running in steady state will - // be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), - // i.e. when the work left to do is less than max parallelism. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - parallelism?: null | int32 @go(Parallelism,*int32) @protobuf(1,varint,opt) - - // Specifies the desired number of successfully finished pods the - // job should be run with. Setting to null means that the success of any - // pod signals the success of all pods, and allows parallelism to have any positive - // value. Setting to 1 means that parallelism is limited to 1 and the success of that - // pod signals the success of the job. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - completions?: null | int32 @go(Completions,*int32) @protobuf(2,varint,opt) - - // Specifies the duration in seconds relative to the startTime that the job - // may be continuously active before the system tries to terminate it; value - // must be positive integer. If a Job is suspended (at creation or through an - // update), this timer will effectively be stopped and reset when the Job is - // resumed again. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(3,varint,opt) - - // Specifies the policy of handling failed pods. In particular, it allows to - // specify the set of actions and conditions which need to be - // satisfied to take the associated action. - // If empty, the default behaviour applies - the counter of failed pods, - // represented by the jobs's .status.failed field, is incremented and it is - // checked against the backoffLimit. This field cannot be used in combination - // with restartPolicy=OnFailure. - // - // This field is beta-level. It can be used when the `JobPodFailurePolicy` - // feature gate is enabled (enabled by default). - // +optional - podFailurePolicy?: null | #PodFailurePolicy @go(PodFailurePolicy,*PodFailurePolicy) @protobuf(11,bytes,opt) - - // Specifies the number of retries before marking this job failed. - // Defaults to 6 - // +optional - backoffLimit?: null | int32 @go(BackoffLimit,*int32) @protobuf(7,varint,opt) - - // Specifies the limit for the number of retries within an - // index before marking this index as failed. When enabled the number of - // failures per index is kept in the pod's - // batch.kubernetes.io/job-index-failure-count annotation. It can only - // be set when Job's completionMode=Indexed, and the Pod's restart - // policy is Never. The field is immutable. - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - backoffLimitPerIndex?: null | int32 @go(BackoffLimitPerIndex,*int32) @protobuf(12,varint,opt) - - // Specifies the maximal number of failed indexes before marking the Job as - // failed, when backoffLimitPerIndex is set. Once the number of failed - // indexes exceeds this number the entire Job is marked as Failed and its - // execution is terminated. When left as null the job continues execution of - // all of its indexes and is marked with the `Complete` Job condition. - // It can only be specified when backoffLimitPerIndex is set. - // It can be null or up to completions. It is required and must be - // less than or equal to 10^4 when is completions greater than 10^5. - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - maxFailedIndexes?: null | int32 @go(MaxFailedIndexes,*int32) @protobuf(13,varint,opt) - - // A label query over pods that should match the pod count. - // Normally, the system sets this field for you. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // manualSelector controls generation of pod labels and pod selectors. - // Leave `manualSelector` unset unless you are certain what you are doing. - // When false or unset, the system pick labels unique to this job - // and appends those labels to the pod template. When true, - // the user is responsible for picking unique labels and specifying - // the selector. Failure to pick a unique label may cause this - // and other jobs to not function correctly. However, You may see - // `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` - // API. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector - // +optional - manualSelector?: null | bool @go(ManualSelector,*bool) @protobuf(5,varint,opt) - - // Describes the pod that will be created when executing a job. - // The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - template: corev1.#PodTemplateSpec @go(Template) @protobuf(6,bytes,opt) - - // ttlSecondsAfterFinished limits the lifetime of a Job that has finished - // execution (either Complete or Failed). If this field is set, - // ttlSecondsAfterFinished after the Job finishes, it is eligible to be - // automatically deleted. When the Job is being deleted, its lifecycle - // guarantees (e.g. finalizers) will be honored. If this field is unset, - // the Job won't be automatically deleted. If this field is set to zero, - // the Job becomes eligible to be deleted immediately after it finishes. - // +optional - ttlSecondsAfterFinished?: null | int32 @go(TTLSecondsAfterFinished,*int32) @protobuf(8,varint,opt) - - // completionMode specifies how Pod completions are tracked. It can be - // `NonIndexed` (default) or `Indexed`. - // - // `NonIndexed` means that the Job is considered complete when there have - // been .spec.completions successfully completed Pods. Each Pod completion is - // homologous to each other. - // - // `Indexed` means that the Pods of a - // Job get an associated completion index from 0 to (.spec.completions - 1), - // available in the annotation batch.kubernetes.io/job-completion-index. - // The Job is considered complete when there is one successfully completed Pod - // for each index. - // When value is `Indexed`, .spec.completions must be specified and - // `.spec.parallelism` must be less than or equal to 10^5. - // In addition, The Pod name takes the form - // `$(job-name)-$(index)-$(random-string)`, - // the Pod hostname takes the form `$(job-name)-$(index)`. - // - // More completion modes can be added in the future. - // If the Job controller observes a mode that it doesn't recognize, which - // is possible during upgrades due to version skew, the controller - // skips updates for the Job. - // +optional - completionMode?: null | #CompletionMode @go(CompletionMode,*CompletionMode) @protobuf(9,bytes,opt,casttype=CompletionMode) - - // suspend specifies whether the Job controller should create Pods or not. If - // a Job is created with suspend set to true, no Pods are created by the Job - // controller. If a Job is suspended after creation (i.e. the flag goes from - // false to true), the Job controller will delete all active Pods associated - // with this Job. Users must design their workload to gracefully handle this. - // Suspending a Job will reset the StartTime field of the Job, effectively - // resetting the ActiveDeadlineSeconds timer too. Defaults to false. - // - // +optional - suspend?: null | bool @go(Suspend,*bool) @protobuf(10,varint,opt) - - // podReplacementPolicy specifies when to create replacement Pods. - // Possible values are: - // - TerminatingOrFailed means that we recreate pods - // when they are terminating (has a metadata.deletionTimestamp) or failed. - // - Failed means to wait until a previously created Pod is fully terminated (has phase - // Failed or Succeeded) before creating a replacement Pod. - // - // When using podFailurePolicy, Failed is the the only allowed value. - // TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. - // This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field. - // +optional - podReplacementPolicy?: null | #PodReplacementPolicy @go(PodReplacementPolicy,*PodReplacementPolicy) @protobuf(14,bytes,opt,casttype=podReplacementPolicy) -} - -// JobStatus represents the current state of a Job. -#JobStatus: { - // The latest available observations of an object's current state. When a Job - // fails, one of the conditions will have type "Failed" and status true. When - // a Job is suspended, one of the conditions will have type "Suspended" and - // status true; when the Job is resumed, the status of this condition will - // become false. When a Job is completed, one of the conditions will have - // type "Complete" and status true. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=atomic - conditions?: [...#JobCondition] @go(Conditions,[]JobCondition) @protobuf(1,bytes,rep) - - // Represents time when the job controller started processing a job. When a - // Job is created in the suspended state, this field is not set until the - // first time it is resumed. This field is reset every time a Job is resumed - // from suspension. It is represented in RFC3339 form and is in UTC. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(2,bytes,opt) - - // Represents time when the job was completed. It is not guaranteed to - // be set in happens-before order across separate operations. - // It is represented in RFC3339 form and is in UTC. - // The completion time is only set when the job finishes successfully. - // +optional - completionTime?: null | metav1.#Time @go(CompletionTime,*metav1.Time) @protobuf(3,bytes,opt) - - // The number of pending and running pods. - // +optional - active?: int32 @go(Active) @protobuf(4,varint,opt) - - // The number of pods which reached phase Succeeded. - // +optional - succeeded?: int32 @go(Succeeded) @protobuf(5,varint,opt) - - // The number of pods which reached phase Failed. - // +optional - failed?: int32 @go(Failed) @protobuf(6,varint,opt) - - // The number of pods which are terminating (in phase Pending or Running - // and have a deletionTimestamp). - // - // This field is alpha-level. The job controller populates the field when - // the feature gate JobPodReplacementPolicy is enabled (disabled by default). - // +optional - terminating?: null | int32 @go(Terminating,*int32) @protobuf(11,varint,opt) - - // completedIndexes holds the completed indexes when .spec.completionMode = - // "Indexed" in a text format. The indexes are represented as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the completed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // +optional - completedIndexes?: string @go(CompletedIndexes) @protobuf(7,bytes,opt) - - // FailedIndexes holds the failed indexes when backoffLimitPerIndex=true. - // The indexes are represented in the text format analogous as for the - // `completedIndexes` field, ie. they are kept as decimal integers - // separated by commas. The numbers are listed in increasing order. Three or - // more consecutive numbers are compressed and represented by the first and - // last element of the series, separated by a hyphen. - // For example, if the failed indexes are 1, 3, 4, 5 and 7, they are - // represented as "1,3-5,7". - // This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` - // feature gate is enabled (disabled by default). - // +optional - failedIndexes?: null | string @go(FailedIndexes,*string) @protobuf(10,bytes,opt) - - // uncountedTerminatedPods holds the UIDs of Pods that have terminated but - // the job controller hasn't yet accounted for in the status counters. - // - // The job controller creates pods with a finalizer. When a pod terminates - // (succeeded or failed), the controller does three steps to account for it - // in the job status: - // - // 1. Add the pod UID to the arrays in this field. - // 2. Remove the pod finalizer. - // 3. Remove the pod UID from the arrays while increasing the corresponding - // counter. - // - // Old jobs might not be tracked using this field, in which case the field - // remains null. - // +optional - uncountedTerminatedPods?: null | #UncountedTerminatedPods @go(UncountedTerminatedPods,*UncountedTerminatedPods) @protobuf(8,bytes,opt) - - // The number of pods which have a Ready condition. - // - // This field is beta-level. The job controller populates the field when - // the feature gate JobReadyPods is enabled (enabled by default). - // +optional - ready?: null | int32 @go(Ready,*int32) @protobuf(9,varint,opt) -} - -// UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't -// been accounted in Job status counters. -#UncountedTerminatedPods: { - // succeeded holds UIDs of succeeded Pods. - // +listType=set - // +optional - succeeded?: [...types.#UID] @go(Succeeded,[]types.UID) @protobuf(1,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) - - // failed holds UIDs of failed Pods. - // +listType=set - // +optional - failed?: [...types.#UID] @go(Failed,[]types.UID) @protobuf(2,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -#JobConditionType: string // #enumJobConditionType - -#enumJobConditionType: - #JobSuspended | - #JobComplete | - #JobFailed | - #JobFailureTarget - -// JobSuspended means the job has been suspended. -#JobSuspended: #JobConditionType & "Suspended" - -// JobComplete means the job has completed its execution. -#JobComplete: #JobConditionType & "Complete" - -// JobFailed means the job has failed its execution. -#JobFailed: #JobConditionType & "Failed" - -// FailureTarget means the job is about to fail its execution. -#JobFailureTarget: #JobConditionType & "FailureTarget" - -// JobCondition describes current state of a job. -#JobCondition: { - // Type of job condition, Complete or Failed. - type: #JobConditionType @go(Type) @protobuf(1,bytes,opt,casttype=JobConditionType) - - // Status of the condition, one of True, False, Unknown. - status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // Last time the condition was checked. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// JobTemplateSpec describes the data a Job should have when created from a template -#JobTemplateSpec: { - // Standard object's metadata of the jobs created from this template. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CronJob represents the configuration of a single cron job. -#CronJob: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of a cron job, including the schedule. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #CronJobSpec @go(Spec) @protobuf(2,bytes,opt) - - // Current status of a cron job. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #CronJobStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CronJobList is a collection of cron jobs. -#CronJobList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CronJobs. - items: [...#CronJob] @go(Items,[]CronJob) @protobuf(2,bytes,rep) -} - -// CronJobSpec describes how the job execution will look like and when it will actually run. -#CronJobSpec: { - // The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. - schedule: string @go(Schedule) @protobuf(1,bytes,opt) - - // The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - // If not specified, this will default to the time zone of the kube-controller-manager process. - // The set of valid time zone names and the time zone offset is loaded from the system-wide time zone - // database by the API server during CronJob validation and the controller manager during execution. - // If no system-wide time zone database can be found a bundled version of the database is used instead. - // If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host - // configuration, the controller will stop creating new new Jobs and will create a system event with the - // reason UnknownTimeZone. - // More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - // +optional - timeZone?: null | string @go(TimeZone,*string) @protobuf(8,bytes,opt) - - // Optional deadline in seconds for starting the job if it misses scheduled - // time for any reason. Missed jobs executions will be counted as failed ones. - // +optional - startingDeadlineSeconds?: null | int64 @go(StartingDeadlineSeconds,*int64) @protobuf(2,varint,opt) - - // Specifies how to treat concurrent executions of a Job. - // Valid values are: - // - // - "Allow" (default): allows CronJobs to run concurrently; - // - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet; - // - "Replace": cancels currently running job and replaces it with a new one - // +optional - concurrencyPolicy?: #ConcurrencyPolicy @go(ConcurrencyPolicy) @protobuf(3,bytes,opt,casttype=ConcurrencyPolicy) - - // This flag tells the controller to suspend subsequent executions, it does - // not apply to already started executions. Defaults to false. - // +optional - suspend?: null | bool @go(Suspend,*bool) @protobuf(4,varint,opt) - - // Specifies the job that will be created when executing a CronJob. - jobTemplate: #JobTemplateSpec @go(JobTemplate) @protobuf(5,bytes,opt) - - // The number of successful finished jobs to retain. Value must be non-negative integer. - // Defaults to 3. - // +optional - successfulJobsHistoryLimit?: null | int32 @go(SuccessfulJobsHistoryLimit,*int32) @protobuf(6,varint,opt) - - // The number of failed finished jobs to retain. Value must be non-negative integer. - // Defaults to 1. - // +optional - failedJobsHistoryLimit?: null | int32 @go(FailedJobsHistoryLimit,*int32) @protobuf(7,varint,opt) -} - -// ConcurrencyPolicy describes how the job will be handled. -// Only one of the following concurrent policies may be specified. -// If none of the following policies is specified, the default one -// is AllowConcurrent. -// +enum -#ConcurrencyPolicy: string // #enumConcurrencyPolicy - -#enumConcurrencyPolicy: - #AllowConcurrent | - #ForbidConcurrent | - #ReplaceConcurrent - -// AllowConcurrent allows CronJobs to run concurrently. -#AllowConcurrent: #ConcurrencyPolicy & "Allow" - -// ForbidConcurrent forbids concurrent runs, skipping next run if previous -// hasn't finished yet. -#ForbidConcurrent: #ConcurrencyPolicy & "Forbid" - -// ReplaceConcurrent cancels currently running job and replaces it with a new one. -#ReplaceConcurrent: #ConcurrencyPolicy & "Replace" - -// CronJobStatus represents the current state of a cron job. -#CronJobStatus: { - // A list of pointers to currently running jobs. - // +optional - // +listType=atomic - active?: [...corev1.#ObjectReference] @go(Active,[]corev1.ObjectReference) @protobuf(1,bytes,rep) - - // Information when was the last time the job was successfully scheduled. - // +optional - lastScheduleTime?: null | metav1.#Time @go(LastScheduleTime,*metav1.Time) @protobuf(4,bytes,opt) - - // Information when was the last time the job successfully completed. - // +optional - lastSuccessfulTime?: null | metav1.#Time @go(LastSuccessfulTime,*metav1.Time) @protobuf(5,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue deleted file mode 100644 index f2ce3436..00000000 --- a/test/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/certificates/v1 - -package v1 - -#GroupName: "certificates.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue deleted file mode 100644 index 401ca5c9..00000000 --- a/test/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue +++ /dev/null @@ -1,318 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/certificates/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" -) - -// CertificateSigningRequest objects provide a mechanism to obtain x509 certificates -// by submitting a certificate signing request, and having it asynchronously approved and issued. -// -// Kubelets use this API to obtain: -// 1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName). -// 2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName). -// -// This API can be used to request client certificates to authenticate to kube-apiserver -// (with the "kubernetes.io/kube-apiserver-client" signerName), -// or to obtain certificates from custom non-Kubernetes signers. -#CertificateSigningRequest: { - metav1.#TypeMeta - - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec contains the certificate request, and is immutable after creation. - // Only the request, signerName, expirationSeconds, and usages fields can be set on creation. - // Other fields are derived by Kubernetes and cannot be modified by users. - spec: #CertificateSigningRequestSpec @go(Spec) @protobuf(2,bytes,opt) - - // status contains information about whether the request is approved or denied, - // and the certificate issued by the signer, or the failure condition indicating signer failure. - // +optional - status?: #CertificateSigningRequestStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CertificateSigningRequestSpec contains the certificate request. -#CertificateSigningRequestSpec: { - // request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block. - // When serialized as JSON or YAML, the data is additionally base64-encoded. - // +listType=atomic - request: bytes @go(Request,[]byte) @protobuf(1,bytes,opt) - - // signerName indicates the requested signer, and is a qualified name. - // - // List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector. - // - // Well-known Kubernetes signers are: - // 1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver. - // Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager. - // 2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver. - // Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // 3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely. - // Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager. - // - // More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers - // - // Custom signerNames can also be specified. The signer defines: - // 1. Trust distribution: how trust (CA bundles) are distributed. - // 2. Permitted subjects: and behavior when a disallowed subject is requested. - // 3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested. - // 4. Required, permitted, or forbidden key usages / extended key usages. - // 5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin. - // 6. Whether or not requests for CA certificates are allowed. - signerName: string @go(SignerName) @protobuf(7,bytes,opt) - - // expirationSeconds is the requested duration of validity of the issued - // certificate. The certificate signer may issue a certificate with a different - // validity duration so a client must check the delta between the notBefore and - // and notAfter fields in the issued certificate to determine the actual duration. - // - // The v1.22+ in-tree implementations of the well-known Kubernetes signers will - // honor this field as long as the requested duration is not greater than the - // maximum duration they will honor per the --cluster-signing-duration CLI - // flag to the Kubernetes controller manager. - // - // Certificate signers may not honor this field for various reasons: - // - // 1. Old signer that is unaware of the field (such as the in-tree - // implementations prior to v1.22) - // 2. Signer whose configured maximum is shorter than the requested duration - // 3. Signer whose configured minimum is longer than the requested duration - // - // The minimum valid value for expirationSeconds is 600, i.e. 10 minutes. - // - // +optional - expirationSeconds?: null | int32 @go(ExpirationSeconds,*int32) @protobuf(8,varint,opt) - - // usages specifies a set of key usages requested in the issued certificate. - // - // Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth". - // - // Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth". - // - // Valid values are: - // "signing", "digital signature", "content commitment", - // "key encipherment", "key agreement", "data encipherment", - // "cert sign", "crl sign", "encipher only", "decipher only", "any", - // "server auth", "client auth", - // "code signing", "email protection", "s/mime", - // "ipsec end system", "ipsec tunnel", "ipsec user", - // "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc" - // +listType=atomic - usages?: [...#KeyUsage] @go(Usages,[]KeyUsage) @protobuf(5,bytes,opt) - - // username contains the name of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - username?: string @go(Username) @protobuf(2,bytes,opt) - - // uid contains the uid of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - uid?: string @go(UID) @protobuf(3,bytes,opt) - - // groups contains group membership of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +listType=atomic - // +optional - groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep) - - // extra contains extra attributes of the user that created the CertificateSigningRequest. - // Populated by the API server on creation and immutable. - // +optional - extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(6,bytes,rep) -} - -// "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver. -// Never auto-approved by kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeAPIServerClientSignerName: "kubernetes.io/kube-apiserver-client" - -// "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver. -// Can be auto-approved by the "csrapproving" controller in kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeAPIServerClientKubeletSignerName: "kubernetes.io/kube-apiserver-client-kubelet" - -// "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, -// which kube-apiserver can connect to securely. -// Never auto-approved by kube-controller-manager. -// Can be issued by the "csrsigning" controller in kube-controller-manager. -#KubeletServingSignerName: "kubernetes.io/kubelet-serving" - -// ExtraValue masks the value so protobuf can generate -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#ExtraValue: [...string] - -// CertificateSigningRequestStatus contains conditions used to indicate -// approved/denied/failed status of the request, and the issued certificate. -#CertificateSigningRequestStatus: { - // conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed". - // +listType=map - // +listMapKey=type - // +optional - conditions?: [...#CertificateSigningRequestCondition] @go(Conditions,[]CertificateSigningRequestCondition) @protobuf(1,bytes,rep) - - // certificate is populated with an issued certificate by the signer after an Approved condition is present. - // This field is set via the /status subresource. Once populated, this field is immutable. - // - // If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty. - // If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty. - // - // Validation requirements: - // 1. certificate must contain one or more PEM blocks. - // 2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data - // must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280. - // 3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated, - // to allow for explanatory text as described in section 5.2 of RFC7468. - // - // If more than one PEM block is present, and the definition of the requested spec.signerName - // does not indicate otherwise, the first block is the issued certificate, - // and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes. - // - // The certificate is encoded in PEM format. - // - // When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of: - // - // base64( - // -----BEGIN CERTIFICATE----- - // ... - // -----END CERTIFICATE----- - // ) - // - // +listType=atomic - // +optional - certificate?: bytes @go(Certificate,[]byte) @protobuf(2,bytes,opt) -} - -// RequestConditionType is the type of a CertificateSigningRequestCondition -#RequestConditionType: string // #enumRequestConditionType - -#enumRequestConditionType: - #CertificateApproved | - #CertificateDenied | - #CertificateFailed - -// Approved indicates the request was approved and should be issued by the signer. -#CertificateApproved: #RequestConditionType & "Approved" - -// Denied indicates the request was denied and should not be issued by the signer. -#CertificateDenied: #RequestConditionType & "Denied" - -// Failed indicates the signer failed to issue the certificate. -#CertificateFailed: #RequestConditionType & "Failed" - -// CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object -#CertificateSigningRequestCondition: { - // type of the condition. Known conditions are "Approved", "Denied", and "Failed". - // - // An "Approved" condition is added via the /approval subresource, - // indicating the request was approved and should be issued by the signer. - // - // A "Denied" condition is added via the /approval subresource, - // indicating the request was denied and should not be issued by the signer. - // - // A "Failed" condition is added via the /status subresource, - // indicating the signer failed to issue the certificate. - // - // Approved and Denied conditions are mutually exclusive. - // Approved, Denied, and Failed conditions cannot be removed once added. - // - // Only one condition of a given type is allowed. - type: #RequestConditionType @go(Type) @protobuf(1,bytes,opt,casttype=RequestConditionType) - - // status of the condition, one of True, False, Unknown. - // Approved, Denied, and Failed conditions may not be "False" or "Unknown". - status: v1.#ConditionStatus @go(Status) @protobuf(6,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) - - // reason indicates a brief reason for the request state - // +optional - reason?: string @go(Reason) @protobuf(2,bytes,opt) - - // message contains a human readable message with details about the request state - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // lastUpdateTime is the time of the last update to this condition - // +optional - lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(4,bytes,opt) - - // lastTransitionTime is the time the condition last transitioned from one status to another. - // If unset, when a new condition type is added or an existing condition's status is changed, - // the server defaults this to the current time. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(5,bytes,opt) -} - -// CertificateSigningRequestList is a collection of CertificateSigningRequest objects -#CertificateSigningRequestList: { - metav1.#TypeMeta - - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a collection of CertificateSigningRequest objects - items: [...#CertificateSigningRequest] @go(Items,[]CertificateSigningRequest) @protobuf(2,bytes,rep) -} - -// KeyUsage specifies valid usage contexts for keys. -// See: -// -// https://tools.ietf.org/html/rfc5280#section-4.2.1.3 -// https://tools.ietf.org/html/rfc5280#section-4.2.1.12 -// -// +enum -#KeyUsage: string // #enumKeyUsage - -#enumKeyUsage: - #UsageSigning | - #UsageDigitalSignature | - #UsageContentCommitment | - #UsageKeyEncipherment | - #UsageKeyAgreement | - #UsageDataEncipherment | - #UsageCertSign | - #UsageCRLSign | - #UsageEncipherOnly | - #UsageDecipherOnly | - #UsageAny | - #UsageServerAuth | - #UsageClientAuth | - #UsageCodeSigning | - #UsageEmailProtection | - #UsageSMIME | - #UsageIPsecEndSystem | - #UsageIPsecTunnel | - #UsageIPsecUser | - #UsageTimestamping | - #UsageOCSPSigning | - #UsageMicrosoftSGC | - #UsageNetscapeSGC - -#UsageSigning: #KeyUsage & "signing" -#UsageDigitalSignature: #KeyUsage & "digital signature" -#UsageContentCommitment: #KeyUsage & "content commitment" -#UsageKeyEncipherment: #KeyUsage & "key encipherment" -#UsageKeyAgreement: #KeyUsage & "key agreement" -#UsageDataEncipherment: #KeyUsage & "data encipherment" -#UsageCertSign: #KeyUsage & "cert sign" -#UsageCRLSign: #KeyUsage & "crl sign" -#UsageEncipherOnly: #KeyUsage & "encipher only" -#UsageDecipherOnly: #KeyUsage & "decipher only" -#UsageAny: #KeyUsage & "any" -#UsageServerAuth: #KeyUsage & "server auth" -#UsageClientAuth: #KeyUsage & "client auth" -#UsageCodeSigning: #KeyUsage & "code signing" -#UsageEmailProtection: #KeyUsage & "email protection" -#UsageSMIME: #KeyUsage & "s/mime" -#UsageIPsecEndSystem: #KeyUsage & "ipsec end system" -#UsageIPsecTunnel: #KeyUsage & "ipsec tunnel" -#UsageIPsecUser: #KeyUsage & "ipsec user" -#UsageTimestamping: #KeyUsage & "timestamping" -#UsageOCSPSigning: #KeyUsage & "ocsp signing" -#UsageMicrosoftSGC: #KeyUsage & "microsoft sgc" -#UsageNetscapeSGC: #KeyUsage & "netscape sgc" diff --git a/test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue deleted file mode 100644 index d0a257d5..00000000 --- a/test/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/coordination/v1 - -package v1 - -#GroupName: "coordination.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue deleted file mode 100644 index de2c7412..00000000 --- a/test/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue +++ /dev/null @@ -1,61 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/coordination/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -// Lease defines a lease concept. -#Lease: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec contains the specification of the Lease. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LeaseSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LeaseSpec is a specification of a Lease. -#LeaseSpec: { - // holderIdentity contains the identity of the holder of a current lease. - // +optional - holderIdentity?: null | string @go(HolderIdentity,*string) @protobuf(1,bytes,opt) - - // leaseDurationSeconds is a duration that candidates for a lease need - // to wait to force acquire it. This is measure against time of last - // observed renewTime. - // +optional - leaseDurationSeconds?: null | int32 @go(LeaseDurationSeconds,*int32) @protobuf(2,varint,opt) - - // acquireTime is a time when the current lease was acquired. - // +optional - acquireTime?: null | metav1.#MicroTime @go(AcquireTime,*metav1.MicroTime) @protobuf(3,bytes,opt) - - // renewTime is a time when the current holder of a lease has last - // updated the lease. - // +optional - renewTime?: null | metav1.#MicroTime @go(RenewTime,*metav1.MicroTime) @protobuf(4,bytes,opt) - - // leaseTransitions is the number of transitions of a lease between - // holders. - // +optional - leaseTransitions?: null | int32 @go(LeaseTransitions,*int32) @protobuf(5,varint,opt) -} - -// LeaseList is a list of Lease objects. -#LeaseList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#Lease] @go(Items,[]Lease) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue deleted file mode 100644 index 3a302790..00000000 --- a/test/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue +++ /dev/null @@ -1,147 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy -// webhook backend fails. -#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" - -// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods -#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" - -// TolerationsAnnotationKey represents the key of tolerations data (json serialized) -// in the Annotations of a Pod. -#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" - -// TaintsAnnotationKey represents the key of taints data (json serialized) -// in the Annotations of a Node. -#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" - -// SeccompPodAnnotationKey represents the key of a seccomp profile applied -// to all containers of a pod. -// Deprecated: set a pod security context `seccompProfile` field. -#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" - -// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied -// to one container of a pod. -// Deprecated: set a container security context `seccompProfile` field. -#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" - -// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#SeccompProfileRuntimeDefault: "runtime/default" - -// SeccompProfileNameUnconfined is the unconfined seccomp profile. -#SeccompProfileNameUnconfined: "unconfined" - -// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. -#SeccompLocalhostProfileNamePrefix: "localhost/" - -// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. -#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" - -// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. -#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" - -// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. -#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" - -// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. -#AppArmorBetaProfileRuntimeDefault: "runtime/default" - -// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. -#AppArmorBetaProfileNamePrefix: "localhost/" - -// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile -#AppArmorBetaProfileNameUnconfined: "unconfined" - -// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. -// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. -#DeprecatedSeccompProfileDockerDefault: "docker/default" - -// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) -// in the Annotations of a Node. -#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" - -// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache -// an object (e.g. secret, config map) before fetching it again from apiserver. -// This annotation can be attached to node. -#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" - -// annotation key prefix used to identify non-convertible json paths. -#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" -_#kubectlPrefix: "kubectl.kubernetes.io/" - -// LastAppliedConfigAnnotation is the annotation used to store the previous -// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. -#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" - -// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers -// -// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to -// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow -// access only from the CIDRs currently allocated to MIT & the USPS. -// -// Not all cloud providers support this annotation, though AWS & GCE do. -#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" - -// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that -// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') -// of the last change, of some Pod or Service object, that triggered the endpoints object change. -// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints -// controller at T1, and the Endpoints object was changed at T2, the -// EndpointsLastChangeTriggerTime would be set to T0. -// -// The "endpoints change trigger" here means any Pod or Service change that resulted in the -// Endpoints object change. -// -// Given the definition of the "endpoints change trigger", please note that this annotation will -// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the -// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's -// already set). -// -// This annotation will be used to compute the in-cluster network programming latency SLI, see -// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md -#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" - -// EndpointsOverCapacity will be set on an Endpoints resource when it -// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints -// controller will set this annotation with a value of "warning". In a -// future release, the controller may set this annotation with a value of -// "truncated" to indicate that any addresses exceeding the limit of 1000 -// have been truncated from the Endpoints resource. -#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" - -// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated -// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. -// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or -// CSI Backend for a volume plugin on a specific node. -#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" - -// PodDeletionCost can be used to set to an int32 that represent the cost of deleting -// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower -// deletion cost are preferred to be deleted before pods with higher deletion cost. -// Note that this is honored on a best-effort basis, and so it does not offer guarantees on -// pod deletion order. -// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. -// -// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. -#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" - -// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable -// Topology Aware Hints for a Service. This may be set to "Auto" or -// "Disabled". Any other value is treated as "Disabled". This annotation has -// been deprecated in favor of the "service.kubernetes.io/topology-mode" -// annotation. -#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" - -// AnnotationTopologyMode can be used to enable or disable Topology Aware -// Routing for a Service. Well known values are "Auto" and "Disabled". -// Implementations may choose to develop new topology approaches, exposing -// them with domain-prefixed values. For example, "example.com/lowest-rtt" -// could be a valid implementation-specific value for this annotation. These -// heuristics will often populate topology hints on EndpointSlices, but that -// is not a requirement. -#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue deleted file mode 100644 index 2bf1afce..00000000 --- a/test/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -// Package v1 is the v1 version of the core API. -package v1 diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue deleted file mode 100644 index 29c24abc..00000000 --- a/test/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#GroupName: "" diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue deleted file mode 100644 index d87edcff..00000000 --- a/test/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue +++ /dev/null @@ -1,7617 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/api/resource" - "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/apimachinery/pkg/types" -) - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) -#NamespaceNodeLease: "kube-node-lease" - -// Volume represents a named volume in a pod that may be accessed by any container in the pod. -#Volume: { - // name of the volume. - // Must be a DNS_LABEL and unique within the pod. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - name: string @go(Name) @protobuf(1,bytes,opt) - - #VolumeSource -} - -// Represents the source of a volume to mount. -// Only one of its members may be specified. -#VolumeSource: { - // hostPath represents a pre-existing file or directory on the host - // machine that is directly exposed to the container. This is generally - // used for system agents or other privileged things that are allowed - // to see the host machine. Most containers will NOT need this. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // --- - // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - // mount host directories as read/write. - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) - - // emptyDir represents a temporary directory that shares a pod's lifetime. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) - - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) - - // gitRepo represents a git repository at a particular revision. - // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - // into the Pod's container. - // +optional - gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) - - // secret represents a secret that should populate this volume. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) - - // nfs represents an NFS mount on the host that shares a pod's lifetime - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://examples.k8s.io/volumes/iscsi/README.md - // +optional - iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) - - // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) - - // persistentVolumeClaimVolumeSource represents a reference to a - // PersistentVolumeClaim in the same namespace. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) - - // downwardAPI represents downward API about the pod that should populate this volume - // +optional - downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) - - // configMap represents a configMap that should populate this volume - // +optional - configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) - - // projected items for all in one resources secrets, configmaps, and downward API - projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) - - // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - // +optional - storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) - - // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - // +optional - csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) - - // ephemeral represents a volume that is handled by a cluster storage driver. - // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - // and deleted when the pod is removed. - // - // Use this if: - // a) the volume is only needed while the pod runs, - // b) features of normal volumes like restoring from snapshot or capacity - // tracking are needed, - // c) the storage driver is specified through a storage class, and - // d) the storage driver supports dynamic volume provisioning through - // a PersistentVolumeClaim (see EphemeralVolumeSource for more - // information on the connection between this volume type - // and PersistentVolumeClaim). - // - // Use PersistentVolumeClaim or one of the vendor-specific - // APIs for volumes that persist for longer than the lifecycle - // of an individual pod. - // - // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - // be used that way - see the documentation of the driver for - // more information. - // - // A pod can use both types of ephemeral volumes and - // persistent volumes at the same time. - // - // +optional - ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) -} - -// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. -// This volume finds the bound PV and mounts that volume for the pod. A -// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another -// type of volume that is owned by someone else (the system). -#PersistentVolumeClaimVolumeSource: { - // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - claimName: string @go(ClaimName) @protobuf(1,bytes,opt) - - // readOnly Will force the ReadOnly setting in VolumeMounts. - // Default false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) -} - -// PersistentVolumeSource is similar to VolumeSource but meant for the -// administrator who creates PVs. Exactly one of its members must be set. -#PersistentVolumeSource: { - // gcePersistentDisk represents a GCE Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) - - // awsElasticBlockStore represents an AWS Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) - - // hostPath represents a directory on the host. - // Provisioned by a developer or tester. - // This is useful for single-node development and testing only! - // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) - - // glusterfs represents a Glusterfs volume that is attached to a host and - // exposed to the pod. Provisioned by an admin. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md - // +optional - glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) - - // nfs represents an NFS mount on the host. Provisioned by an admin. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) - - // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - // More info: https://examples.k8s.io/volumes/rbd/README.md - // +optional - rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) - - // iscsi represents an ISCSI Disk resource that is attached to a - // kubelet's host machine and then exposed to the pod. Provisioned by an admin. - // +optional - iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) - - // cinder represents a cinder volume attached and mounted on kubelets host machine. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) - - // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - // +optional - cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) - - // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - // +optional - fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) - - // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running - // +optional - flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) - - // flexVolume represents a generic volume resource that is - // provisioned/attached using an exec based plugin. - // +optional - flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) - - // azureFile represents an Azure File Service mount on the host and bind mount to the pod. - // +optional - azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) - - // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - // +optional - vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) - - // quobyte represents a Quobyte mount on the host that shares a pod's lifetime - // +optional - quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) - - // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - // +optional - azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) - - // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) - - // portworxVolume represents a portworx volume attached and mounted on kubelets host machine - // +optional - portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) - - // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - // +optional - scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) - - // local represents directly-attached storage with node affinity - // +optional - local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) - - // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod - // More info: https://examples.k8s.io/volumes/storageos/README.md - // +optional - storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) - - // csi represents storage that is handled by an external CSI driver (Beta feature). - // +optional - csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) -} - -// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. -// It's currently still used and will be held for backwards compatibility -#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" - -// MountOptionAnnotation defines mount option annotation used in PVs -#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" - -// PersistentVolume (PV) is a storage resource provisioned by an administrator. -// It is analogous to a node. -// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes -#PersistentVolume: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines a specification of a persistent volume owned by the cluster. - // Provisioned by an administrator. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status for the persistent volume. - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes - // +optional - status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeSpec is the specification of a persistent volume. -#PersistentVolumeSpec: { - // capacity is the description of the persistent volume's resources and capacity. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - #PersistentVolumeSource - - // accessModes contains all ways the volume can be mounted. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) - - // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. - // Expected to be non-nil when bound. - // claim.VolumeName is the authoritative bind between PV and PVC. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding - // +optional - // +structType=granular - claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) - - // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. - // Valid options are Retain (default for manually created PersistentVolumes), Delete (default - // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). - // Recycle must be supported by the volume plugin underlying this PersistentVolume. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming - // +optional - persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) - - // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value - // means that this volume does not belong to any StorageClass. - // +optional - storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) - - // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will - // simply fail if one is invalid. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) - - // volumeMode defines if a volume is intended to be used with a formatted filesystem - // or to remain in raw block state. Value of Filesystem is implied when not included in spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) - - // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. - // This field influences the scheduling of pods that use this volume. - // +optional - nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) -} - -// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. -#VolumeNodeAffinity: { - // required specifies hard node constraints that must be met. - required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) -} - -// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. -// +enum -#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy - -#enumPersistentVolumeReclaimPolicy: - #PersistentVolumeReclaimRecycle | - #PersistentVolumeReclaimDelete | - #PersistentVolumeReclaimRetain - -// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. -// The volume plugin must support Recycling. -#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" - -// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. -// The volume plugin must support Deletion. -#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" - -// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. -// The default policy is Retain. -#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" - -// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. -// +enum -#PersistentVolumeMode: string // #enumPersistentVolumeMode - -#enumPersistentVolumeMode: - #PersistentVolumeBlock | - #PersistentVolumeFilesystem - -// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. -#PersistentVolumeBlock: #PersistentVolumeMode & "Block" - -// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. -#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" - -// PersistentVolumeStatus is the current status of a persistent volume. -#PersistentVolumeStatus: { - // phase indicates if a volume is available, bound to a claim, or released by a claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase - // +optional - phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) - - // message is a human-readable message indicating details about why the volume is in this state. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // reason is a brief CamelCase string that describes any failure and is meant - // for machine parsing and tidy display in the CLI. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // lastPhaseTransitionTime is the time the phase transitioned from one to another - // and automatically resets to current time everytime a volume phase transitions. - // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. - // +featureGate=PersistentVolumeLastPhaseTransitionTime - // +optional - lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) -} - -// PersistentVolumeList is a list of PersistentVolume items. -#PersistentVolumeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volumes. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes - items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaim is a user's request for and claim to a persistent volume -#PersistentVolumeClaim: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec defines the desired characteristics of a volume requested by a pod author. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents the current information/status of a persistent volume claim. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - // +optional - status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. -#PersistentVolumeClaimList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of persistent volume claims. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) -} - -// PersistentVolumeClaimSpec describes the common attributes of storage devices -// and allows a Source for provider-specific attributes -#PersistentVolumeClaimSpec: { - // accessModes contains the desired access modes the volume should have. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) - - // selector is a label query over volumes to consider for binding. - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // resources represents the minimum resources the volume should have. - // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - // that are lower than previous value but must still be higher than capacity recorded in the - // status field of the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) - - // volumeName is the binding reference to the PersistentVolume backing this claim. - // +optional - volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) - - // storageClassName is the name of the StorageClass required by the claim. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - // +optional - storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) - - // volumeMode defines what type of volume is required by the claim. - // Value of Filesystem is implied when not included in claim spec. - // +optional - volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) - - // dataSource field can be used to specify either: - // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - // * An existing PVC (PersistentVolumeClaim) - // If the provisioner or an external controller can support the specified data source, - // it will create a new volume based on the contents of the specified data source. - // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - // If the namespace is specified, then dataSourceRef will not be copied to dataSource. - // +optional - dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) - - // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - // volume is desired. This may be any object from a non-empty API group (non - // core object) or a PersistentVolumeClaim object. - // When this field is specified, volume binding will only succeed if the type of - // the specified object matches some installed volume populator or dynamic - // provisioner. - // This field will replace the functionality of the dataSource field and as such - // if both fields are non-empty, they must have the same value. For backwards - // compatibility, when namespace isn't specified in dataSourceRef, - // both fields (dataSource and dataSourceRef) will be set to the same - // value automatically if one of them is empty and the other is non-empty. - // When namespace is specified in dataSourceRef, - // dataSource isn't set to the same value and must be empty. - // There are three important differences between dataSource and dataSourceRef: - // * While dataSource only allows two specific types of objects, dataSourceRef - // allows any non-core object, as well as PersistentVolumeClaim objects. - // * While dataSource ignores disallowed values (dropping them), dataSourceRef - // preserves all values, and generates an error if a disallowed value is - // specified. - // * While dataSource only allows local objects, dataSourceRef allows objects - // in any namespaces. - // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +optional - dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) -} - -#TypedObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace is the namespace of resource being referenced - // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - // +featureGate=CrossNamespaceVolumeDataSource - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) -} - -// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type -#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType - -#enumPersistentVolumeClaimConditionType: - #PersistentVolumeClaimResizing | - #PersistentVolumeClaimFileSystemResizePending - -// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started -#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" - -// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node -#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" - -// +enum -// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource -// that it does not recognizes, then it should ignore that update and let other controllers -// handle it. -#ClaimResourceStatus: string // #enumClaimResourceStatus - -#enumClaimResourceStatus: - #PersistentVolumeClaimControllerResizeInProgress | - #PersistentVolumeClaimControllerResizeFailed | - #PersistentVolumeClaimNodeResizePending | - #PersistentVolumeClaimNodeResizeInProgress | - #PersistentVolumeClaimNodeResizeFailed - -// State set when resize controller starts resizing the volume in control-plane. -#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" - -// State set when resize has failed in resize controller with a terminal error. -// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus -// unmodified, so as resize controller can resume the volume expansion. -#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" - -// State set when resize controller has finished resizing the volume but further resizing of volume -// is needed on the node. -#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" - -// State set when kubelet starts resizing the volume. -#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" - -// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed -#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" - -// PersistentVolumeClaimCondition contains details about state of pvc -#PersistentVolumeClaimCondition: { - type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastProbeTime is the time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // lastTransitionTime is the time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason is a unique, this should be a short, machine understandable string that gives the reason - // for condition's last transition. If it reports "ResizeStarted" that means the underlying - // persistent volume is being resized. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // message is the human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PersistentVolumeClaimStatus is the current status of a persistent volume claim. -#PersistentVolumeClaimStatus: { - // phase represents the current phase of PersistentVolumeClaim. - // +optional - phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) - - // accessModes contains the actual access modes the volume backing the PVC has. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - // +optional - accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) - - // capacity represents the actual resources of the underlying volume. - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - // resized then the Condition will be set to 'ResizeStarted'. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) - - // allocatedResources tracks the resources allocated to a PVC including its capacity. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // Capacity reported here may be larger than the actual capacity when a volume expansion operation - // is requested. - // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - // If a volume expansion capacity request is lowered, allocatedResources is only - // lowered if there are no expansion operations in progress and if the actual volume capacity - // is equal or lower than the requested capacity. - // - // A controller that receives PVC update with previously unknown resourceName - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // allocatedResourceStatuses stores status of resource being resized for the given PVC. - // Key names follow standard Kubernetes label syntax. Valid values are either: - // * Un-prefixed keys: - // - storage - the capacity of the volume. - // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" - // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered - // reserved and hence may not be used. - // - // ClaimResourceStatus can be in any of following states: - // - ControllerResizeInProgress: - // State set when resize controller starts resizing the volume in control-plane. - // - ControllerResizeFailed: - // State set when resize has failed in resize controller with a terminal error. - // - NodeResizePending: - // State set when resize controller has finished resizing the volume but further resizing of - // volume is needed on the node. - // - NodeResizeInProgress: - // State set when kubelet starts resizing the volume. - // - NodeResizeFailed: - // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - // NodeResizeFailed. - // For example: if expanding a PVC for more capacity - this field can be one of the following states: - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" - // When this field is not set, it means that no resize operation is in progress for the given PVC. - // - // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus - // should ignore the update for the purpose it was designed. For example - a controller that - // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid - // resources associated with PVC. - // - // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - // +featureGate=RecoverVolumeExpansionFailure - // +mapType=granular - // +optional - allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) -} - -// +enum -#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode - -#enumPersistentVolumeAccessMode: - #ReadWriteOnce | - #ReadOnlyMany | - #ReadWriteMany | - #ReadWriteOncePod - -// can be mounted in read/write mode to exactly 1 host -#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" - -// can be mounted in read-only mode to many hosts -#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" - -// can be mounted in read/write mode to many hosts -#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" - -// can be mounted in read/write mode to exactly 1 pod -// cannot be used in combination with other access modes -#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" - -// +enum -#PersistentVolumePhase: string // #enumPersistentVolumePhase - -#enumPersistentVolumePhase: - #VolumePending | - #VolumeAvailable | - #VolumeBound | - #VolumeReleased | - #VolumeFailed - -// used for PersistentVolumes that are not available -#VolumePending: #PersistentVolumePhase & "Pending" - -// used for PersistentVolumes that are not yet bound -// Available volumes are held by the binder and matched to PersistentVolumeClaims -#VolumeAvailable: #PersistentVolumePhase & "Available" - -// used for PersistentVolumes that are bound -#VolumeBound: #PersistentVolumePhase & "Bound" - -// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted -// released volumes must be recycled before becoming available again -// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource -#VolumeReleased: #PersistentVolumePhase & "Released" - -// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim -#VolumeFailed: #PersistentVolumePhase & "Failed" - -// +enum -#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase - -#enumPersistentVolumeClaimPhase: - #ClaimPending | - #ClaimBound | - #ClaimLost - -// used for PersistentVolumeClaims that are not yet bound -#ClaimPending: #PersistentVolumeClaimPhase & "Pending" - -// used for PersistentVolumeClaims that are bound -#ClaimBound: #PersistentVolumeClaimPhase & "Bound" - -// used for PersistentVolumeClaims that lost their underlying -// PersistentVolume. The claim was bound to a PersistentVolume and this -// volume does not exist any longer and all data on it was lost. -#ClaimLost: #PersistentVolumeClaimPhase & "Lost" - -// +enum -#HostPathType: string // #enumHostPathType - -#enumHostPathType: - #HostPathUnset | - #HostPathDirectoryOrCreate | - #HostPathDirectory | - #HostPathFileOrCreate | - #HostPathFile | - #HostPathSocket | - #HostPathCharDev | - #HostPathBlockDev - -// For backwards compatible, leave it empty if unset -#HostPathUnset: #HostPathType & "" - -// If nothing exists at the given path, an empty directory will be created there -// as needed with file mode 0755, having the same group and ownership with Kubelet. -#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" - -// A directory must exist at the given path -#HostPathDirectory: #HostPathType & "Directory" - -// If nothing exists at the given path, an empty file will be created there -// as needed with file mode 0644, having the same group and ownership with Kubelet. -#HostPathFileOrCreate: #HostPathType & "FileOrCreate" - -// A file must exist at the given path -#HostPathFile: #HostPathType & "File" - -// A UNIX socket must exist at the given path -#HostPathSocket: #HostPathType & "Socket" - -// A character device must exist at the given path -#HostPathCharDev: #HostPathType & "CharDevice" - -// A block device must exist at the given path -#HostPathBlockDev: #HostPathType & "BlockDevice" - -// Represents a host path mapped into a pod. -// Host path volumes do not support ownership management or SELinux relabeling. -#HostPathVolumeSource: { - // path of the directory on the host. - // If the path is a symlink, it will follow the link to the real path. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - path: string @go(Path) @protobuf(1,bytes,opt) - - // type for HostPath Volume - // Defaults to "" - // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - // +optional - type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) -} - -// Represents an empty directory for a pod. -// Empty directory volumes support ownership management and SELinux relabeling. -#EmptyDirVolumeSource: { - // medium represents what type of storage medium should back this directory. - // The default is "" which means to use the node's default medium. - // Must be an empty string (default) or Memory. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) - - // sizeLimit is the total amount of local storage required for this EmptyDir volume. - // The size limit is also applicable for memory medium. - // The maximum usage on memory medium EmptyDir would be the minimum value between - // the SizeLimit specified here and the sum of memory limits of all containers in a pod. - // The default is nil which means that the limit is undefined. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - // +optional - sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents a Glusterfs mount that lasts the lifetime of a pod. -// Glusterfs volumes do not support ownership management or SELinux relabeling. -#GlusterfsPersistentVolumeSource: { - // endpoints is the endpoint name that details Glusterfs topology. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) - - // path is the Glusterfs volume path. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // endpointsNamespace is the namespace that contains Glusterfs endpoint. - // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. - // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - // +optional - endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a Rados Block Device mount that lasts the lifetime of a pod. -// RBD volumes support ownership management and SELinux relabeling. -#RBDPersistentVolumeSource: { - // monitors is a collection of Ceph monitors. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) - - // image is the rados image name. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - image: string @go(RBDImage) @protobuf(2,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // pool is the rados pool name. - // Default is rbd. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - pool?: string @go(RBDPool) @protobuf(4,bytes,opt) - - // user is the rados user name. - // Default is admin. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - user?: string @go(RadosUser) @protobuf(5,bytes,opt) - - // keyring is the path to key ring for RBDUser. - // Default is /etc/ceph/keyring. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - keyring?: string @go(Keyring) @protobuf(6,bytes,opt) - - // secretRef is name of the authentication secret for RBDUser. If provided - // overrides keyring. - // Default is nil. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) -} - -// Represents a cinder volume resource in Openstack. -// A Cinder volume must exist before mounting to a container. -// The volume must also be in the same region as the kubelet. -// Cinder volumes support ownership management and SELinux relabeling. -#CinderPersistentVolumeSource: { - // volumeID used to identify the volume in cinder. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/mysql-cinder-pd/README.md - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretRef is Optional: points to a secret object containing parameters used to connect - // to OpenStack. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// SecretReference represents a Secret Reference. It has enough information to retrieve secret -// in any namespace -// +structType=atomic -#SecretReference: { - // name is unique within a namespace to reference a secret resource. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // namespace defines the space within which the secret name must be unique. - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) -} - -// Represents a Ceph Filesystem mount that lasts the lifetime of a pod -// Cephfs volumes do not support ownership management or SELinux relabeling. -#CephFSPersistentVolumeSource: { - // monitors is Required: Monitors is a collection of Ceph monitors - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) - - // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - // +optional - path?: string @go(Path) @protobuf(2,bytes,opt) - - // user is Optional: User is the rados user name, default is admin - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - user?: string @go(User) @protobuf(3,bytes,opt) - - // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) -} - -// Represents a Flocker volume mounted by the Flocker agent. -// One and only one of datasetName and datasetUUID should be set. -// Flocker volumes do not support ownership management or SELinux relabeling. -#FlockerVolumeSource: { - // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - // should be considered as deprecated - // +optional - datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) - - // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - // +optional - datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) -} - -// StorageMedium defines ways that storage can be allocated to a volume. -#StorageMedium: string // #enumStorageMedium - -#enumStorageMedium: - #StorageMediumDefault | - #StorageMediumMemory | - #StorageMediumHugePages | - #StorageMediumHugePagesPrefix - -#StorageMediumDefault: #StorageMedium & "" -#StorageMediumMemory: #StorageMedium & "Memory" -#StorageMediumHugePages: #StorageMedium & "HugePages" -#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" - -// Protocol defines network protocols supported for things like container ports. -// +enum -#Protocol: string // #enumProtocol - -#enumProtocol: - #ProtocolTCP | - #ProtocolUDP | - #ProtocolSCTP - -// ProtocolTCP is the TCP protocol. -#ProtocolTCP: #Protocol & "TCP" - -// ProtocolUDP is the UDP protocol. -#ProtocolUDP: #Protocol & "UDP" - -// ProtocolSCTP is the SCTP protocol. -#ProtocolSCTP: #Protocol & "SCTP" - -// Represents a Persistent Disk resource in Google Compute Engine. -// -// A GCE PD must exist before mounting to a container. The disk must -// also be in the same GCE project and zone as the kubelet. A GCE PD -// can only be mounted as read/write once or read-only many times. GCE -// PDs support ownership management and SELinux relabeling. -#GCEPersistentDiskVolumeSource: { - // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - pdName: string @go(PDName) @protobuf(1,bytes,opt) - - // fsType is filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a Quobyte mount that lasts the lifetime of a pod. -// Quobyte volumes do not support ownership management or SELinux relabeling. -#QuobyteVolumeSource: { - // registry represents a single or multiple Quobyte Registry services - // specified as a string as host:port pair (multiple entries are separated with commas) - // which acts as the central registry for volumes - registry: string @go(Registry) @protobuf(1,bytes,opt) - - // volume is a string that references an already created Quobyte volume by name. - volume: string @go(Volume) @protobuf(2,bytes,opt) - - // readOnly here will force the Quobyte volume to be mounted with read-only permissions. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // user to map volume access to - // Defaults to serivceaccount user - // +optional - user?: string @go(User) @protobuf(4,bytes,opt) - - // group to map volume access to - // Default is no group - // +optional - group?: string @go(Group) @protobuf(5,bytes,opt) - - // tenant owning the given Quobyte volume in the Backend - // Used with dynamically provisioned Quobyte volumes, value is set by the plugin - // +optional - tenant?: string @go(Tenant) @protobuf(6,bytes,opt) -} - -// FlexPersistentVolumeSource represents a generic persistent volume resource that is -// provisioned/attached using an exec based plugin. -#FlexPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: SecretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// FlexVolume represents a generic volume resource that is -// provisioned/attached using an exec based plugin. -#FlexVolumeSource: { - // driver is the name of the driver to use for this volume. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // secretRef is Optional: secretRef is reference to the secret object containing - // sensitive information to pass to the plugin scripts. This may be - // empty if no secret object is specified. If the secret object - // contains more than one secret, all secrets are passed to the plugin - // scripts. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // readOnly is Optional: defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // options is Optional: this field holds extra command options if any. - // +optional - options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) -} - -// Represents a Persistent Disk resource in AWS. -// -// An AWS EBS disk must exist before mounting to a container. The disk -// must also be in the same AWS zone as the kubelet. An AWS EBS disk -// can only be mounted as read/write once. AWS EBS volumes support -// ownership management and SELinux relabeling. -#AWSElasticBlockStoreVolumeSource: { - // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // partition is the partition in the volume that you want to mount. - // If omitted, the default is to mount by volume name. - // Examples: For volume /dev/sda1, you specify the partition as "1". - // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - // +optional - partition?: int32 @go(Partition) @protobuf(3,varint,opt) - - // readOnly value true will force the readOnly setting in VolumeMounts. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) -} - -// Represents a volume that is populated with the contents of a git repository. -// Git repo volumes do not support ownership management. -// Git repo volumes support SELinux relabeling. -// -// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -// into the Pod's container. -#GitRepoVolumeSource: { - // repository is the URL - repository: string @go(Repository) @protobuf(1,bytes,opt) - - // revision is the commit hash for the specified revision. - // +optional - revision?: string @go(Revision) @protobuf(2,bytes,opt) - - // directory is the target directory name. - // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - // git repository. Otherwise, if specified, the volume will contain the git repository in - // the subdirectory with the given name. - // +optional - directory?: string @go(Directory) @protobuf(3,bytes,opt) -} - -// Adapts a Secret into a volume. -// -// The contents of the target Secret's Data field will be presented in a volume -// as files using the keys in the Data field as the file names. -// Secret volumes support ownership management and SELinux relabeling. -#SecretVolumeSource: { - // secretName is the name of the secret in the pod's namespace to use. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - // +optional - secretName?: string @go(SecretName) @protobuf(1,bytes,opt) - - // items If unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values - // for mode bits. Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) - - // optional field specify whether the Secret or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#SecretVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a secret into a projected volume. -// -// The contents of the target Secret's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names. -// Note that this is identical to a secret volume source without the default -// mode. -#SecretProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // Secret will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the Secret, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional field specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// Represents an NFS mount that lasts the lifetime of a pod. -// NFS volumes do not support ownership management or SELinux relabeling. -#NFSVolumeSource: { - // server is the hostname or IP address of the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - server: string @go(Server) @protobuf(1,bytes,opt) - - // path that is exported by the NFS server. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - path: string @go(Path) @protobuf(2,bytes,opt) - - // readOnly here will force the NFS export to be mounted with read-only permissions. - // Defaults to false. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// Represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is the target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun represents iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// ISCSIPersistentVolumeSource represents an ISCSI disk. -// ISCSI volumes can only be mounted as read/write once. -// ISCSI volumes support ownership management and SELinux relabeling. -#ISCSIPersistentVolumeSource: { - // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) - - // iqn is Target iSCSI Qualified Name. - iqn: string @go(IQN) @protobuf(2,bytes,opt) - - // lun is iSCSI Target Lun number. - lun: int32 @go(Lun) @protobuf(3,varint,opt) - - // iscsiInterface is the interface Name that uses an iSCSI transport. - // Defaults to 'default' (tcp). - // +optional - iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) - - // fsType is the filesystem type of the volume that you want to mount. - // Tip: Ensure that the filesystem type is supported by the host operating system. - // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(5,bytes,opt) - - // readOnly here will force the ReadOnly setting in VolumeMounts. - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) - - // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port - // is other than default (typically TCP ports 860 and 3260). - // +optional - portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) - - // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication - // +optional - chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) - - // chapAuthSession defines whether support iSCSI Session CHAP authentication - // +optional - chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) - - // secretRef is the CHAP Secret for iSCSI target and initiator authentication - // +optional - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) - - // initiatorName is the custom iSCSI Initiator Name. - // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - // : will be created for the connection. - // +optional - initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) -} - -// Represents a Fibre Channel volume. -// Fibre Channel volumes can only be mounted as read/write once. -// Fibre Channel volumes support ownership management and SELinux relabeling. -#FCVolumeSource: { - // targetWWNs is Optional: FC target worldwide names (WWNs) - // +optional - targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) - - // lun is Optional: FC target lun number - // +optional - lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // TODO: how do we prevent errors in the filesystem from compromising the machine - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // wwids Optional: FC volume world wide identifiers (wwids) - // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - // +optional - wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFileVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. -#AzureFilePersistentVolumeSource: { - // secretName is the name of secret that contains Azure Storage Account Name and Key - secretName: string @go(SecretName) @protobuf(1,bytes,opt) - - // shareName is the azure Share Name - shareName: string @go(ShareName) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key - // default is the same as the Pod - // +optional - secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) -} - -// Represents a vSphere volume resource. -#VsphereVirtualDiskVolumeSource: { - // volumePath is the path that identifies vSphere volume vmdk - volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) - - // fsType is filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // storagePolicyName is the storage Policy Based Management (SPBM) profile name. - // +optional - storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) - - // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - // +optional - storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) -} - -// Represents a Photon Controller persistent disk resource. -#PhotonPersistentDiskVolumeSource: { - // pdID is the ID that identifies Photon Controller persistent disk - pdID: string @go(PdID) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) -} - -// +enum -#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode - -#enumAzureDataDiskCachingMode: - #AzureDataDiskCachingNone | - #AzureDataDiskCachingReadOnly | - #AzureDataDiskCachingReadWrite - -// +enum -#AzureDataDiskKind: string // #enumAzureDataDiskKind - -#enumAzureDataDiskKind: - #AzureSharedBlobDisk | - #AzureDedicatedBlobDisk | - #AzureManagedDisk - -#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" -#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" -#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" -#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" -#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" -#AzureManagedDisk: #AzureDataDiskKind & "Managed" - -// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. -#AzureDiskVolumeSource: { - // diskName is the Name of the data disk in the blob storage - diskName: string @go(DiskName) @protobuf(1,bytes,opt) - - // diskURI is the URI of data disk in the blob storage - diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) - - // cachingMode is the Host Caching mode: None, Read Only, Read Write. - // +optional - cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) - - // fsType is Filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) - - // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared - kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) -} - -// PortworxVolumeSource represents a Portworx volume resource. -#PortworxVolumeSource: { - // volumeID uniquely identifies a Portworx volume - volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) - - // fSType represents the filesystem type to mount - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - fsType?: string @go(FSType) @protobuf(2,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) -} - -// ScaleIOVolumeSource represents a persistent ScaleIO volume -#ScaleIOVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) - - // sslEnabled Flag enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs". - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly Defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume -#ScaleIOPersistentVolumeSource: { - // gateway is the host address of the ScaleIO API Gateway. - gateway: string @go(Gateway) @protobuf(1,bytes,opt) - - // system is the name of the storage system as configured in ScaleIO. - system: string @go(System) @protobuf(2,bytes,opt) - - // secretRef references to the secret for ScaleIO user and other - // sensitive information. If this is not provided, Login operation will fail. - secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) - - // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false - // +optional - sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) - - // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. - // +optional - protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) - - // storagePool is the ScaleIO Storage Pool associated with the protection domain. - // +optional - storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) - - // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - // Default is ThinProvisioned. - // +optional - storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) - - // volumeName is the name of a volume already created in the ScaleIO system - // that is associated with this volume source. - volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // Default is "xfs" - // +optional - fsType?: string @go(FSType) @protobuf(9,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents a StorageOS persistent volume resource. -#StorageOSPersistentVolumeSource: { - // volumeName is the human-readable name of the StorageOS volume. Volume - // names are only unique within a namespace. - volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) - - // volumeNamespace specifies the scope of the volume within StorageOS. If no - // namespace is specified then the Pod's namespace will be used. This allows the - // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - // Set VolumeName to any name to override the default behaviour. - // Set to "default" if you are not using namespaces within StorageOS. - // Namespaces that do not pre-exist within StorageOS will be created. - // +optional - volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) - - // fsType is the filesystem type to mount. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - // +optional - fsType?: string @go(FSType) @protobuf(3,bytes,opt) - - // readOnly defaults to false (read/write). ReadOnly here will force - // the ReadOnly setting in VolumeMounts. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) - - // secretRef specifies the secret to use for obtaining the StorageOS API - // credentials. If not specified, default values will be attempted. - // +optional - secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) -} - -// Adapts a ConfigMap into a volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// volume as files using the keys in the Data field as the file names, unless -// the items element is populated with specific mappings of keys to paths. -// ConfigMap volumes support ownership management and SELinux relabeling. -#ConfigMapVolumeSource: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // defaultMode is optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 - -// Adapts a ConfigMap into a projected volume. -// -// The contents of the target ConfigMap's Data field will be presented in a -// projected volume as files using the keys in the Data field as the file names, -// unless the items element is populated with specific mappings of keys to paths. -// Note that this is identical to a configmap volume source without the default -// mode. -#ConfigMapProjection: { - #LocalObjectReference - - // items if unspecified, each key-value pair in the Data field of the referenced - // ConfigMap will be projected into the volume as a file whose name is the - // key and content is the value. If specified, the listed keys will be - // projected into the specified paths, and unlisted keys will not be - // present. If a key is specified which is not present in the ConfigMap, - // the volume setup will error unless it is marked optional. Paths must be - // relative and may not contain the '..' path or start with '..'. - // +optional - items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) - - // optional specify whether the ConfigMap or its keys must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountTokenProjection represents a projected service account token -// volume. This projection can be used to insert a service account token into -// the pods runtime filesystem for use against APIs (Kubernetes API Server or -// otherwise). -#ServiceAccountTokenProjection: { - // audience is the intended audience of the token. A recipient of a token - // must identify itself with an identifier specified in the audience of the - // token, and otherwise should reject the token. The audience defaults to the - // identifier of the apiserver. - // +optional - audience?: string @go(Audience) @protobuf(1,bytes,rep) - - // expirationSeconds is the requested duration of validity of the service - // account token. As the token approaches expiration, the kubelet volume - // plugin will proactively rotate the service account token. The kubelet will - // start trying to rotate the token if the token is older than 80 percent of - // its time to live or if the token is older than 24 hours.Defaults to 1 hour - // and must be at least 10 minutes. - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) - - // path is the path relative to the mount point of the file to project the - // token into. - path: string @go(Path) @protobuf(3,bytes,opt) -} - -// Represents a projected volume source -#ProjectedVolumeSource: { - // sources is the list of volume projections - // +optional - sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) - - // defaultMode are the mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -// Projection that may be projected along with other supported volume types -#VolumeProjection: { - // secret information about the secret data to project - // +optional - secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) - - // downwardAPI information about the downwardAPI data to project - // +optional - downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) - - // configMap information about the configMap data to project - // +optional - configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) - - // serviceAccountToken is information about the serviceAccountToken data to project - // +optional - serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) -} - -#ProjectedVolumeSourceDefaultMode: int32 & 0o644 - -// Maps a string key to a path within a volume. -#KeyToPath: { - // key is the key to project. - key: string @go(Key) @protobuf(1,bytes,opt) - - // path is the relative path of the file to map the key to. - // May not be an absolute path. - // May not contain the path element '..'. - // May not start with the string '..'. - path: string @go(Path) @protobuf(2,bytes,opt) - - // mode is Optional: mode bits used to set permissions on this file. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) -} - -// Local represents directly-attached storage with node affinity (Beta feature) -#LocalVolumeSource: { - // path of the full path to the volume on the node. - // It can be either a directory or block device (disk, partition, ...). - path: string @go(Path) @protobuf(1,bytes,opt) - - // fsType is the filesystem type to mount. - // It applies only when the Path is a block device. - // Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) -} - -// Represents storage that is managed by an external CSI volume driver (Beta feature) -#CSIPersistentVolumeSource: { - // driver is the name of the driver to use for this volume. - // Required. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // volumeHandle is the unique volume name returned by the CSI volume - // plugin’s CreateVolume to refer to the volume on all subsequent calls. - // Required. - volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) - - // readOnly value to pass to ControllerPublishVolumeRequest. - // Defaults to false (read/write). - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) - - // fsType to mount. Must be a filesystem type supported by the host operating system. - // Ex. "ext4", "xfs", "ntfs". - // +optional - fsType?: string @go(FSType) @protobuf(4,bytes,opt) - - // volumeAttributes of the volume to publish. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) - - // controllerPublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerPublishVolume and ControllerUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) - - // nodeStageSecretRef is a reference to the secret object containing sensitive - // information to pass to the CSI driver to complete the CSI NodeStageVolume - // and NodeStageVolume and NodeUnstageVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) - - // controllerExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // ControllerExpandVolume call. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +optional - controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) - - // nodeExpandSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodeExpandVolume call. - // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. - // This field is optional, may be omitted if no secret is required. If the - // secret object contains more than one secret, all secrets are passed. - // +featureGate=CSINodeExpandSecret - // +optional - nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) -} - -// Represents a source location of a volume to mount, managed by an external CSI driver -#CSIVolumeSource: { - // driver is the name of the CSI driver that handles this volume. - // Consult with your admin for the correct name as registered in the cluster. - driver: string @go(Driver) @protobuf(1,bytes,opt) - - // readOnly specifies a read-only configuration for the volume. - // Defaults to false (read/write). - // +optional - readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) - - // fsType to mount. Ex. "ext4", "xfs", "ntfs". - // If not provided, the empty value is passed to the associated CSI driver - // which will determine the default filesystem to apply. - // +optional - fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) - - // volumeAttributes stores driver-specific properties that are passed to the CSI - // driver. Consult your driver's documentation for supported values. - // +optional - volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) - - // nodePublishSecretRef is a reference to the secret object containing - // sensitive information to pass to the CSI driver to complete the CSI - // NodePublishVolume and NodeUnpublishVolume calls. - // This field is optional, and may be empty if no secret is required. If the - // secret object contains more than one secret, all secret references are passed. - // +optional - nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) -} - -// Represents an ephemeral volume that is handled by a normal storage driver. -#EphemeralVolumeSource: { - // Will be used to create a stand-alone PVC to provision the volume. - // The pod in which this EphemeralVolumeSource is embedded will be the - // owner of the PVC, i.e. the PVC will be deleted together with the - // pod. The name of the PVC will be `-` where - // `` is the name from the `PodSpec.Volumes` array - // entry. Pod validation will reject the pod if the concatenated name - // is not valid for a PVC (for example, too long). - // - // An existing PVC with that name that is not owned by the pod - // will *not* be used for the pod to avoid using an unrelated - // volume by mistake. Starting the pod is then blocked until - // the unrelated PVC is removed. If such a pre-created PVC is - // meant to be used by the pod, the PVC has to updated with an - // owner reference to the pod once the pod exists. Normally - // this should not be necessary, but it may be useful when - // manually reconstructing a broken cluster. - // - // This field is read-only and no changes will be made by Kubernetes - // to the PVC after it has been created. - // - // Required, must not be nil. - volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) -} - -// PersistentVolumeClaimTemplate is used to produce -// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. -#PersistentVolumeClaimTemplate: { - // May contain labels and annotations that will be copied into the PVC - // when creating it. No other fields are allowed and will be rejected during - // validation. - // - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The specification for the PersistentVolumeClaim. The entire content is - // copied unchanged into the PVC that gets created from this - // template. The same fields as in a PersistentVolumeClaim - // are also valid here. - spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) -} - -// ContainerPort represents a network port in a single container. -#ContainerPort: { - // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - // named port in a pod must have a unique name. Name for the port that can be - // referred to by services. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // Number of port to expose on the host. - // If specified, this must be a valid port number, 0 < x < 65536. - // If HostNetwork is specified, this must match ContainerPort. - // Most containers do not need this. - // +optional - hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) - - // Number of port to expose on the pod's IP address. - // This must be a valid port number, 0 < x < 65536. - containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) - - // Protocol for port. Must be UDP, TCP, or SCTP. - // Defaults to "TCP". - // +optional - // +default="TCP" - protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) - - // What host IP to bind the external port to. - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) -} - -// VolumeMount describes a mounting of a Volume within a container. -#VolumeMount: { - // This must match the Name of a Volume. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Mounted read-only if true, read-write otherwise (false or unspecified). - // Defaults to false. - // +optional - readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) - - // Path within the container at which the volume should be mounted. Must - // not contain ':'. - mountPath: string @go(MountPath) @protobuf(3,bytes,opt) - - // Path within the volume from which the container's volume should be mounted. - // Defaults to "" (volume's root). - // +optional - subPath?: string @go(SubPath) @protobuf(4,bytes,opt) - - // mountPropagation determines how mounts are propagated from the host - // to container and the other way around. - // When not set, MountPropagationNone is used. - // This field is beta in 1.10. - // +optional - mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) - - // Expanded path within the volume from which the container's volume should be mounted. - // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - // Defaults to "" (volume's root). - // SubPathExpr and SubPath are mutually exclusive. - // +optional - subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) -} - -// MountPropagationMode describes mount propagation. -// +enum -#MountPropagationMode: string // #enumMountPropagationMode - -#enumMountPropagationMode: - #MountPropagationNone | - #MountPropagationHostToContainer | - #MountPropagationBidirectional - -// MountPropagationNone means that the volume in a container will -// not receive new mounts from the host or other containers, and filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode corresponds to "private" in Linux terminology. -#MountPropagationNone: #MountPropagationMode & "None" - -// MountPropagationHostToContainer means that the volume in a container will -// receive new mounts from the host or other containers, but filesystems -// mounted inside the container won't be propagated to the host or other -// containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rslave" in Linux terminology). -#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" - -// MountPropagationBidirectional means that the volume in a container will -// receive new mounts from the host or other containers, and its own mounts -// will be propagated from the container to the host or other containers. -// Note that this mode is recursively applied to all mounts in the volume -// ("rshared" in Linux terminology). -#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" - -// volumeDevice describes a mapping of a raw block device within a container. -#VolumeDevice: { - // name must match the name of a persistentVolumeClaim in the pod - name: string @go(Name) @protobuf(1,bytes,opt) - - // devicePath is the path inside of the container that the device will be mapped to. - devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) -} - -// EnvVar represents an environment variable present in a Container. -#EnvVar: { - // Name of the environment variable. Must be a C_IDENTIFIER. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Variable references $(VAR_NAME) are expanded - // using the previously defined environment variables in the container and - // any service environment variables. If a variable cannot be resolved, - // the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - // Escaped references will never be expanded, regardless of whether the variable - // exists or not. - // Defaults to "". - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Source for the environment variable's value. Cannot be used if value is not empty. - // +optional - valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) -} - -// EnvVarSource represents a source for the value of an EnvVar. -#EnvVarSource: { - // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) - - // Selects a key of a ConfigMap. - // +optional - configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) - - // Selects a key of a secret in the pod's namespace - // +optional - secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) -} - -// ObjectFieldSelector selects an APIVersioned field of an object. -// +structType=atomic -#ObjectFieldSelector: { - // Version of the schema the FieldPath is written in terms of, defaults to "v1". - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // Path of the field to select in the specified API version. - fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) -} - -// ResourceFieldSelector represents container resources (cpu, memory) and their output format -// +structType=atomic -#ResourceFieldSelector: { - // Container name: required for volumes, optional for env vars - // +optional - containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) - - // Required: resource to select - "resource": string @go(Resource) @protobuf(2,bytes,opt) - - // Specifies the output format of the exposed resources, defaults to "1" - // +optional - divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) -} - -// Selects a key from a ConfigMap. -// +structType=atomic -#ConfigMapKeySelector: { - #LocalObjectReference - - // The key to select. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the ConfigMap or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// SecretKeySelector selects a key of a Secret. -// +structType=atomic -#SecretKeySelector: { - #LocalObjectReference - - // The key of the secret to select from. Must be a valid secret key. - key: string @go(Key) @protobuf(2,bytes,opt) - - // Specify whether the Secret or its key must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) -} - -// EnvFromSource represents the source of a set of ConfigMaps -#EnvFromSource: { - // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - // +optional - prefix?: string @go(Prefix) @protobuf(1,bytes,opt) - - // The ConfigMap to select from - // +optional - configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) - - // The Secret to select from - // +optional - secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) -} - -// ConfigMapEnvSource selects a ConfigMap to populate the environment -// variables with. -// -// The contents of the target ConfigMap's Data field will represent the -// key-value pairs as environment variables. -#ConfigMapEnvSource: { - #LocalObjectReference - - // Specify whether the ConfigMap must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// SecretEnvSource selects a Secret to populate the environment -// variables with. -// -// The contents of the target Secret's Data field will represent the -// key-value pairs as environment variables. -#SecretEnvSource: { - #LocalObjectReference - - // Specify whether the Secret must be defined - // +optional - optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) -} - -// HTTPHeader describes a custom header to be used in HTTP probes -#HTTPHeader: { - // The header field name. - // This will be canonicalized upon output, so case-variant names will be understood as the same header. - name: string @go(Name) @protobuf(1,bytes,opt) - - // The header field value - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// HTTPGetAction describes an action based on HTTP Get requests. -#HTTPGetAction: { - // Path to access on the HTTP server. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // Name or number of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) - - // Host name to connect to, defaults to the pod IP. You probably want to set - // "Host" in httpHeaders instead. - // +optional - host?: string @go(Host) @protobuf(3,bytes,opt) - - // Scheme to use for connecting to the host. - // Defaults to HTTP. - // +optional - scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) - - // Custom headers to set in the request. HTTP allows repeated headers. - // +optional - httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) -} - -// URIScheme identifies the scheme used for connection to a host for Get actions -// +enum -#URIScheme: string // #enumURIScheme - -#enumURIScheme: - #URISchemeHTTP | - #URISchemeHTTPS - -// URISchemeHTTP means that the scheme used will be http:// -#URISchemeHTTP: #URIScheme & "HTTP" - -// URISchemeHTTPS means that the scheme used will be https:// -#URISchemeHTTPS: #URIScheme & "HTTPS" - -// TCPSocketAction describes an action based on opening a socket -#TCPSocketAction: { - // Number or name of the port to access on the container. - // Number must be in the range 1 to 65535. - // Name must be an IANA_SVC_NAME. - port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) - - // Optional: Host name to connect to, defaults to the pod IP. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -#GRPCAction: { - // Port number of the gRPC service. Number must be in the range 1 to 65535. - port: int32 @go(Port) @protobuf(1,bytes,opt) - - // Service is the name of the service to place in the gRPC HealthCheckRequest - // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - // - // If this is not specified, the default behavior is defined by gRPC. - // +optional - // +default="" - service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) -} - -// ExecAction describes a "run in container" action. -#ExecAction: { - // Command is the command line to execute inside the container, the working directory for the - // command is root ('/') in the container's filesystem. The command is simply exec'd, it is - // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - // a shell, you need to explicitly call out to that shell. - // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - // +optional - command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) -} - -// Probe describes a health check to be performed against a container to determine whether it is -// alive or ready to receive traffic. -#Probe: { - #ProbeHandler - - // Number of seconds after the container has started before liveness probes are initiated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) - - // Number of seconds after which the probe times out. - // Defaults to 1 second. Minimum value is 1. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) - - // How often (in seconds) to perform the probe. - // Default to 10 seconds. Minimum value is 1. - // +optional - periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) - - // Minimum consecutive successes for the probe to be considered successful after having failed. - // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - // +optional - successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) - - // Minimum consecutive failures for the probe to be considered failed after having succeeded. - // Defaults to 3. Minimum value is 1. - // +optional - failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) - - // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - // value overrides the value provided by the pod spec. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) -} - -// PullPolicy describes a policy for if/when to pull a container image -// +enum -#PullPolicy: string // #enumPullPolicy - -#enumPullPolicy: - #PullAlways | - #PullNever | - #PullIfNotPresent - -// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. -#PullAlways: #PullPolicy & "Always" - -// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present -#PullNever: #PullPolicy & "Never" - -// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. -#PullIfNotPresent: #PullPolicy & "IfNotPresent" - -// ResourceResizeRestartPolicy specifies how to handle container resource resize. -#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy - -#enumResourceResizeRestartPolicy: - #NotRequired | - #RestartContainer - -// 'NotRequired' means Kubernetes will try to resize the container -// without restarting it, if possible. Kubernetes may however choose to -// restart the container if it is unable to actuate resize without a -// restart. For e.g. the runtime doesn't support restart-free resizing. -#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" - -// 'RestartContainer' means Kubernetes will resize the container in-place -// by stopping and starting the container when new resources are applied. -// This is needed for legacy applications. For e.g. java apps using the -// -xmxN flag which are unable to use resized memory without restarting. -#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" - -// ContainerResizePolicy represents resource resize policy for the container. -#ContainerResizePolicy: { - // Name of the resource to which this resource resize policy applies. - // Supported values: cpu, memory. - resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) - - // Restart policy to apply when specified resource is resized. - // If not specified, it defaults to NotRequired. - restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) -} - -// PreemptionPolicy describes a policy for if/when to preempt a pod. -// +enum -#PreemptionPolicy: string // #enumPreemptionPolicy - -#enumPreemptionPolicy: - #PreemptLowerPriority | - #PreemptNever - -// PreemptLowerPriority means that pod can preempt other pods with lower priority. -#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" - -// PreemptNever means that pod never preempts other pods with lower priority. -#PreemptNever: #PreemptionPolicy & "Never" - -// TerminationMessagePolicy describes how termination messages are retrieved from a container. -// +enum -#TerminationMessagePolicy: string // #enumTerminationMessagePolicy - -#enumTerminationMessagePolicy: - #TerminationMessageReadFile | - #TerminationMessageFallbackToLogsOnError - -// TerminationMessageReadFile is the default behavior and will set the container status message to -// the contents of the container's terminationMessagePath when the container exits. -#TerminationMessageReadFile: #TerminationMessagePolicy & "File" - -// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs -// for the container status message when the container exits with an error and the -// terminationMessagePath has no contents. -#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" - -// Capability represent POSIX capabilities type -#Capability: string - -// Adds and removes POSIX capabilities from running containers. -#Capabilities: { - // Added capabilities - // +optional - add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) - - // Removed capabilities - // +optional - drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) -} - -// ResourceRequirements describes the compute resource requirements. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Requests describes the minimum amount of compute resources required. - // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - // otherwise to an implementation-defined value. Requests cannot exceed Limits. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Claims lists the names of resources, defined in spec.resourceClaims, - // that are used by this container. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. It can only be set for containers. - // - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) -} - -// ResourceClaim references one entry in PodSpec.ResourceClaims. -#ResourceClaim: { - // Name must match the name of one entry in pod.spec.resourceClaims of - // the Pod where this field is used. It makes that resource available - // inside a container. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// TerminationMessagePathDefault means the default path to capture the application termination message running in a container -#TerminationMessagePathDefault: "/dev/termination-log" - -// A single application container that you want to run within a pod. -#Container: { - // Name of the container specified as a DNS_LABEL. - // Each container in a pod must have a unique name (DNS_LABEL). - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - // This field is optional to allow higher level config management to default or override - // container images in workload controllers like Deployments and StatefulSets. - // +optional - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The container image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The container image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // List of ports to expose from the container. Not specifying a port here - // DOES NOT prevent that port from being exposed. Any port which is - // listening on the default "0.0.0.0" address inside a container will be - // accessible from the network. - // Modifying this array with strategic merge patch may corrupt the data. - // For more information See https://github.com/kubernetes/kubernetes/issues/108255. - // Cannot be updated. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Compute Resources required by this container. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // RestartPolicy defines the restart behavior of individual containers in a pod. - // This field may only be set for init containers, and the only allowed value is "Always". - // For non-init containers or when this field is not specified, - // the restart behavior is defined by the Pod's restart policy and the container type. - // Setting the RestartPolicy as "Always" for the init container will have the following effect: - // this init container will be continually restarted on - // exit until all regular containers have terminated. Once all regular - // containers have completed, all init containers with restartPolicy "Always" - // will be shut down. This lifecycle differs from normal init containers and - // is often referred to as a "sidecar" container. Although this init - // container still starts in the init container sequence, it does not wait - // for the container to complete before proceeding to the next init - // container. Instead, the next init container starts immediately after this - // init container is started, or after any startupProbe has successfully - // completed. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Periodic probe of container liveness. - // Container will be restarted if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Periodic probe of container service readiness. - // Container will be removed from service endpoints if the probe fails. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // StartupProbe indicates that the Pod has successfully initialized. - // If specified, no other probes are executed until this completes successfully. - // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - // when it might take a long time to load data or warm a cache, than during steady-state operation. - // This cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Actions that the management system should take in response to container lifecycle events. - // Cannot be updated. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // SecurityContext defines the security options the container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// ProbeHandler defines a specific action that should be taken in a probe. -// One and only one of the fields must be specified. -#ProbeHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // TCPSocket specifies an action involving a TCP port. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) - - // GRPC specifies an action involving a GRPC port. - // +optional - grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) -} - -// LifecycleHandler defines a specific action that should be taken in a lifecycle -// hook. One and only one of the fields, except TCPSocket must be specified. -#LifecycleHandler: { - // Exec specifies the action to take. - // +optional - exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) - - // HTTPGet specifies the http request to perform. - // +optional - httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) - - // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - // for the backward compatibility. There are no validation of this field and - // lifecycle hooks will fail in runtime when tcp handler is specified. - // +optional - tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) -} - -// Lifecycle describes actions that the management system should take in response to container lifecycle -// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks -// until the action is complete, unless the container process fails, in which case the handler is aborted. -#Lifecycle: { - // PostStart is called immediately after a container is created. If the handler fails, - // the container is terminated and restarted according to its restart policy. - // Other management of the container blocks until the hook completes. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) - - // PreStop is called immediately before a container is terminated due to an - // API request or management event such as liveness/startup probe failure, - // preemption, resource contention, etc. The handler is not called if the - // container crashes or exits. The Pod's termination grace period countdown begins before the - // PreStop hook is executed. Regardless of the outcome of the handler, the - // container will eventually terminate within the Pod's termination grace - // period (unless delayed by finalizers). Other management of the container blocks until the hook completes - // or until the termination grace period is reached. - // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - // +optional - preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) -} - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// ContainerStateWaiting is a waiting state of a container. -#ContainerStateWaiting: { - // (brief) reason the container is not yet running. - // +optional - reason?: string @go(Reason) @protobuf(1,bytes,opt) - - // Message regarding why the container is not yet running. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// ContainerStateRunning is a running state of a container. -#ContainerStateRunning: { - // Time at which the container was last (re-)started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) -} - -// ContainerStateTerminated is a terminated state of a container. -#ContainerStateTerminated: { - // Exit status from the last termination of the container - exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) - - // Signal from the last termination of the container - // +optional - signal?: int32 @go(Signal) @protobuf(2,varint,opt) - - // (brief) reason from the last termination of the container - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Message regarding the last termination of the container - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // Time at which previous execution of the container started - // +optional - startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) - - // Time at which the container last terminated - // +optional - finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) - - // Container's ID in the format '://' - // +optional - containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) -} - -// ContainerState holds a possible state of container. -// Only one of its members may be specified. -// If none of them is specified, the default one is ContainerStateWaiting. -#ContainerState: { - // Details about a waiting container - // +optional - waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) - - // Details about a running container - // +optional - running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) - - // Details about a terminated container - // +optional - terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) -} - -// ContainerStatus contains details for the current status of this container. -#ContainerStatus: { - // Name is a DNS_LABEL representing the unique name of the container. - // Each container in a pod must have a unique name across all container types. - // Cannot be updated. - name: string @go(Name) @protobuf(1,bytes,opt) - - // State holds details about the container's current condition. - // +optional - state?: #ContainerState @go(State) @protobuf(2,bytes,opt) - - // LastTerminationState holds the last termination state of the container to - // help debug container crashes and restarts. This field is not - // populated if the container is still running and RestartCount is 0. - // +optional - lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) - - // Ready specifies whether the container is currently passing its readiness check. - // The value will change as readiness probes keep executing. If no readiness - // probes are specified, this field defaults to true once the container is - // fully started (see Started field). - // - // The value is typically used to determine whether a container is ready to - // accept traffic. - ready: bool @go(Ready) @protobuf(4,varint,opt) - - // RestartCount holds the number of times the container has been restarted. - // Kubelet makes an effort to always increment the value, but there - // are cases when the state may be lost due to node restarts and then the value - // may be reset to 0. The value is never negative. - restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) - - // Image is the name of container image that the container is running. - // The container image may not match the image used in the PodSpec, - // as it may have been resolved by the runtime. - // More info: https://kubernetes.io/docs/concepts/containers/images. - image: string @go(Image) @protobuf(6,bytes,opt) - - // ImageID is the image ID of the container's image. The image ID may not - // match the image ID of the image used in the PodSpec, as it may have been - // resolved by the runtime. - imageID: string @go(ImageID) @protobuf(7,bytes,opt) - - // ContainerID is the ID of the container in the format '://'. - // Where type is a container runtime identifier, returned from Version call of CRI API - // (for example "containerd"). - // +optional - containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) - - // Started indicates whether the container has finished its postStart lifecycle hook - // and passed its startup probe. - // Initialized as false, becomes true after startupProbe is considered - // successful. Resets to false when the container is restarted, or if kubelet - // loses state temporarily. In both cases, startup probes will run again. - // Is always true when no startupProbe is defined and container is running and - // has passed the postStart lifecycle hook. The null value must be treated the - // same as false. - // +optional - started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) - - // AllocatedResources represents the compute resources allocated for this container by the - // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission - // and after successfully admitting desired pod resize. - // +featureGate=InPlacePodVerticalScaling - // +optional - allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Resources represents the compute resource requests and limits that have been successfully - // enacted on the running container after it has been started or has been successfully resized. - // +featureGate=InPlacePodVerticalScaling - // +optional - resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) -} - -// PodPhase is a label for the condition of a pod at the current time. -// +enum -#PodPhase: string // #enumPodPhase - -#enumPodPhase: - #PodPending | - #PodRunning | - #PodSucceeded | - #PodFailed | - #PodUnknown - -// PodPending means the pod has been accepted by the system, but one or more of the containers -// has not been started. This includes time before being bound to a node, as well as time spent -// pulling images onto the host. -#PodPending: #PodPhase & "Pending" - -// PodRunning means the pod has been bound to a node and all of the containers have been started. -// At least one container is still running or is in the process of being restarted. -#PodRunning: #PodPhase & "Running" - -// PodSucceeded means that all containers in the pod have voluntarily terminated -// with a container exit code of 0, and the system is not going to restart any of these containers. -#PodSucceeded: #PodPhase & "Succeeded" - -// PodFailed means that all containers in the pod have terminated, and at least one container has -// terminated in a failure (exited with a non-zero exit code or was stopped by the system). -#PodFailed: #PodPhase & "Failed" - -// PodUnknown means that for some reason the state of the pod could not be obtained, typically due -// to an error in communicating with the host of the pod. -// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) -#PodUnknown: #PodPhase & "Unknown" - -// PodConditionType is a valid value for PodCondition.Type -#PodConditionType: string // #enumPodConditionType - -#enumPodConditionType: - #ContainersReady | - #PodInitialized | - #PodReady | - #PodScheduled | - #DisruptionTarget - -// ContainersReady indicates whether all containers in the pod are ready. -#ContainersReady: #PodConditionType & "ContainersReady" - -// PodInitialized means that all init containers in the pod have started successfully. -#PodInitialized: #PodConditionType & "Initialized" - -// PodReady means the pod is able to service requests and should be added to the -// load balancing pools of all matching services. -#PodReady: #PodConditionType & "Ready" - -// PodScheduled represents status of the scheduling process for this pod. -#PodScheduled: #PodConditionType & "PodScheduled" - -// DisruptionTarget indicates the pod is about to be terminated due to a -// disruption (such as preemption, eviction API or garbage-collection). -#DisruptionTarget: #PodConditionType & "DisruptionTarget" - -// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler -// can't schedule the pod right now, for example due to insufficient resources in the cluster. -#PodReasonUnschedulable: "Unschedulable" - -// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler -// skips scheduling the pod because one or more scheduling gates are still present. -#PodReasonSchedulingGated: "SchedulingGated" - -// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens -// during scheduling, for example due to nodeAffinity parsing errors. -#PodReasonSchedulerError: "SchedulerError" - -// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination -// is initiated by kubelet -#PodReasonTerminationByKubelet: "TerminationByKubelet" - -// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the -// disruption was initiated by scheduler's preemption. -#PodReasonPreemptionByScheduler: "PreemptionByScheduler" - -// PodCondition contains details for the current condition of this pod. -#PodCondition: { - // Type is the type of the condition. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) - - // Status is the status of the condition. - // Can be True, False, Unknown. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we probed the condition. - // +optional - lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) - - // Last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // Unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// PodResizeStatus shows status of desired resize of a pod's containers. -#PodResizeStatus: string // #enumPodResizeStatus - -#enumPodResizeStatus: - #PodResizeStatusProposed | - #PodResizeStatusInProgress | - #PodResizeStatusDeferred | - #PodResizeStatusInfeasible - -// Pod resources resize has been requested and will be evaluated by node. -#PodResizeStatusProposed: #PodResizeStatus & "Proposed" - -// Pod resources resize has been accepted by node and is being actuated. -#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" - -// Node cannot resize the pod at this time and will keep retrying. -#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" - -// Requested pod resize is not feasible and will not be re-evaluated. -#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" - -// RestartPolicy describes how the container should be restarted. -// Only one of the following restart policies may be specified. -// If none of the following policies is specified, the default one -// is RestartPolicyAlways. -// +enum -#RestartPolicy: string // #enumRestartPolicy - -#enumRestartPolicy: - #RestartPolicyAlways | - #RestartPolicyOnFailure | - #RestartPolicyNever - -#RestartPolicyAlways: #RestartPolicy & "Always" -#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" -#RestartPolicyNever: #RestartPolicy & "Never" - -// ContainerRestartPolicy is the restart policy for a single container. -// This may only be set for init containers and only allowed value is "Always". -#ContainerRestartPolicy: string // #enumContainerRestartPolicy - -#enumContainerRestartPolicy: - #ContainerRestartPolicyAlways - -#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" - -// DNSPolicy defines how a pod's DNS will be configured. -// +enum -#DNSPolicy: string // #enumDNSPolicy - -#enumDNSPolicy: - #DNSClusterFirstWithHostNet | - #DNSClusterFirst | - #DNSDefault | - #DNSNone - -// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS -// first, if it is available, then fall back on the default -// (as determined by kubelet) DNS settings. -#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" - -// DNSClusterFirst indicates that the pod should use cluster DNS -// first unless hostNetwork is true, if it is available, then -// fall back on the default (as determined by kubelet) DNS settings. -#DNSClusterFirst: #DNSPolicy & "ClusterFirst" - -// DNSDefault indicates that the pod should use the default (as -// determined by kubelet) DNS settings. -#DNSDefault: #DNSPolicy & "Default" - -// DNSNone indicates that the pod should use empty DNS settings. DNS -// parameters such as nameservers and search paths should be defined via -// DNSConfig. -#DNSNone: #DNSPolicy & "None" - -// DefaultTerminationGracePeriodSeconds indicates the default duration in -// seconds a pod needs to terminate gracefully. -#DefaultTerminationGracePeriodSeconds: 30 - -// A node selector represents the union of the results of one or more label queries -// over a set of nodes; that is, it represents the OR of the selectors represented -// by the node selector terms. -// +structType=atomic -#NodeSelector: { - // Required. A list of node selector terms. The terms are ORed. - nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) -} - -// A null or empty node selector term matches no objects. The requirements of -// them are ANDed. -// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. -// +structType=atomic -#NodeSelectorTerm: { - // A list of node selector requirements by node's labels. - // +optional - matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) - - // A list of node selector requirements by node's fields. - // +optional - matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A node selector requirement is a selector that contains values, a key, and an operator -// that relates the key and values. -#NodeSelectorRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // Represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. If the operator is Gt or Lt, the values - // array must have a single element, which will be interpreted as an integer. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A node selector operator is the set of operators that can be used in -// a node selector requirement. -// +enum -#NodeSelectorOperator: string // #enumNodeSelectorOperator - -#enumNodeSelectorOperator: - #NodeSelectorOpIn | - #NodeSelectorOpNotIn | - #NodeSelectorOpExists | - #NodeSelectorOpDoesNotExist | - #NodeSelectorOpGt | - #NodeSelectorOpLt - -#NodeSelectorOpIn: #NodeSelectorOperator & "In" -#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" -#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" -#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" -#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" -#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" - -// A topology selector term represents the result of label queries. -// A null or empty topology selector term matches no objects. -// The requirements of them are ANDed. -// It provides a subset of functionality as NodeSelectorTerm. -// This is an alpha feature and may change in the future. -// +structType=atomic -#TopologySelectorTerm: { - // A list of topology selector requirements by labels. - // +optional - matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) -} - -// A topology selector requirement is a selector that matches given label. -// This is an alpha feature and may change in the future. -#TopologySelectorLabelRequirement: { - // The label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // An array of string values. One value must match the label to be selected. - // Each entry in Values is ORed. - values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) -} - -// Affinity is a group of affinity scheduling rules. -#Affinity: { - // Describes node affinity scheduling rules for the pod. - // +optional - nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) - - // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) - - // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - // +optional - podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) -} - -// Pod affinity is a group of inter pod affinity scheduling rules. -#PodAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// Pod anti affinity is a group of inter pod anti affinity scheduling rules. -#PodAntiAffinity: { - // If the anti-affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the anti-affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to a pod label update), the - // system may or may not try to eventually evict the pod from its node. - // When there are multiple elements, the lists of nodes corresponding to each - // podAffinityTerm are intersected, i.e. all terms must be satisfied. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the anti-affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling anti-affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) -} - -// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) -#WeightedPodAffinityTerm: { - // weight associated with matching the corresponding podAffinityTerm, - // in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // Required. A pod affinity term, associated with the corresponding weight. - podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) -} - -// Defines a set of pods (namely those matching the labelSelector -// relative to the given namespace(s)) that this pod should be -// co-located (affinity) or not co-located (anti-affinity) with, -// where co-located is defined as running on a node whose value of -// the label with key matches that of any node on which -// a pod of the set of pods is running -#PodAffinityTerm: { - // A label query over a set of resources, in this case pods. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaces specifies a static list of namespace names that the term applies to. - // The term is applied to the union of the namespaces listed in this field - // and the ones selected by namespaceSelector. - // null or empty namespaces list and null namespaceSelector means "this pod's namespace". - // +optional - namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) - - // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - // the labelSelector in the specified namespaces, where co-located is defined as running on a node - // whose value of the label with key topologyKey matches that of any node on which any of the - // selected pods is running. - // Empty topologyKey is not allowed. - topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) - - // A label query over the set of namespaces that the term applies to. - // The term is applied to the union of the namespaces selected by this field - // and the ones listed in the namespaces field. - // null selector and null or empty namespaces list means "this pod's namespace". - // An empty selector ({}) matches all namespaces. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) -} - -// Node affinity is a group of node affinity scheduling rules. -#NodeAffinity: { - // If the affinity requirements specified by this field are not met at - // scheduling time, the pod will not be scheduled onto the node. - // If the affinity requirements specified by this field cease to be met - // at some point during pod execution (e.g. due to an update), the system - // may or may not try to eventually evict the pod from its node. - // +optional - requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) - - // The scheduler will prefer to schedule pods to nodes that satisfy - // the affinity expressions specified by this field, but it may choose - // a node that violates one or more of the expressions. The node that is - // most preferred is the one with the greatest sum of weights, i.e. - // for each node that meets all of the scheduling requirements (resource - // request, requiredDuringScheduling affinity expressions, etc.), - // compute a sum by iterating through the elements of this field and adding - // "weight" to the sum if the node matches the corresponding matchExpressions; the - // node(s) with the highest sum are the most preferred. - // +optional - preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) -} - -// An empty preferred scheduling term matches all objects with implicit weight 0 -// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). -#PreferredSchedulingTerm: { - // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - weight: int32 @go(Weight) @protobuf(1,varint,opt) - - // A node selector term, associated with the corresponding weight. - preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) -} - -// The node this Taint is attached to has the "effect" on -// any pod that does not tolerate the Taint. -#Taint: { - // Required. The taint key to be applied to a node. - key: string @go(Key) @protobuf(1,bytes,opt) - - // The taint value corresponding to the taint key. - // +optional - value?: string @go(Value) @protobuf(2,bytes,opt) - - // Required. The effect of the taint on pods - // that do not tolerate the taint. - // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. - effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) - - // TimeAdded represents the time at which the taint was added. - // It is only written for NoExecute taints. - // +optional - timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) -} - -// +enum -#TaintEffect: string // #enumTaintEffect - -#enumTaintEffect: - #TaintEffectNoSchedule | - #TaintEffectPreferNoSchedule | - #TaintEffectNoExecute - -// Do not allow new pods to schedule onto the node unless they tolerate the taint, -// but allow all pods submitted to Kubelet without going through the scheduler -// to start, and allow all already-running pods to continue running. -// Enforced by the scheduler. -#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" - -// Like TaintEffectNoSchedule, but the scheduler tries not to schedule -// new pods onto the node, rather than prohibiting new pods from scheduling -// onto the node entirely. Enforced by the scheduler. -#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" - -// Evict any already-running pods that do not tolerate the taint. -// Currently enforced by NodeController. -#TaintEffectNoExecute: #TaintEffect & "NoExecute" - -// The pod this Toleration is attached to tolerates any taint that matches -// the triple using the matching operator . -#Toleration: { - // Key is the taint key that the toleration applies to. Empty means match all taint keys. - // If the key is empty, operator must be Exists; this combination means to match all values and all keys. - // +optional - key?: string @go(Key) @protobuf(1,bytes,opt) - - // Operator represents a key's relationship to the value. - // Valid operators are Exists and Equal. Defaults to Equal. - // Exists is equivalent to wildcard for value, so that a pod can - // tolerate all taints of a particular category. - // +optional - operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) - - // Value is the taint value the toleration matches to. - // If the operator is Exists, the value should be empty, otherwise just a regular string. - // +optional - value?: string @go(Value) @protobuf(3,bytes,opt) - - // Effect indicates the taint effect to match. Empty means match all taint effects. - // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - // +optional - effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) - - // TolerationSeconds represents the period of time the toleration (which must be - // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - // it is not set, which means tolerate the taint forever (do not evict). Zero and - // negative values will be treated as 0 (evict immediately) by the system. - // +optional - tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) -} - -// A toleration operator is the set of operators that can be used in a toleration. -// +enum -#TolerationOperator: string // #enumTolerationOperator - -#enumTolerationOperator: - #TolerationOpExists | - #TolerationOpEqual - -#TolerationOpExists: #TolerationOperator & "Exists" -#TolerationOpEqual: #TolerationOperator & "Equal" - -// PodReadinessGate contains the reference to a pod condition -#PodReadinessGate: { - // ConditionType refers to a condition in the pod's condition list with matching type. - conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) -} - -// PodSpec is a description of a pod. -#PodSpec: { - // List of volumes that can be mounted by containers belonging to the pod. - // More info: https://kubernetes.io/docs/concepts/storage/volumes - // +optional - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) - - // List of initialization containers belonging to the pod. - // Init containers are executed in order prior to containers being started. If any - // init container fails, the pod is considered to have failed and is handled according - // to its restartPolicy. The name for an init container or normal container must be - // unique among all containers. - // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. - // The resourceRequirements of an init container are taken into account during scheduling - // by finding the highest request/limit for each resource type, and then using the max of - // of that value or the sum of the normal containers. Limits are applied to init containers - // in a similar fashion. - // Init containers cannot currently be added or removed. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - // +patchMergeKey=name - // +patchStrategy=merge - initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) - - // List of containers belonging to the pod. - // Containers cannot currently be added or removed. - // There must be at least one container in a Pod. - // Cannot be updated. - // +patchMergeKey=name - // +patchStrategy=merge - containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) - - // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing - // pod to perform user-initiated actions such as debugging. This list cannot be specified when - // creating a pod, and it cannot be modified by updating the pod spec. In order to add an - // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) - - // Restart policy for all containers within the pod. - // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. - // Default to Always. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - // +optional - restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) - - // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. - // Value must be non-negative integer. The value zero indicates stop immediately via - // the kill signal (no opportunity to shut down). - // If this value is nil, the default grace period will be used instead. - // The grace period is the duration in seconds after the processes running in the pod are sent - // a termination signal and the time when the processes are forcibly halted with a kill signal. - // Set this value longer than the expected cleanup time for your process. - // Defaults to 30 seconds. - // +optional - terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) - - // Optional duration in seconds the pod may be active on the node relative to - // StartTime before the system will actively try to mark it failed and kill associated containers. - // Value must be a positive integer. - // +optional - activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) - - // Set DNS policy for the pod. - // Defaults to "ClusterFirst". - // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. - // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. - // To have DNS options set along with hostNetwork, you have to specify DNS policy - // explicitly to 'ClusterFirstWithHostNet'. - // +optional - dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) - - // ServiceAccountName is the name of the ServiceAccount to use to run this pod. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - // +optional - serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) - - // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. - // Deprecated: Use serviceAccountName instead. - // +k8s:conversion-gen=false - // +optional - serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) - - // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) - - // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, - // the scheduler simply schedules this pod onto that node, assuming that it fits resource - // requirements. - // +optional - nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) - - // Host networking requested for this pod. Use the host's network namespace. - // If this option is set, the ports that will be used must be specified. - // Default to false. - // +k8s:conversion-gen=false - // +optional - hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) - - // Use the host's pid namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) - - // Use the host's ipc namespace. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) - - // Share a single process namespace between all of the containers in a pod. - // When this is set containers will be able to view and signal processes from other containers - // in the same pod, and the first process in each container will not be assigned PID 1. - // HostPID and ShareProcessNamespace cannot both be set. - // Optional: Default to false. - // +k8s:conversion-gen=false - // +optional - shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) - - // SecurityContext holds pod-level security attributes and common container settings. - // Optional: Defaults to empty. See type description for default values of each field. - // +optional - securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) - - // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. - // If specified, these secrets will be passed to individual puller implementations for them to use. - // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) - - // Specifies the hostname of the Pod - // If not specified, the pod's hostname will be set to a system-defined value. - // +optional - hostname?: string @go(Hostname) @protobuf(16,bytes,opt) - - // If specified, the fully qualified Pod hostname will be "...svc.". - // If not specified, the pod will not have a domainname at all. - // +optional - subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) - - // If specified, the pod's scheduling constraints - // +optional - affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) - - // If specified, the pod will be dispatched by specified scheduler. - // If not specified, the pod will be dispatched by default scheduler. - // +optional - schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) - - // If specified, the pod's tolerations. - // +optional - tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) - - // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts - // file if specified. This is only valid for non-hostNetwork pods. - // +optional - // +patchMergeKey=ip - // +patchStrategy=merge - hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) - - // If specified, indicates the pod's priority. "system-node-critical" and - // "system-cluster-critical" are two special keywords which indicate the - // highest priorities with the former being the highest priority. Any other - // name must be defined by creating a PriorityClass object with that name. - // If not specified, the pod priority will be default or zero if there is no - // default. - // +optional - priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) - - // The priority value. Various system components use this field to find the - // priority of the pod. When Priority Admission Controller is enabled, it - // prevents users from setting this field. The admission controller populates - // this field from PriorityClassName. - // The higher the value, the higher the priority. - // +optional - priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) - - // Specifies the DNS parameters of a pod. - // Parameters specified here will be merged to the generated DNS - // configuration based on DNSPolicy. - // +optional - dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) - - // If specified, all readiness gates will be evaluated for pod readiness. - // A pod is ready when all its containers are ready AND - // all conditions specified in the readiness gates have status equal to "True" - // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates - // +optional - readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) - - // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used - // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. - // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an - // empty definition that uses the default runtime handler. - // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - // +optional - runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) - - // EnableServiceLinks indicates whether information about services should be injected into pod's - // environment variables, matching the syntax of Docker links. - // Optional: Defaults to true. - // +optional - enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) - - // PreemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) - - // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. - // This field will be autopopulated at admission time by the RuntimeClass admission controller. If - // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. - // The RuntimeClass admission controller will reject Pod create requests which have the overhead already - // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value - // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - // +optional - overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) - - // TopologySpreadConstraints describes how a group of pods ought to spread across topology - // domains. Scheduler will schedule pods in a way which abides by the constraints. - // All topologySpreadConstraints are ANDed. - // +optional - // +patchMergeKey=topologyKey - // +patchStrategy=merge - // +listType=map - // +listMapKey=topologyKey - // +listMapKey=whenUnsatisfiable - topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) - - // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). - // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). - // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. - // If a pod does not have FQDN, this has no effect. - // Default to false. - // +optional - setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) - - // Specifies the OS of the containers in the pod. - // Some pod and container fields are restricted if this is set. - // - // If the OS field is set to linux, the following fields must be unset: - // -securityContext.windowsOptions - // - // If the OS field is set to windows, following fields must be unset: - // - spec.hostPID - // - spec.hostIPC - // - spec.hostUsers - // - spec.securityContext.seLinuxOptions - // - spec.securityContext.seccompProfile - // - spec.securityContext.fsGroup - // - spec.securityContext.fsGroupChangePolicy - // - spec.securityContext.sysctls - // - spec.shareProcessNamespace - // - spec.securityContext.runAsUser - // - spec.securityContext.runAsGroup - // - spec.securityContext.supplementalGroups - // - spec.containers[*].securityContext.seLinuxOptions - // - spec.containers[*].securityContext.seccompProfile - // - spec.containers[*].securityContext.capabilities - // - spec.containers[*].securityContext.readOnlyRootFilesystem - // - spec.containers[*].securityContext.privileged - // - spec.containers[*].securityContext.allowPrivilegeEscalation - // - spec.containers[*].securityContext.procMount - // - spec.containers[*].securityContext.runAsUser - // - spec.containers[*].securityContext.runAsGroup - // +optional - os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) - - // Use the host's user namespace. - // Optional: Default to true. - // If set to true or not present, the pod will be run in the host user namespace, useful - // for when the pod needs a feature only available to the host user namespace, such as - // loading a kernel module with CAP_SYS_MODULE. - // When set to false, a new userns is created for the pod. Setting false is useful for - // mitigating container breakout vulnerabilities even allowing users to run their - // containers as root without actually having root privileges on the host. - // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - // +k8s:conversion-gen=false - // +optional - hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) - - // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. - // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the - // scheduler will not attempt to schedule the pod. - // - // SchedulingGates can only be set at pod creation time, and be removed only afterwards. - // - // This is a beta feature enabled by the PodSchedulingReadiness feature gate. - // - // +patchMergeKey=name - // +patchStrategy=merge - // +listType=map - // +listMapKey=name - // +featureGate=PodSchedulingReadiness - // +optional - schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) - - // ResourceClaims defines which ResourceClaims must be allocated - // and reserved before the Pod is allowed to start. The resources - // will be made available to those containers which consume them - // by name. - // - // This is an alpha field and requires enabling the - // DynamicResourceAllocation feature gate. - // - // This field is immutable. - // - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) -} - -// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -// Containers that need access to the ResourceClaim reference it with this name. -#PodResourceClaim: { - // Name uniquely identifies this resource claim inside the pod. - // This must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // Source describes where to find the ResourceClaim. - source?: #ClaimSource @go(Source) @protobuf(2,bytes) -} - -// ClaimSource describes a reference to a ResourceClaim. -// -// Exactly one of these fields should be set. Consumers of this type must -// treat an empty object as if it has an unknown value. -#ClaimSource: { - // ResourceClaimName is the name of a ResourceClaim object in the same - // namespace as this pod. - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) - - // ResourceClaimTemplateName is the name of a ResourceClaimTemplate - // object in the same namespace as this pod. - // - // The template will be used to create a new ResourceClaim, which will - // be bound to this pod. When this pod is deleted, the ResourceClaim - // will also be deleted. The pod name and resource name, along with a - // generated component, will be used to form a unique name for the - // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - // - // This field is immutable and no changes will be made to the - // corresponding ResourceClaim by the control plane after creating the - // ResourceClaim. - resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) -} - -// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim -// which references a ResourceClaimTemplate. It stores the generated name for -// the corresponding ResourceClaim. -#PodResourceClaimStatus: { - // Name uniquely identifies this resource claim inside the pod. - // This must match the name of an entry in pod.spec.resourceClaims, - // which implies that the string must be a DNS_LABEL. - name: string @go(Name) @protobuf(1,bytes) - - // ResourceClaimName is the name of the ResourceClaim that was - // generated for the Pod in the namespace of the Pod. It this is - // unset, then generating a ResourceClaim was not necessary. The - // pod.spec.resourceClaims entry can be ignored in this case. - // - // +optional - resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) -} - -// OSName is the set of OS'es that can be used in OS. -#OSName: string // #enumOSName - -#enumOSName: - #Linux | - #Windows - -#Linux: #OSName & "linux" -#Windows: #OSName & "windows" - -// PodOS defines the OS parameters of a pod. -#PodOS: { - // Name is the name of the operating system. The currently supported values are linux and windows. - // Additional value may be defined in future and can be one of: - // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - // Clients should expect to handle additional values and treat unrecognized values in this field as os: null - name: #OSName @go(Name) @protobuf(1,bytes,opt) -} - -// PodSchedulingGate is associated to a Pod to guard its scheduling. -#PodSchedulingGate: { - // Name of the scheduling gate. - // Each scheduling gate must have a unique name field. - name: string @go(Name) @protobuf(1,bytes,opt) -} - -// +enum -#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction - -#enumUnsatisfiableConstraintAction: - #DoNotSchedule | - #ScheduleAnyway - -// DoNotSchedule instructs the scheduler not to schedule the pod -// when constraints are not satisfied. -#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" - -// ScheduleAnyway instructs the scheduler to schedule the pod -// even if constraints are not satisfied. -#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" - -// NodeInclusionPolicy defines the type of node inclusion policy -// +enum -#NodeInclusionPolicy: string // #enumNodeInclusionPolicy - -#enumNodeInclusionPolicy: - #NodeInclusionPolicyIgnore | - #NodeInclusionPolicyHonor - -// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" - -// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. -#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" - -// TopologySpreadConstraint specifies how to spread matching pods among the given topology. -#TopologySpreadConstraint: { - // MaxSkew describes the degree to which pods may be unevenly distributed. - // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - // between the number of matching pods in the target topology and the global minimum. - // The global minimum is the minimum number of matching pods in an eligible domain - // or zero if the number of eligible domains is less than MinDomains. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 2/2/1: - // In this case, the global minimum is 1. - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P | - // +-------+-------+-------+ - // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - // violate MaxSkew(1). - // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - // to topologies that satisfy it. - // It's a required field. Default value is 1 and 0 is not allowed. - maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) - - // TopologyKey is the key of node labels. Nodes that have a label with this key - // and identical values are considered to be in the same topology. - // We consider each as a "bucket", and try to put balanced number - // of pods into each bucket. - // We define a domain as a particular instance of a topology. - // Also, we define an eligible domain as a domain whose nodes meet the requirements of - // nodeAffinityPolicy and nodeTaintsPolicy. - // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - // It's a required field. - topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) - - // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - // the spread constraint. - // - DoNotSchedule (default) tells the scheduler not to schedule it. - // - ScheduleAnyway tells the scheduler to schedule the pod in any location, - // but giving higher precedence to topologies that would help reduce the - // skew. - // A constraint is considered "Unsatisfiable" for an incoming pod - // if and only if every possible node assignment for that pod would violate - // "MaxSkew" on some topology. - // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - // labelSelector spread as 3/1/1: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P P | P | P | - // +-------+-------+-------+ - // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - // won't make it *more* imbalanced. - // It's a required field. - whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) - - // LabelSelector is used to find matching pods. - // Pods that match this label selector are counted to determine the number of pods - // in their corresponding topology domain. - // +optional - labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) - - // MinDomains indicates a minimum number of eligible domains. - // When the number of eligible domains with matching topology keys is less than minDomains, - // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - // And when the number of eligible domains with matching topology keys equals or greater than minDomains, - // this value has no effect on scheduling. - // As a result, when the number of eligible domains is less than minDomains, - // scheduler won't schedule more than maxSkew Pods to those domains. - // If value is nil, the constraint behaves as if MinDomains is equal to 1. - // Valid values are integers greater than 0. - // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - // - // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - // labelSelector spread as 2/2/2: - // +-------+-------+-------+ - // | zone1 | zone2 | zone3 | - // +-------+-------+-------+ - // | P P | P P | P P | - // +-------+-------+-------+ - // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - // In this situation, new pod with the same labelSelector cannot be scheduled, - // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - // it will violate MaxSkew. - // - // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - // +optional - minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) - - // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - // when calculating pod topology spread skew. Options are: - // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - // - // If this value is nil, the behavior is equivalent to the Honor policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) - - // NodeTaintsPolicy indicates how we will treat node taints when calculating - // pod topology spread skew. Options are: - // - Honor: nodes without taints, along with tainted nodes for which the incoming pod - // has a toleration, are included. - // - Ignore: node taints are ignored. All nodes are included. - // - // If this value is nil, the behavior is equivalent to the Ignore policy. - // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - // +optional - nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) - - // MatchLabelKeys is a set of pod label keys to select the pods over which - // spreading will be calculated. The keys are used to lookup values from the - // incoming pod labels, those key-value labels are ANDed with labelSelector - // to select the group of existing pods over which spreading will be calculated - // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - // MatchLabelKeys cannot be set when LabelSelector isn't set. - // Keys that don't exist in the incoming pod labels will - // be ignored. A null or empty list means only match against labelSelector. - // - // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - // +listType=atomic - // +optional - matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) -} - -// The default value for enableServiceLinks attribute. -#DefaultEnableServiceLinks: true - -// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -// pod's hosts file. -#HostAlias: { - // IP address of the host file entry. - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostnames for the above IP address. - hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) -} - -// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume -// when volume is mounted. -// +enum -#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy - -#enumPodFSGroupChangePolicy: - #FSGroupChangeOnRootMismatch | - #FSGroupChangeAlways - -// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed -// only when permission and ownership of root directory does not match with expected -// permissions on the volume. This can help shorten the time it takes to change -// ownership and permissions of a volume. -#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" - -// FSGroupChangeAlways indicates that volume's ownership and permissions -// should always be changed whenever volume is mounted inside a Pod. This the default -// behavior. -#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" - -// PodSecurityContext holds pod-level security attributes and common container settings. -// Some fields are also present in container.securityContext. Field values of -// container.securityContext take precedence over field values of PodSecurityContext. -#PodSecurityContext: { - // The SELinux context to be applied to all containers. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in SecurityContext. If set in - // both SecurityContext and PodSecurityContext, the value specified in SecurityContext - // takes precedence for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options within a container's SecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence - // for that container. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in SecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) - - // A list of groups applied to the first process run in each container, in addition - // to the container's primary GID, the fsGroup (if specified), and group memberships - // defined in the container image for the uid of the container process. If unspecified, - // no additional groups are added to any container. Note that group memberships - // defined in the container image for the uid of the container process are still effective, - // even if they are not included in this list. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) - - // A special supplemental group that applies to all containers in a pod. - // Some volume types allow the Kubelet to change the ownership of that volume - // to be owned by the pod: - // - // 1. The owning GID will be the FSGroup - // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - // 3. The permission bits are OR'd with rw-rw---- - // - // If unset, the Kubelet will not modify the ownership and permissions of any volume. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) - - // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - // sysctls (by the container runtime) might fail to launch. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) - - // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - // before being exposed inside Pod. This field will only apply to - // volume types which support fsGroup based ownership(and permissions). - // It will have no effect on ephemeral volume types such as: secret, configmaps - // and emptydir. - // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) - - // The seccomp options to use by the containers in this pod. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) -} - -// SeccompProfile defines a pod/container's seccomp profile settings. -// Only one profile source may be set. -// +union -#SeccompProfile: { - // type indicates which kind of seccomp profile will be applied. - // Valid options are: - // - // Localhost - a profile defined in a file on the node should be used. - // RuntimeDefault - the container runtime default profile should be used. - // Unconfined - no profile should be applied. - // +unionDiscriminator - type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) - - // localhostProfile indicates a profile defined in a file on the node should be used. - // The profile must be preconfigured on the node to work. - // Must be a descending path, relative to the kubelet's configured seccomp profile location. - // Must be set if type is "Localhost". Must NOT be set for any other type. - // +optional - localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) -} - -// SeccompProfileType defines the supported seccomp profile types. -// +enum -#SeccompProfileType: string // #enumSeccompProfileType - -#enumSeccompProfileType: - #SeccompProfileTypeUnconfined | - #SeccompProfileTypeRuntimeDefault | - #SeccompProfileTypeLocalhost - -// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). -#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" - -// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. -#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" - -// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. -// The file's location relative to /seccomp. -#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" - -// PodQOSClass defines the supported qos classes of Pods. -// +enum -#PodQOSClass: string // #enumPodQOSClass - -#enumPodQOSClass: - #PodQOSGuaranteed | - #PodQOSBurstable | - #PodQOSBestEffort - -// PodQOSGuaranteed is the Guaranteed qos class. -#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" - -// PodQOSBurstable is the Burstable qos class. -#PodQOSBurstable: #PodQOSClass & "Burstable" - -// PodQOSBestEffort is the BestEffort qos class. -#PodQOSBestEffort: #PodQOSClass & "BestEffort" - -// PodDNSConfig defines the DNS parameters of a pod in addition to -// those generated from DNSPolicy. -#PodDNSConfig: { - // A list of DNS name server IP addresses. - // This will be appended to the base nameservers generated from DNSPolicy. - // Duplicated nameservers will be removed. - // +optional - nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) - - // A list of DNS search domains for host-name lookup. - // This will be appended to the base search paths generated from DNSPolicy. - // Duplicated search paths will be removed. - // +optional - searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) - - // A list of DNS resolver options. - // This will be merged with the base options generated from DNSPolicy. - // Duplicated entries will be removed. Resolution options given in Options - // will override those that appear in the base DNSPolicy. - // +optional - options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) -} - -// PodDNSConfigOption defines DNS resolver options of a pod. -#PodDNSConfigOption: { - // Required. - name?: string @go(Name) @protobuf(1,bytes,opt) - - // +optional - value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) -} - -// PodIP represents a single IP address allocated to the pod. -#PodIP: { - // IP is the IP address assigned to the pod - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// HostIP represents a single IP address allocated to the host. -#HostIP: { - // IP is the IP address assigned to the host - ip?: string @go(IP) @protobuf(1,bytes,opt) -} - -// EphemeralContainerCommon is a copy of all fields in Container to be inlined in -// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer -// to Container and allows separate documentation for the fields of EphemeralContainer. -// When a new field is added to Container it must be added here as well. -#EphemeralContainerCommon: { - // Name of the ephemeral container specified as a DNS_LABEL. - // This name must be unique among all containers, init containers and ephemeral containers. - name: string @go(Name) @protobuf(1,bytes,opt) - - // Container image name. - // More info: https://kubernetes.io/docs/concepts/containers/images - image?: string @go(Image) @protobuf(2,bytes,opt) - - // Entrypoint array. Not executed within a shell. - // The image's ENTRYPOINT is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) - - // Arguments to the entrypoint. - // The image's CMD is used if this is not provided. - // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - // of whether the variable exists or not. Cannot be updated. - // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - // +optional - args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) - - // Container's working directory. - // If not specified, the container runtime's default will be used, which - // might be configured in the container image. - // Cannot be updated. - // +optional - workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) - - // Ports are not allowed for ephemeral containers. - // +optional - // +patchMergeKey=containerPort - // +patchStrategy=merge - // +listType=map - // +listMapKey=containerPort - // +listMapKey=protocol - ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) - - // List of sources to populate environment variables in the container. - // The keys defined within a source must be a C_IDENTIFIER. All invalid keys - // will be reported as an event when the container is starting. When a key exists in multiple - // sources, the value associated with the last source will take precedence. - // Values defined by an Env with a duplicate key will take precedence. - // Cannot be updated. - // +optional - envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) - - // List of environment variables to set in the container. - // Cannot be updated. - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) - - // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources - // already allocated to the pod. - // +optional - resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) - - // Resources resize policy for the container. - // +featureGate=InPlacePodVerticalScaling - // +optional - // +listType=atomic - resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) - - // Restart policy for the container to manage the restart behavior of each - // container within a pod. - // This may only be set for init containers. You cannot set this field on - // ephemeral containers. - // +featureGate=SidecarContainers - // +optional - restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) - - // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. - // Cannot be updated. - // +optional - // +patchMergeKey=mountPath - // +patchStrategy=merge - volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) - - // volumeDevices is the list of block devices to be used by the container. - // +patchMergeKey=devicePath - // +patchStrategy=merge - // +optional - volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) - - // Probes are not allowed for ephemeral containers. - // +optional - livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) - - // Probes are not allowed for ephemeral containers. - // +optional - startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) - - // Lifecycle is not allowed for ephemeral containers. - // +optional - lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) - - // Optional: Path at which the file to which the container's termination message - // will be written is mounted into the container's filesystem. - // Message written is intended to be brief final status, such as an assertion failure message. - // Will be truncated by the node if greater than 4096 bytes. The total message length across - // all containers will be limited to 12kb. - // Defaults to /dev/termination-log. - // Cannot be updated. - // +optional - terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) - - // Indicate how the termination message should be populated. File will use the contents of - // terminationMessagePath to populate the container status message on both success and failure. - // FallbackToLogsOnError will use the last chunk of container log output if the termination - // message file is empty and the container exited with an error. - // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - // Defaults to File. - // Cannot be updated. - // +optional - terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) - - // Image pull policy. - // One of Always, Never, IfNotPresent. - // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - // +optional - imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) - - // Optional: SecurityContext defines the security options the ephemeral container should be run with. - // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - // +optional - securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) - - // Whether this container should allocate a buffer for stdin in the container runtime. If this - // is not set, reads from stdin in the container will always result in EOF. - // Default is false. - // +optional - stdin?: bool @go(Stdin) @protobuf(16,varint,opt) - - // Whether the container runtime should close the stdin channel after it has been opened by - // a single attach. When stdin is true the stdin stream will remain open across multiple attach - // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - // first client attaches to stdin, and then remains open and accepts data until the client disconnects, - // at which time stdin is closed and remains closed until the container is restarted. If this - // flag is false, a container processes that reads from stdin will never receive an EOF. - // Default is false - // +optional - stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) - - // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. - // Default is false. - // +optional - tty?: bool @go(TTY) @protobuf(18,varint,opt) -} - -// An EphemeralContainer is a temporary container that you may add to an existing Pod for -// user-initiated activities such as debugging. Ephemeral containers have no resource or -// scheduling guarantees, and they will not be restarted when they exit or when a Pod is -// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -// Pod to exceed its resource allocation. -// -// To add an ephemeral container, use the ephemeralcontainers subresource of an existing -// Pod. Ephemeral containers may not be removed or restarted. -#EphemeralContainer: { - #EphemeralContainerCommon - - // If set, the name of the container from PodSpec that this ephemeral container targets. - // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. - // If not set then the ephemeral container uses the namespaces configured in the Pod spec. - // - // The container runtime must implement support for this feature. If the runtime does not - // support namespace targeting then the result of setting this field is undefined. - // +optional - targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) -} - -// PodStatus represents information about the status of a pod. Status may trail the actual -// state of a system, especially if the node that hosts the pod cannot contact the control -// plane. -#PodStatus: { - // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. - // The conditions array, the reason and message fields, and the individual container status - // arrays contain more detail about the pod's status. - // There are five possible phase values: - // - // Pending: The pod has been accepted by the Kubernetes system, but one or more of the - // container images has not been created. This includes time before being scheduled as - // well as time spent downloading images over the network, which could take a while. - // Running: The pod has been bound to a node, and all of the containers have been created. - // At least one container is still running, or is in the process of starting or restarting. - // Succeeded: All containers in the pod have terminated in success, and will not be restarted. - // Failed: All containers in the pod have terminated, and at least one container has - // terminated in failure. The container either exited with non-zero status or was terminated - // by the system. - // Unknown: For some reason the state of the pod could not be obtained, typically due to an - // error in communicating with the host of the pod. - // - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase - // +optional - phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) - - // Current service state of pod. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) - - // A human readable message indicating details about why the pod is in this condition. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be - // scheduled right away as preemption victims receive their graceful termination periods. - // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide - // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to - // give the resources on this node to a higher priority pod that is created after preemption. - // As a result, this field may be different than PodSpec.nodeName when the pod is - // scheduled. - // +optional - nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) - - // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will - // not be updated even if there is a node is assigned to pod - // +optional - hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) - - // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must - // match the hostIP field. This list is empty if the pod has not started yet. - // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will - // not be updated even if there is a node is assigned to this pod. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - // +listType=atomic - hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) - - // podIP address allocated to the pod. Routable at least within the cluster. - // Empty if not yet allocated. - // +optional - podIP?: string @go(PodIP) @protobuf(6,bytes,opt) - - // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must - // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list - // is empty if no IPs have been allocated yet. - // +optional - // +patchStrategy=merge - // +patchMergeKey=ip - podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) - - // RFC 3339 date and time at which the object was acknowledged by the Kubelet. - // This is before the Kubelet pulled the container image(s) for the pod. - // +optional - startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) - - // The list has one entry per init container in the manifest. The most recent successful - // init container will have ready = true, the most recently started container will have - // startTime set. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) - - // The list has one entry per container in the manifest. - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status - // +optional - containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) - - // The Quality of Service (QOS) classification assigned to the pod based on resource requirements - // See PodQOSClass type for available QOS classes - // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes - // +optional - qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) - - // Status for any ephemeral containers that have run in this pod. - // +optional - ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) - - // Status of resources resize desired for pod's containers. - // It is empty if no resources resize is pending. - // Any changes to container resources will automatically set this to "Proposed" - // +featureGate=InPlacePodVerticalScaling - // +optional - resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) - - // Status of resource claims. - // +patchMergeKey=name - // +patchStrategy=merge,retainKeys - // +listType=map - // +listMapKey=name - // +featureGate=DynamicResourceAllocation - // +optional - resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) -} - -// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded -#PodStatusResult: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) -} - -// Pod is a collection of containers that can run on a host. This resource is created -// by clients and scheduled onto hosts. -#Pod: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the pod. - // This data may not be up to date. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodList is a list of Pods. -#PodList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pods. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md - items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) -} - -// PodTemplateSpec describes the data a pod should have when created from a template -#PodTemplateSpec: { - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the pod. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PodTemplate describes a template for creating copies of a predefined pod. -#PodTemplate: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Template defines the pods that will be created from this pod template. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) -} - -// PodTemplateList is a list of PodTemplates. -#PodTemplateList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of pod templates - items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) -} - -// ReplicationControllerSpec is the specification of a replication controller. -#ReplicationControllerSpec: { - // Replicas is the number of desired replicas. - // This is a pointer to distinguish between explicit zero and unspecified. - // Defaults to 1. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - // +optional - replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) - - // Minimum number of seconds for which a newly created pod should be ready - // without any of its container crashing, for it to be considered available. - // Defaults to 0 (pod will be considered available as soon as it is ready) - // +optional - minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) - - // Selector is a label query over pods that should match the Replicas count. - // If Selector is empty, it is defaulted to the labels present on the Pod template. - // Label keys and values that must match in order to be controlled by this replication - // controller, if empty defaulted to labels on Pod template. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // Template is the object that describes the pod that will be created if - // insufficient replicas are detected. This takes precedence over a TemplateRef. - // The only allowed template.spec.restartPolicy value is "Always". - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template - // +optional - template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) -} - -// ReplicationControllerStatus represents the current status of a replication -// controller. -#ReplicationControllerStatus: { - // Replicas is the most recently observed number of replicas. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller - replicas: int32 @go(Replicas) @protobuf(1,varint,opt) - - // The number of pods that have labels matching the labels of the pod template of the replication controller. - // +optional - fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) - - // The number of ready replicas for this replication controller. - // +optional - readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) - - // The number of available replicas (ready for at least minReadySeconds) for this replication controller. - // +optional - availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) - - // ObservedGeneration reflects the generation of the most recently observed replication controller. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // Represents the latest available observations of a replication controller's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) -} - -#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType - -#enumReplicationControllerConditionType: - #ReplicationControllerReplicaFailure - -// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods -// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, -// etc. or deleted due to kubelet being down or finalizers are failing. -#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" - -// ReplicationControllerCondition describes the state of a replication controller at a certain point. -#ReplicationControllerCondition: { - // Type of replication controller condition. - type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // The last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // The reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // A human readable message indicating details about the transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// ReplicationController represents the configuration of a replication controller. -#ReplicationController: { - metav1.#TypeMeta - - // If the Labels of a ReplicationController are empty, they are defaulted to - // be the same as the Pod(s) that the replication controller manages. - // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the specification of the desired behavior of the replication controller. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status is the most recently observed status of the replication controller. - // This data may be out of date by some window of time. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ReplicationControllerList is a collection of replication controllers. -#ReplicationControllerList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of replication controllers. - // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller - items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) -} - -// Session Affinity Type string -// +enum -#ServiceAffinity: string // #enumServiceAffinity - -#enumServiceAffinity: - #ServiceAffinityClientIP | - #ServiceAffinityNone - -// ServiceAffinityClientIP is the Client IP based. -#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" - -// ServiceAffinityNone - no session affinity. -#ServiceAffinityNone: #ServiceAffinity & "None" - -#DefaultClientIPServiceAffinitySeconds: int32 & 10800 - -// SessionAffinityConfig represents the configurations of session affinity. -#SessionAffinityConfig: { - // clientIP contains the configurations of Client IP based session affinity. - // +optional - clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) -} - -// ClientIPConfig represents the configurations of Client IP based session affinity. -#ClientIPConfig: { - // timeoutSeconds specifies the seconds of ClientIP type session sticky time. - // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - // Default value is 10800(for 3 hours). - // +optional - timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) -} - -// Service Type string describes ingress methods for a service -// +enum -#ServiceType: string // #enumServiceType - -#enumServiceType: - #ServiceTypeClusterIP | - #ServiceTypeNodePort | - #ServiceTypeLoadBalancer | - #ServiceTypeExternalName - -// ServiceTypeClusterIP means a service will only be accessible inside the -// cluster, via the cluster IP. -#ServiceTypeClusterIP: #ServiceType & "ClusterIP" - -// ServiceTypeNodePort means a service will be exposed on one port of -// every node, in addition to 'ClusterIP' type. -#ServiceTypeNodePort: #ServiceType & "NodePort" - -// ServiceTypeLoadBalancer means a service will be exposed via an -// external load balancer (if the cloud provider supports it), in addition -// to 'NodePort' type. -#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" - -// ServiceTypeExternalName means a service consists of only a reference to -// an external name that kubedns or equivalent will return as a CNAME -// record, with no exposing or proxying of any pods involved. -#ServiceTypeExternalName: #ServiceType & "ExternalName" - -// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they -// receive on the ClusterIP. -// +enum -#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy - -#enumServiceInternalTrafficPolicy: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" - -// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same -// node as the client pod (dropping the traffic if there are no local endpoints). -#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType - -#enumServiceInternalTrafficPolicyType: - #ServiceInternalTrafficPolicyCluster | - #ServiceInternalTrafficPolicyLocal - -// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they -// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, -// and LoadBalancer IPs. -// +enum -#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy - -#enumServiceExternalTrafficPolicy: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. -#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by -// routing only to endpoints on the same node as the traffic was received on -// (dropping the traffic if there are no local endpoints). -#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" - -// for backwards compat -// +enum -#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType - -#enumServiceExternalTrafficPolicyType: - #ServiceExternalTrafficPolicyCluster | - #ServiceExternalTrafficPolicyLocal | - #ServiceExternalTrafficPolicyTypeLocal | - #ServiceExternalTrafficPolicyTypeCluster - -#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" -#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" - -// LoadBalancerPortsError represents the condition of the requested ports -// on the cloud load balancer instance. -#LoadBalancerPortsError: "LoadBalancerPortsError" - -// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError -// means the LoadBalancer was not able to be configured correctly. -#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" - -// ServiceStatus represents the current status of a service. -#ServiceStatus: { - // LoadBalancer contains the current status of the load-balancer, - // if one is present. - // +optional - loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) - - // Current service state - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) -} - -// LoadBalancerStatus represents the status of a load-balancer. -#LoadBalancerStatus: { - // Ingress is a list containing ingress points for the load-balancer. - // Traffic intended for the service should be sent to these ingress points. - // +optional - ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// LoadBalancerIngress represents the status of a load-balancer ingress point: -// traffic intended for the service should be sent to an ingress point. -#LoadBalancerIngress: { - // IP is set for load-balancer ingress points that are IP based - // (typically GCE or OpenStack load-balancers) - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // Hostname is set for load-balancer ingress points that are DNS based - // (typically AWS load-balancers) - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // Ports is a list of records of service ports - // If used, every port defined in the service should have an entry in it - // +listType=atomic - // +optional - ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) -} - -// IPFamily represents the IP Family (IPv4 or IPv6). This type is used -// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). -// +enum -#IPFamily: string // #enumIPFamily - -#enumIPFamily: - #IPv4Protocol | - #IPv6Protocol - -// IPv4Protocol indicates that this IP is IPv4 protocol -#IPv4Protocol: #IPFamily & "IPv4" - -// IPv6Protocol indicates that this IP is IPv6 protocol -#IPv6Protocol: #IPFamily & "IPv6" - -// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service -// +enum -#IPFamilyPolicy: string // #enumIPFamilyPolicy - -#enumIPFamilyPolicy: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. -// The IPFamily assigned is based on the default IPFamily used by the cluster -// or as identified by service.spec.ipFamilies field -#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" - -// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when -// the cluster is configured for dual-stack. If the cluster is not configured -// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not -// set in service.spec.ipFamilies then the service will be assigned the default IPFamily -// configured on the cluster -#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" - -// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using -// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The -// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If -// service.spec.ipFamilies was not provided then it will be assigned according to how they are -// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative -// IPFamily will be added by apiserver -#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" - -// for backwards compat -// +enum -#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType - -#enumIPFamilyPolicyType: - #IPFamilyPolicySingleStack | - #IPFamilyPolicyPreferDualStack | - #IPFamilyPolicyRequireDualStack - -// ServiceSpec describes the attributes that a user creates on a service. -#ServiceSpec: { - // The list of ports that are exposed by this service. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +patchMergeKey=port - // +patchStrategy=merge - // +listType=map - // +listMapKey=port - // +listMapKey=protocol - ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) - - // Route service traffic to pods with label keys and values matching this - // selector. If empty or not present, the service is assumed to have an - // external process managing its endpoints, which Kubernetes will not - // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - // Ignored if type is ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/ - // +optional - // +mapType=atomic - selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) - - // clusterIP is the IP address of the service and is usually assigned - // randomly. If an address is specified manually, is in-range (as per - // system configuration), and is not in use, it will be allocated to the - // service; otherwise creation of the service will fail. This field may not - // be changed through updates unless the type field is also being changed - // to ExternalName (which requires this field to be blank) or the type - // field is being changed from ExternalName (in which case this field may - // optionally be specified, as describe above). Valid values are "None", - // empty string (""), or a valid IP address. Setting this to "None" makes a - // "headless service" (no virtual IP), which is useful when direct endpoint - // connections are preferred and proxying is not required. Only applies to - // types ClusterIP, NodePort, and LoadBalancer. If this field is specified - // when creating a Service of type ExternalName, creation will fail. This - // field will be wiped when updating a Service to type ExternalName. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) - - // ClusterIPs is a list of IP addresses assigned to this service, and are - // usually assigned randomly. If an address is specified manually, is - // in-range (as per system configuration), and is not in use, it will be - // allocated to the service; otherwise creation of the service will fail. - // This field may not be changed through updates unless the type field is - // also being changed to ExternalName (which requires this field to be - // empty) or the type field is being changed from ExternalName (in which - // case this field may optionally be specified, as describe above). Valid - // values are "None", empty string (""), or a valid IP address. Setting - // this to "None" makes a "headless service" (no virtual IP), which is - // useful when direct endpoint connections are preferred and proxying is - // not required. Only applies to types ClusterIP, NodePort, and - // LoadBalancer. If this field is specified when creating a Service of type - // ExternalName, creation will fail. This field will be wiped when updating - // a Service to type ExternalName. If this field is not specified, it will - // be initialized from the clusterIP field. If this field is specified, - // clients must ensure that clusterIPs[0] and clusterIP have the same - // value. - // - // This field may hold a maximum of two entries (dual-stack IPs, in either order). - // These IPs must correspond to the values of the ipFamilies field. Both - // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +listType=atomic - // +optional - clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) - - // type determines how the Service is exposed. Defaults to ClusterIP. Valid - // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - // "ClusterIP" allocates a cluster-internal IP address for load-balancing - // to endpoints. Endpoints are determined by the selector or if that is not - // specified, by manual construction of an Endpoints object or - // EndpointSlice objects. If clusterIP is "None", no virtual IP is - // allocated and the endpoints are published as a set of endpoints rather - // than a virtual IP. - // "NodePort" builds on ClusterIP and allocates a port on every node which - // routes to the same endpoints as the clusterIP. - // "LoadBalancer" builds on NodePort and creates an external load-balancer - // (if supported in the current cloud) which routes to the same endpoints - // as the clusterIP. - // "ExternalName" aliases this service to the specified externalName. - // Several other fields do not apply to ExternalName services. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - // +optional - type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) - - // externalIPs is a list of IP addresses for which nodes in the cluster - // will also accept traffic for this service. These IPs are not managed by - // Kubernetes. The user is responsible for ensuring that traffic arrives - // at a node with this IP. A common example is external load-balancers - // that are not part of the Kubernetes system. - // +optional - externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) - - // Supports "ClientIP" and "None". Used to maintain session affinity. - // Enable client IP based session affinity. - // Must be ClientIP or None. - // Defaults to None. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - // +optional - sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) - - // Only applies to Service Type: LoadBalancer. - // This feature depends on whether the underlying cloud-provider supports specifying - // the loadBalancerIP when a load balancer is created. - // This field will be ignored if the cloud-provider does not support the feature. - // Deprecated: This field was under-specified and its meaning varies across implementations. - // Using it is non-portable and it may not support dual-stack. - // Users are encouraged to use implementation-specific annotations when available. - // +optional - loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) - - // If specified and supported by the platform, this will restrict traffic through the cloud-provider - // load-balancer will be restricted to the specified client IPs. This field will be ignored if the - // cloud-provider does not support the feature." - // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - // +optional - loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) - - // externalName is the external reference that discovery mechanisms will - // return as an alias for this service (e.g. a DNS CNAME record). No - // proxying will be involved. Must be a lowercase RFC-1123 hostname - // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - // +optional - externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) - - // externalTrafficPolicy describes how nodes distribute service traffic they - // receive on one of the Service's "externally-facing" addresses (NodePorts, - // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - // the service in a way that assumes that external load balancers will take care - // of balancing the service traffic between nodes, and so each node will deliver - // traffic only to the node-local endpoints of the service, without masquerading - // the client source IP. (Traffic mistakenly sent to a node with no endpoints will - // be dropped.) The default value, "Cluster", uses the standard behavior of - // routing to all endpoints evenly (possibly modified by topology and other - // features). Note that traffic sent to an External IP or LoadBalancer IP from - // within the cluster will always get "Cluster" semantics, but clients sending to - // a NodePort from within the cluster may need to take traffic policy into account - // when picking a node. - // +optional - externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) - - // healthCheckNodePort specifies the healthcheck nodePort for the service. - // This only applies when type is set to LoadBalancer and - // externalTrafficPolicy is set to Local. If a value is specified, is - // in-range, and is not in use, it will be used. If not specified, a value - // will be automatically allocated. External systems (e.g. load-balancers) - // can use this port to determine if a given node holds endpoints for this - // service or not. If this field is specified when creating a Service - // which does not need it, creation will fail. This field will be wiped - // when updating a Service to no longer need it (e.g. changing type). - // This field cannot be updated once set. - // +optional - healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) - - // publishNotReadyAddresses indicates that any agent which deals with endpoints for this - // Service should disregard any indications of ready/not-ready. - // The primary use case for setting this field is for a StatefulSet's Headless Service to - // propagate SRV DNS records for its Pods for the purpose of peer discovery. - // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - // Services interpret this to mean that all endpoints are considered "ready" even if the - // Pods themselves are not. Agents which consume only Kubernetes generated endpoints - // through the Endpoints or EndpointSlice resources can safely assume this behavior. - // +optional - publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) - - // sessionAffinityConfig contains the configurations of session affinity. - // +optional - sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) - - // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - // service. This field is usually assigned automatically based on cluster - // configuration and the ipFamilyPolicy field. If this field is specified - // manually, the requested family is available in the cluster, - // and ipFamilyPolicy allows it, it will be used; otherwise creation of - // the service will fail. This field is conditionally mutable: it allows - // for adding or removing a secondary IP family, but it does not allow - // changing the primary IP family of the Service. Valid values are "IPv4" - // and "IPv6". This field only applies to Services of types ClusterIP, - // NodePort, and LoadBalancer, and does apply to "headless" services. - // This field will be wiped when updating a Service to type ExternalName. - // - // This field may hold a maximum of two entries (dual-stack families, in - // either order). These families must correspond to the values of the - // clusterIPs field, if specified. Both clusterIPs and ipFamilies are - // governed by the ipFamilyPolicy field. - // +listType=atomic - // +optional - ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) - - // IPFamilyPolicy represents the dual-stack-ness requested or required by - // this Service. If there is no value provided, then this field will be set - // to SingleStack. Services can be "SingleStack" (a single IP family), - // "PreferDualStack" (two IP families on dual-stack configured clusters or - // a single IP family on single-stack clusters), or "RequireDualStack" - // (two IP families on dual-stack configured clusters, otherwise fail). The - // ipFamilies and clusterIPs fields depend on the value of this field. This - // field will be wiped when updating a service to type ExternalName. - // +optional - ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) - - // allocateLoadBalancerNodePorts defines if NodePorts will be automatically - // allocated for services with type LoadBalancer. Default is "true". It - // may be set to "false" if the cluster load-balancer does not rely on - // NodePorts. If the caller requests specific NodePorts (by specifying a - // value), those requests will be respected, regardless of this field. - // This field may only be set for services with type LoadBalancer and will - // be cleared if the type is changed to any other type. - // +optional - allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) - - // loadBalancerClass is the class of the load balancer implementation this Service belongs to. - // If specified, the value of this field must be a label-style identifier, with an optional prefix, - // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - // balancer implementation is used, today this is typically done through the cloud provider integration, - // but should apply for any default implementation. If set, it is assumed that a load balancer - // implementation is watching for Services with a matching class. Any default load balancer - // implementation (e.g. cloud providers) should ignore Services that set this field. - // This field can only be set when creating or updating a Service to type 'LoadBalancer'. - // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - // +optional - loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) - - // InternalTrafficPolicy describes how nodes distribute service traffic they - // receive on the ClusterIP. If set to "Local", the proxy will assume that pods - // only want to talk to endpoints of the service on the same node as the pod, - // dropping the traffic if there are no local endpoints. The default value, - // "Cluster", uses the standard behavior of routing to all endpoints evenly - // (possibly modified by topology and other features). - // +optional - internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) -} - -// ServicePort contains information on service's port. -#ServicePort: { - // The name of this port within the service. This must be a DNS_LABEL. - // All ports within a ServiceSpec must have unique names. When considering - // the endpoints for a Service, this must match the 'name' field in the - // EndpointPort. - // Optional if only one ServicePort is defined on this service. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - // Default is TCP. - // +default="TCP" - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) - - // The port that will be exposed by this service. - port: int32 @go(Port) @protobuf(3,varint,opt) - - // Number or name of the port to access on the pods targeted by the service. - // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - // If this is a string, it will be looked up as a named port in the - // target Pod's container ports. If this is not specified, the value - // of the 'port' field is used (an identity map). - // This field is ignored for services with clusterIP=None, and should be - // omitted or set equal to the 'port' field. - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - // +optional - targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) - - // The port on each node on which this service is exposed when type is - // NodePort or LoadBalancer. Usually assigned by the system. If a value is - // specified, in-range, and not in use it will be used, otherwise the - // operation will fail. If not specified, a port will be allocated if this - // Service requires one. If this field is specified when creating a - // Service which does not need it, creation will fail. This field will be - // wiped when updating a Service to no longer need it (e.g. changing type - // from NodePort to ClusterIP). - // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - // +optional - nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) -} - -// Service is a named abstraction of software service (for example, mysql) consisting of local port -// (for example 3306) that the proxy listens on, and the selector that determines which pods -// will answer requests sent through the proxy. -#Service: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a service. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the service. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ClusterIPNone - do not assign a cluster IP -// no proxying required and no environment variables should be created for pods -#ClusterIPNone: "None" - -// ServiceList holds a list of services. -#ServiceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of services - items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) -} - -// ServiceAccount binds together: -// * a name, understood by users, and perhaps by peripheral systems, for an identity -// * a principal that can be authenticated and authorized -// * a set of secrets -#ServiceAccount: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. - // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". - // This field should not be used to find auto-generated service account token secrets for use outside of pods. - // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - // +optional - // +patchMergeKey=name - // +patchStrategy=merge - secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) - - // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images - // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets - // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. - // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - // +optional - imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) - - // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. - // Can be overridden at the pod level. - // +optional - automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) -} - -// ServiceAccountList is a list of ServiceAccount objects -#ServiceAccountList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ServiceAccounts. - // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) -} - -// Endpoints is a collection of endpoints that implement the actual service. Example: -// -// Name: "mysvc", -// Subsets: [ -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// }, -// { -// Addresses: [{"ip": "10.10.3.3"}], -// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] -// }, -// ] -#Endpoints: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The set of all endpoints is the union of all subsets. Addresses are placed into - // subsets according to the IPs they share. A single address with multiple ports, - // some of which are ready and some of which are not (because they come from - // different containers) will result in the address being displayed in different - // subsets for the different ports. No address will appear in both Addresses and - // NotReadyAddresses in the same subset. - // Sets of addresses and ports that comprise a service. - // +optional - subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) -} - -// EndpointSubset is a group of addresses with a common set of ports. The -// expanded set of endpoints is the Cartesian product of Addresses x Ports. -// For example, given: -// -// { -// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], -// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] -// } -// -// The resulting set of endpoints can be viewed as: -// -// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], -// b: [ 10.10.1.1:309, 10.10.2.2:309 ] -#EndpointSubset: { - // IP addresses which offer the related ports that are marked as ready. These endpoints - // should be considered safe for load balancers and clients to utilize. - // +optional - addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) - - // IP addresses which offer the related ports but are not currently marked as ready - // because they have not yet finished starting, have recently failed a readiness check, - // or have recently failed a liveness check. - // +optional - notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) - - // Port numbers available on the related IP addresses. - // +optional - ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// EndpointAddress is a tuple that describes single IP address. -// +structType=atomic -#EndpointAddress: { - // The IP of this endpoint. - // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), - // or link-local multicast (224.0.0.0/24 or ff02::/16). - ip: string @go(IP) @protobuf(1,bytes,opt) - - // The Hostname of this endpoint - // +optional - hostname?: string @go(Hostname) @protobuf(3,bytes,opt) - - // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) - - // Reference to object providing the endpoint. - // +optional - targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) -} - -// EndpointPort is a tuple that describes a single port. -// +structType=atomic -#EndpointPort: { - // The name of this port. This must match the 'name' field in the - // corresponding ServicePort. - // Must be a DNS_LABEL. - // Optional only if one port is defined. - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The port number of the endpoint. - port: int32 @go(Port) @protobuf(2,varint,opt) - - // The IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - // +optional - protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) -} - -// EndpointsList is a list of endpoints. -#EndpointsList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of endpoints. - items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) -} - -// NodeSpec describes the attributes that a node is created with. -#NodeSpec: { - // PodCIDR represents the pod IP range assigned to the node. - // +optional - podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) - - // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this - // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for - // each of IPv4 and IPv6. - // +optional - // +patchStrategy=merge - podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) - - // ID of the node assigned by the cloud provider in the format: :// - // +optional - providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) - - // Unschedulable controls node schedulability of new pods. By default, node is schedulable. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration - // +optional - unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) - - // If specified, the node's taints. - // +optional - taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) - - // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. - // +optional - configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) - - // Deprecated. Not all kubelets will set this field. Remove field after 1.13. - // see: https://issues.k8s.io/61966 - // +optional - externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) -} - -// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. -// This API is deprecated since 1.22 -#NodeConfigSource: { - // ConfigMap is a reference to a Node's ConfigMap - configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) -} - -// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. -// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration -#ConfigMapNodeConfigSource: { - // Namespace is the metadata.namespace of the referenced ConfigMap. - // This field is required in all cases. - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // Name is the metadata.name of the referenced ConfigMap. - // This field is required in all cases. - name: string @go(Name) @protobuf(2,bytes,opt) - - // UID is the metadata.UID of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) - - // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. - // This field is forbidden in Node.Spec, and required in Node.Status. - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure - // This field is required in all cases. - kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) -} - -// DaemonEndpoint contains information about a single Daemon endpoint. -#DaemonEndpoint: { - // Port number of the given endpoint. - Port: int32 @protobuf(1,varint,opt) -} - -// NodeDaemonEndpoints lists ports opened by daemons running on the Node. -#NodeDaemonEndpoints: { - // Endpoint on which Kubelet is listening. - // +optional - kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) -} - -// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. -#NodeSystemInfo: { - // MachineID reported by the node. For unique machine identification - // in the cluster this field is preferred. Learn more from man(5) - // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html - machineID: string @go(MachineID) @protobuf(1,bytes,opt) - - // SystemUUID reported by the node. For unique machine identification - // MachineID is preferred. This field is specific to Red Hat hosts - // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid - systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) - - // Boot ID reported by the node. - bootID: string @go(BootID) @protobuf(3,bytes,opt) - - // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). - kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) - - // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). - osImage: string @go(OSImage) @protobuf(5,bytes,opt) - - // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). - containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) - - // Kubelet Version reported by the node. - kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) - - // KubeProxy Version reported by the node. - kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) - - // The Operating System reported by the node - operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) - - // The Architecture reported by the node - architecture: string @go(Architecture) @protobuf(10,bytes,opt) -} - -// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. -#NodeConfigStatus: { - // Assigned reports the checkpointed config the node will try to use. - // When Node.Spec.ConfigSource is updated, the node checkpoints the associated - // config payload to local disk, along with a record indicating intended - // config. The node refers to this record to choose its config checkpoint, and - // reports this record in Assigned. Assigned only updates in the status after - // the record has been checkpointed to disk. When the Kubelet is restarted, - // it tries to make the Assigned config the Active config by loading and - // validating the checkpointed payload identified by Assigned. - // +optional - assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) - - // Active reports the checkpointed config the node is actively using. - // Active will represent either the current version of the Assigned config, - // or the current LastKnownGood config, depending on whether attempting to use the - // Assigned config results in an error. - // +optional - active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) - - // LastKnownGood reports the checkpointed config the node will fall back to - // when it encounters an error attempting to use the Assigned config. - // The Assigned config becomes the LastKnownGood config when the node determines - // that the Assigned config is stable and correct. - // This is currently implemented as a 10-minute soak period starting when the local - // record of Assigned config is updated. If the Assigned config is Active at the end - // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is - // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, - // because the local default config is always assumed good. - // You should not make assumptions about the node's method of determining config stability - // and correctness, as this may change or become configurable in the future. - // +optional - lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) - - // Error describes any problems reconciling the Spec.ConfigSource to the Active config. - // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned - // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting - // to load or validate the Assigned config, etc. - // Errors may occur at different points while syncing config. Earlier errors (e.g. download or - // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across - // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in - // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error - // by fixing the config assigned in Spec.ConfigSource. - // You can find additional information for debugging by searching the error message in the Kubelet log. - // Error is a human-readable description of the error state; machines can check whether or not Error - // is empty, but should not rely on the stability of the Error text across Kubelet versions. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// NodeStatus is information about the current status of a node. -#NodeStatus: { - // Capacity represents the total resources of a node. - // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity - // +optional - capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Allocatable represents the resources of a node that are available for scheduling. - // Defaults to Capacity. - // +optional - allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // NodePhase is the recently observed lifecycle phase of the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase - // The field is never populated, and now is deprecated. - // +optional - phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) - - // Conditions is an array of current observed node conditions. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) - - // List of addresses reachable to the node. - // Queried from cloud provider, if available. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses - // Note: This field is declared as mergeable, but the merge key is not sufficiently - // unique, which can cause data corruption when it is merged. Callers should instead - // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. - // Consumers should assume that addresses can change during the - // lifetime of a Node. However, there are some exceptions where this may not - // be possible, such as Pods that inherit a Node's address in its own status or - // consumers of the downward API (status.hostIP). - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) - - // Endpoints of daemons running on the Node. - // +optional - daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) - - // Set of ids/uuids to uniquely identify the node. - // More info: https://kubernetes.io/docs/concepts/nodes/node/#info - // +optional - nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) - - // List of container images on this node - // +optional - images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) - - // List of attachable volumes in use (mounted) by the node. - // +optional - volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) - - // List of volumes that are attached to the node. - // +optional - volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) - - // Status of the config assigned to the node via the dynamic Kubelet config feature. - // +optional - config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) -} - -#UniqueVolumeName: string - -// AttachedVolume describes a volume attached to a node -#AttachedVolume: { - // Name of the attached volume - name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) - - // DevicePath represents the device path where the volume should be available - devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) -} - -// AvoidPods describes pods that should avoid this node. This is the value for a -// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and -// will eventually become a field of NodeStatus. -#AvoidPods: { - // Bounded-sized list of signatures of pods that should avoid this node, sorted - // in timestamp order from oldest to newest. Size of the slice is unspecified. - // +optional - preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) -} - -// Describes a class of pods that should avoid this node. -#PreferAvoidPodsEntry: { - // The class of pods. - podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) - - // Time at which this entry was added to the list. - // +optional - evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) - - // (brief) reason why this entry was added to the list. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // Human readable message indicating why this entry was added to the list. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) -} - -// Describes the class of pods that should avoid this node. -// Exactly one field should be set. -#PodSignature: { - // Reference to controller whose pods should avoid this node. - // +optional - podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) -} - -// Describe a container image -#ContainerImage: { - // Names by which this image is known. - // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] - // +optional - names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) - - // The size of the image in bytes. - // +optional - sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) -} - -// +enum -#NodePhase: string // #enumNodePhase - -#enumNodePhase: - #NodePending | - #NodeRunning | - #NodeTerminated - -// NodePending means the node has been created/added by the system, but not configured. -#NodePending: #NodePhase & "Pending" - -// NodeRunning means the node has been configured and has Kubernetes components running. -#NodeRunning: #NodePhase & "Running" - -// NodeTerminated means the node has been removed from the cluster. -#NodeTerminated: #NodePhase & "Terminated" - -#NodeConditionType: string // #enumNodeConditionType - -#enumNodeConditionType: - #NodeReady | - #NodeMemoryPressure | - #NodeDiskPressure | - #NodePIDPressure | - #NodeNetworkUnavailable - -// NodeReady means kubelet is healthy and ready to accept pods. -#NodeReady: #NodeConditionType & "Ready" - -// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. -#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" - -// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. -#NodeDiskPressure: #NodeConditionType & "DiskPressure" - -// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. -#NodePIDPressure: #NodeConditionType & "PIDPressure" - -// NodeNetworkUnavailable means that network for the node is not correctly configured. -#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" - -// NodeCondition contains condition information for a node. -#NodeCondition: { - // Type of node condition. - type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Last time we got an update on a given condition. - // +optional - lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) - - // Last time the condition transit from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // (brief) reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -#NodeAddressType: string // #enumNodeAddressType - -#enumNodeAddressType: - #NodeHostName | - #NodeInternalIP | - #NodeExternalIP | - #NodeInternalDNS | - #NodeExternalDNS - -// NodeHostName identifies a name of the node. Although every node can be assumed -// to have a NodeAddress of this type, its exact syntax and semantics are not -// defined, and are not consistent between different clusters. -#NodeHostName: #NodeAddressType & "Hostname" - -// NodeInternalIP identifies an IP address which is assigned to one of the node's -// network interfaces. Every node should have at least one address of this type. -// -// An internal IP is normally expected to be reachable from every other node, but -// may not be visible to hosts outside the cluster. By default it is assumed that -// kube-apiserver can reach node internal IPs, though it is possible to configure -// clusters where this is not the case. -// -// NodeInternalIP is the default type of node IP, and does not necessarily imply -// that the IP is ONLY reachable internally. If a node has multiple internal IPs, -// no specific semantics are assigned to the additional IPs. -#NodeInternalIP: #NodeAddressType & "InternalIP" - -// NodeExternalIP identifies an IP address which is, in some way, intended to be -// more usable from outside the cluster then an internal IP, though no specific -// semantics are defined. It may be a globally routable IP, though it is not -// required to be. -// -// External IPs may be assigned directly to an interface on the node, like a -// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed -// to an internal node IP rather than being delivered directly (making the IP less -// efficient for node-to-node traffic than a NodeInternalIP). -#NodeExternalIP: #NodeAddressType & "ExternalIP" - -// NodeInternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeInternalIP. The IP it resolves to may or may not -// be a listed NodeInternalIP address. -#NodeInternalDNS: #NodeAddressType & "InternalDNS" - -// NodeExternalDNS identifies a DNS name which resolves to an IP address which has -// the characteristics of a NodeExternalIP. The IP it resolves to may or may not -// be a listed NodeExternalIP address. -#NodeExternalDNS: #NodeAddressType & "ExternalDNS" - -// NodeAddress contains information for the node's address. -#NodeAddress: { - // Node address type, one of Hostname, ExternalIP or InternalIP. - type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) - - // The node address. - address: string @go(Address) @protobuf(2,bytes,opt) -} - -// ResourceName is the name identifying various resources in a ResourceList. -#ResourceName: string // #enumResourceName - -#enumResourceName: - #ResourceCPU | - #ResourceMemory | - #ResourceStorage | - #ResourceEphemeralStorage | - #ResourcePods | - #ResourceServices | - #ResourceReplicationControllers | - #ResourceQuotas | - #ResourceSecrets | - #ResourceConfigMaps | - #ResourcePersistentVolumeClaims | - #ResourceServicesNodePorts | - #ResourceServicesLoadBalancers | - #ResourceRequestsCPU | - #ResourceRequestsMemory | - #ResourceRequestsStorage | - #ResourceRequestsEphemeralStorage | - #ResourceLimitsCPU | - #ResourceLimitsMemory | - #ResourceLimitsEphemeralStorage - -// CPU, in cores. (500m = .5 cores) -#ResourceCPU: #ResourceName & "cpu" - -// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceMemory: #ResourceName & "memory" - -// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) -#ResourceStorage: #ResourceName & "storage" - -// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. -#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" - -// Default namespace prefix. -#ResourceDefaultNamespacePrefix: "kubernetes.io/" - -// Name prefix for huge page resources (alpha). -#ResourceHugePagesPrefix: "hugepages-" - -// Name prefix for storage resource limits -#ResourceAttachableVolumesPrefix: "attachable-volumes-" - -// ResourceList is a set of (resource name, quantity) pairs. -#ResourceList: {[string]: resource.#Quantity} - -// Node is a worker node in Kubernetes. -// Each node will have a unique identifier in the cache (i.e. in etcd). -#Node: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of a node. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the node. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NodeList is the whole list of all Nodes which have been registered with master. -#NodeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of nodes - items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) -} - -// FinalizerName is the name identifying a finalizer during namespace lifecycle. -#FinalizerName: string // #enumFinalizerName - -#enumFinalizerName: - #FinalizerKubernetes - -#FinalizerKubernetes: #FinalizerName & "kubernetes" - -// NamespaceSpec describes the attributes on a Namespace. -#NamespaceSpec: { - // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) -} - -// NamespaceStatus is information about the current status of a Namespace. -#NamespaceStatus: { - // Phase is the current lifecycle phase of the namespace. - // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ - // +optional - phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) - - // Represents the latest available observations of a namespace's current state. - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) -} - -// +enum -#NamespacePhase: string // #enumNamespacePhase - -#enumNamespacePhase: - #NamespaceActive | - #NamespaceTerminating - -// NamespaceActive means the namespace is available for use in the system -#NamespaceActive: #NamespacePhase & "Active" - -// NamespaceTerminating means the namespace is undergoing graceful termination -#NamespaceTerminating: #NamespacePhase & "Terminating" - -// NamespaceTerminatingCause is returned as a defaults.cause item when a change is -// forbidden due to the namespace being terminated. -#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" - -#NamespaceConditionType: string // #enumNamespaceConditionType - -#enumNamespaceConditionType: - #NamespaceDeletionDiscoveryFailure | - #NamespaceDeletionContentFailure | - #NamespaceDeletionGVParsingFailure | - #NamespaceContentRemaining | - #NamespaceFinalizersRemaining - -// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. -#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" - -// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. -#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" - -// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. -#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" - -// NamespaceContentRemaining contains information about resources remaining in a namespace. -#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" - -// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. -#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" - -// NamespaceCondition contains details about state of namespace. -#NamespaceCondition: { - // Type of namespace controller condition. - type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // +optional - reason?: string @go(Reason) @protobuf(5,bytes,opt) - - // +optional - message?: string @go(Message) @protobuf(6,bytes,opt) -} - -// Namespace provides a scope for Names. -// Use of multiple namespaces is optional. -#Namespace: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the behavior of the Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status describes the current status of a Namespace. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) -} - -// NamespaceList is a list of Namespaces. -#NamespaceList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of Namespace objects in the list. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) -} - -// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. -// Deprecated in 1.7, please use the bindings subresource of pods instead. -#Binding: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The target object that you want to bind to the standard object. - target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -// +k8s:openapi-gen=false -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) -} - -// PodLogOptions is the query options for a Pod's logs REST call. -#PodLogOptions: { - metav1.#TypeMeta - - // The container for which to stream logs. Defaults to only container if there is one container in the pod. - // +optional - container?: string @go(Container) @protobuf(1,bytes,opt) - - // Follow the log stream of the pod. Defaults to false. - // +optional - follow?: bool @go(Follow) @protobuf(2,varint,opt) - - // Return previous terminated container logs. Defaults to false. - // +optional - previous?: bool @go(Previous) @protobuf(3,varint,opt) - - // A relative time in seconds before the current time from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) - - // An RFC3339 timestamp from which to show logs. If this value - // precedes the time a pod was started, only logs since the pod start will be returned. - // If this value is in the future, no logs will be returned. - // Only one of sinceSeconds or sinceTime may be specified. - // +optional - sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) - - // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line - // of log output. Defaults to false. - // +optional - timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) - - // If set, the number of lines from the end of the logs to show. If not specified, - // logs are shown from the creation of the container or sinceSeconds or sinceTime - // +optional - tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) - - // If set, the number of bytes to read from the server before terminating the - // log output. This may not display a complete final line of logging, and may return - // slightly more or slightly less than the specified limit. - // +optional - limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) - - // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the - // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver - // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real - // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the - // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept - // the actual log data coming from the real kubelet). - // +optional - insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) -} - -// PodAttachOptions is the query options to a Pod's remote attach call. -// --- -// TODO: merge w/ PodExecOptions below for stdin, stdout, etc -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodAttachOptions: { - metav1.#TypeMeta - - // Stdin if true, redirects the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Stdout if true indicates that stdout is to be redirected for the attach call. - // Defaults to true. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Stderr if true indicates that stderr is to be redirected for the attach call. - // Defaults to true. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the attach call. - // This is passed through the container runtime so the tty - // is allocated on the worker node by the container runtime. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // The container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) -} - -// PodExecOptions is the query options to a Pod's remote exec call. -// --- -// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging -// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY -#PodExecOptions: { - metav1.#TypeMeta - - // Redirect the standard input stream of the pod for this call. - // Defaults to false. - // +optional - stdin?: bool @go(Stdin) @protobuf(1,varint,opt) - - // Redirect the standard output stream of the pod for this call. - // +optional - stdout?: bool @go(Stdout) @protobuf(2,varint,opt) - - // Redirect the standard error stream of the pod for this call. - // +optional - stderr?: bool @go(Stderr) @protobuf(3,varint,opt) - - // TTY if true indicates that a tty will be allocated for the exec call. - // Defaults to false. - // +optional - tty?: bool @go(TTY) @protobuf(4,varint,opt) - - // Container in which to execute the command. - // Defaults to only container if there is only one container in the pod. - // +optional - container?: string @go(Container) @protobuf(5,bytes,opt) - - // Command is the remote command to execute. argv array. Not executed within a shell. - command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) -} - -// PodPortForwardOptions is the query options to a Pod's port forward call -// when using WebSockets. -// The `port` query parameter must specify the port or -// ports (comma separated) to forward over. -// Port forwarding over SPDY does not use these options. It requires the port -// to be passed in the `port` header as part of request. -#PodPortForwardOptions: { - metav1.#TypeMeta - - // List of ports to forward - // Required when using WebSockets - // +optional - ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) -} - -// PodProxyOptions is the query options to a Pod's proxy call. -#PodProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to pod. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// NodeProxyOptions is the query options to a Node's proxy call. -#NodeProxyOptions: { - metav1.#TypeMeta - - // Path is the URL path to use for the current proxy request to node. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ServiceProxyOptions is the query options to a Service's proxy call. -#ServiceProxyOptions: { - metav1.#TypeMeta - - // Path is the part of URLs that include service endpoints, suffixes, - // and parameters to use for the current proxy request to service. - // For example, the whole request URL is - // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. - // Path is _search?q=user:kimchy. - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) -} - -// ObjectReference contains enough information to let you inspect or modify the referred object. -// --- -// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. -// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. -// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular -// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". -// Those cannot be well described when embedded. -// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. -// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity -// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple -// and the version of the actual struct is irrelevant. -// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type -// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. -// -// Instead of using this type, create a locally provided and used type that is well-focused on your reference. -// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +structType=atomic -#ObjectReference: { - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // Namespace of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - // +optional - namespace?: string @go(Namespace) @protobuf(2,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // +optional - name?: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // API version of the referent. - // +optional - apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Specific resourceVersion to which this reference is made, if any. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // If referring to a piece of an object instead of an entire object, this string - // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - // For example, if the object reference is to a container within a pod, this would take on a value like: - // "spec.containers{name}" (where "name" refers to the name of the container that triggered - // the event) or if no container name is specified "spec.containers[2]" (container with - // index 2 in this pod). This syntax is chosen only to have some well-defined way of - // referencing a part of an object. - // TODO: this design is not final and this field is subject to change in the future. - // +optional - fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) -} - -// LocalObjectReference contains enough information to let you locate the -// referenced object inside the same namespace. -// +structType=atomic -#LocalObjectReference: { - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - // TODO: Add other useful fields. apiVersion, kind, uid? - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) -} - -// TypedLocalObjectReference contains enough information to let you locate the -// typed referenced object inside the same namespace. -// +structType=atomic -#TypedLocalObjectReference: { - // APIGroup is the group for the resource being referenced. - // If APIGroup is not specified, the specified Kind must be in the core API group. - // For any other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// SerializedReference is a reference to serialized object. -#SerializedReference: { - metav1.#TypeMeta - - // The reference to an object in the system. - // +optional - reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) -} - -// EventSource contains information for an event. -#EventSource: { - // Component from which the event is generated. - // +optional - component?: string @go(Component) @protobuf(1,bytes,opt) - - // Node name on which the event is generated. - // +optional - host?: string @go(Host) @protobuf(2,bytes,opt) -} - -// Information only and will not cause any problems -#EventTypeNormal: "Normal" - -// These events are to warn that something might go wrong -#EventTypeWarning: "Warning" - -// Event is a report of an event somewhere in the cluster. Events -// have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // The object that this event is about. - involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) - - // This should be a short, machine understandable string that gives the reason - // for the transition into the object's current status. - // TODO: provide exact specification for format. - // +optional - reason?: string @go(Reason) @protobuf(3,bytes,opt) - - // A human-readable description of the status of this operation. - // TODO: decide on maximum length. - // +optional - message?: string @go(Message) @protobuf(4,bytes,opt) - - // The component reporting this event. Should be a short machine understandable string. - // +optional - source?: #EventSource @go(Source) @protobuf(5,bytes,opt) - - // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) - // +optional - firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) - - // The time at which the most recent occurrence of this event was recorded. - // +optional - lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) - - // The number of times this event has occurred. - // +optional - count?: int32 @go(Count) @protobuf(8,varint,opt) - - // Type of this event (Normal, Warning), new types could be added in the future - // +optional - type?: string @go(Type) @protobuf(9,bytes,opt) - - // Time when this Event was first observed. - // +optional - eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) - - // Data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) - - // What action was taken/failed regarding to the Regarding object. - // +optional - action?: string @go(Action) @protobuf(12,bytes,opt) - - // Optional secondary object for more complex actions. - // +optional - related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) - - // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // +optional - reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) - - // ID of the controller instance, e.g. `kubelet-xyzf`. - // +optional - reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. -#EventSeries: { - // Number of occurrences in this series up to the last heartbeat time - count?: int32 @go(Count) @protobuf(1,varint) - - // Time of the last occurrence observed - lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) -} - -// EventList is a list of events. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of events - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} - -// List holds a list of objects, which may not be known by the server. -#List: metav1.#List - -// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or -// a fully qualified resource name. -#LimitType: string // #enumLimitType - -#enumLimitType: - #LimitTypePod | - #LimitTypeContainer | - #LimitTypePersistentVolumeClaim - -// Limit that applies to all pods in a namespace -#LimitTypePod: #LimitType & "Pod" - -// Limit that applies to all containers in a namespace -#LimitTypeContainer: #LimitType & "Container" - -// Limit that applies to all persistent volume claims in a namespace -#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" - -// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. -#LimitRangeItem: { - // Type of resource that this limit applies to. - type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) - - // Max usage constraints on this kind by resource name. - // +optional - max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Min usage constraints on this kind by resource name. - // +optional - min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Default resource requirement limit value by resource name if resource limit is omitted. - // +optional - default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. - // +optional - defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. - // +optional - maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// LimitRangeSpec defines a min/max usage limit for resources that match on kind. -#LimitRangeSpec: { - // Limits is the list of LimitRangeItem objects that are enforced. - limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) -} - -// LimitRange sets resource usage limits for each kind of resource in a Namespace. -#LimitRange: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the limits enforced. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// LimitRangeList is a list of LimitRange items. -#LimitRangeList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of LimitRange objects. - // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) -} - -// Pods, number -#ResourcePods: #ResourceName & "pods" - -// Services, number -#ResourceServices: #ResourceName & "services" - -// ReplicationControllers, number -#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" - -// ResourceQuotas, number -#ResourceQuotas: #ResourceName & "resourcequotas" - -// ResourceSecrets, number -#ResourceSecrets: #ResourceName & "secrets" - -// ResourceConfigMaps, number -#ResourceConfigMaps: #ResourceName & "configmaps" - -// ResourcePersistentVolumeClaims, number -#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" - -// ResourceServicesNodePorts, number -#ResourceServicesNodePorts: #ResourceName & "services.nodeports" - -// ResourceServicesLoadBalancers, number -#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" - -// CPU request, in cores. (500m = .5 cores) -#ResourceRequestsCPU: #ResourceName & "requests.cpu" - -// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsMemory: #ResourceName & "requests.memory" - -// Storage request, in bytes -#ResourceRequestsStorage: #ResourceName & "requests.storage" - -// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" - -// CPU limit, in cores. (500m = .5 cores) -#ResourceLimitsCPU: #ResourceName & "limits.cpu" - -// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsMemory: #ResourceName & "limits.memory" - -// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" - -// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) -// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. -#ResourceRequestsHugePagesPrefix: "requests.hugepages-" - -// Default resource requests prefix -#DefaultResourceRequestsPrefix: "requests." - -// A ResourceQuotaScope defines a filter that must match each object tracked by a quota -// +enum -#ResourceQuotaScope: string // #enumResourceQuotaScope - -#enumResourceQuotaScope: - #ResourceQuotaScopeTerminating | - #ResourceQuotaScopeNotTerminating | - #ResourceQuotaScopeBestEffort | - #ResourceQuotaScopeNotBestEffort | - #ResourceQuotaScopePriorityClass | - #ResourceQuotaScopeCrossNamespacePodAffinity - -// Match all pod objects where spec.activeDeadlineSeconds >=0 -#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" - -// Match all pod objects where spec.activeDeadlineSeconds is nil -#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" - -// Match all pod objects that have best effort quality of service -#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" - -// Match all pod objects that do not have best effort quality of service -#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" - -// Match all pod objects that have priority class mentioned -#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" - -// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. -#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" - -// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. -#ResourceQuotaSpec: { - // hard is the set of desired hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // A collection of filters that must match each object tracked by a quota. - // If not specified, the quota matches all objects. - // +optional - scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) - - // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota - // but expressed using ScopeSelectorOperator in combination with possible values. - // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. - // +optional - scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) -} - -// A scope selector represents the AND of the selectors represented -// by the scoped-resource selector requirements. -// +structType=atomic -#ScopeSelector: { - // A list of scope selector requirements by scope of the resources. - // +optional - matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) -} - -// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator -// that relates the scope name and values. -#ScopedResourceSelectorRequirement: { - // The name of the scope that the selector applies to. - scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) - - // Represents a scope's relationship to a set of values. - // Valid operators are In, NotIn, Exists, DoesNotExist. - operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) - - // An array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. - // This array is replaced during a strategic merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A scope selector operator is the set of operators that can be used in -// a scope selector requirement. -// +enum -#ScopeSelectorOperator: string // #enumScopeSelectorOperator - -#enumScopeSelectorOperator: - #ScopeSelectorOpIn | - #ScopeSelectorOpNotIn | - #ScopeSelectorOpExists | - #ScopeSelectorOpDoesNotExist - -#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" -#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" -#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" -#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" - -// ResourceQuotaStatus defines the enforced hard limits and observed use. -#ResourceQuotaStatus: { - // Hard is the set of enforced hard limits for each named resource. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - // +optional - hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) - - // Used is the current observed total usage of the resource in the namespace. - // +optional - used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) -} - -// ResourceQuota sets aggregate quota restrictions enforced per namespace -#ResourceQuota: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Spec defines the desired quota. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) - - // Status defines the actual enforced quota and its current usage. - // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) -} - -// ResourceQuotaList is a list of ResourceQuota items. -#ResourceQuotaList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ResourceQuota objects. - // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) -} - -// Secret holds secret data of a certain type. The total bytes of the values in -// the Data field must be less than MaxSecretSize bytes. -#Secret: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the Secret cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) - - // Data contains the secret data. Each key must consist of alphanumeric - // characters, '-', '_' or '.'. The serialized form of the secret data is a - // base64 encoded string, representing the arbitrary (possibly non-string) - // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 - // +optional - data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) - - // stringData allows specifying non-binary secret data in string form. - // It is provided as a write-only input field for convenience. - // All keys and values are merged into the data field on write, overwriting any existing values. - // The stringData field is never output when reading from the API. - // +k8s:conversion-gen=false - // +optional - stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) - - // Used to facilitate programmatic handling of secret data. - // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types - // +optional - type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) -} - -#MaxSecretSize: 1048576 - -#SecretType: string // #enumSecretType - -#enumSecretType: - #SecretTypeOpaque | - #SecretTypeServiceAccountToken | - #SecretTypeDockercfg | - #SecretTypeDockerConfigJson | - #SecretTypeBasicAuth | - #SecretTypeSSHAuth | - #SecretTypeTLS | - #SecretTypeBootstrapToken - -// SecretTypeOpaque is the default. Arbitrary user-defined data -#SecretTypeOpaque: #SecretType & "Opaque" - -// SecretTypeServiceAccountToken contains a token that identifies a service account to the API -// -// Required fields: -// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies -// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies -// - Secret.Data["token"] - a token that identifies the service account to the API -#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" - -// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountNameKey: "kubernetes.io/service-account.name" - -// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets -#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" - -// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets -#ServiceAccountTokenKey: "token" - -// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets -#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" - -// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets -#ServiceAccountRootCAKey: "ca.crt" - -// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls -#ServiceAccountNamespaceKey: "namespace" - -// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg -// -// Required fields: -// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file -#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" - -// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets -#DockerConfigKey: ".dockercfg" - -// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json -// -// Required fields: -// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file -#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" - -// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets -#DockerConfigJsonKey: ".dockerconfigjson" - -// SecretTypeBasicAuth contains data needed for basic authentication. -// -// Required at least one of fields: -// - Secret.Data["username"] - username used for authentication -// - Secret.Data["password"] - password or token needed for authentication -#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" - -// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets -#BasicAuthUsernameKey: "username" - -// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets -#BasicAuthPasswordKey: "password" - -// SecretTypeSSHAuth contains data needed for SSH authetication. -// -// Required field: -// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication -#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" - -// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets -#SSHAuthPrivateKey: "ssh-privatekey" - -// SecretTypeTLS contains information about a TLS client or server secret. It -// is primarily used with TLS termination of the Ingress resource, but may be -// used in other types. -// -// Required fields: -// - Secret.Data["tls.key"] - TLS private key. -// Secret.Data["tls.crt"] - TLS certificate. -// TODO: Consider supporting different formats, specifying CA/destinationCA. -#SecretTypeTLS: #SecretType & "kubernetes.io/tls" - -// TLSCertKey is the key for tls certificates in a TLS secret. -#TLSCertKey: "tls.crt" - -// TLSPrivateKeyKey is the key for the private key field in a TLS secret. -#TLSPrivateKeyKey: "tls.key" - -// SecretTypeBootstrapToken is used during the automated bootstrap process (first -// implemented by kubeadm). It stores tokens that are used to sign well known -// ConfigMaps. They are used for authn. -#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" - -// SecretList is a list of Secret. -#SecretList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of secret objects. - // More info: https://kubernetes.io/docs/concepts/configuration/secret - items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) -} - -// ConfigMap holds configuration data for pods to consume. -#ConfigMap: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Immutable, if set to true, ensures that data stored in the ConfigMap cannot - // be updated (only object metadata can be modified). - // If not set to true, the field can be modified at any time. - // Defaulted to nil. - // +optional - immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) - - // Data contains the configuration data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // Values with non-UTF-8 byte sequences must use the BinaryData field. - // The keys stored in Data must not overlap with the keys in - // the BinaryData field, this is enforced during validation process. - // +optional - data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) - - // BinaryData contains the binary data. - // Each key must consist of alphanumeric characters, '-', '_' or '.'. - // BinaryData can contain byte sequences that are not in the UTF-8 range. - // The keys stored in BinaryData must not overlap with the ones in - // the Data field, this is enforced during validation process. - // Using this field will require 1.10+ apiserver and - // kubelet. - // +optional - binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) -} - -// ConfigMapList is a resource containing a list of ConfigMap objects. -#ConfigMapList: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is the list of ConfigMaps. - items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) -} - -// Type and constants for component health validation. -#ComponentConditionType: string // #enumComponentConditionType - -#enumComponentConditionType: - #ComponentHealthy - -#ComponentHealthy: #ComponentConditionType & "Healthy" - -// Information about the condition of a component. -#ComponentCondition: { - // Type of condition for a component. - // Valid value: "Healthy" - type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) - - // Status of the condition for a component. - // Valid values for "Healthy": "True", "False", or "Unknown". - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // Message about the condition for a component. - // For example, information about a health check. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // Condition error code for a component. - // For example, a health check error code. - // +optional - error?: string @go(Error) @protobuf(4,bytes,opt) -} - -// ComponentStatus (and ComponentStatusList) holds the cluster validation info. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatus: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // List of component conditions observed - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) -} - -// Status of all the conditions for the component as a list of ComponentStatus objects. -// Deprecated: This API is deprecated in v1.19+ -#ComponentStatusList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of ComponentStatus objects. - items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) -} - -// DownwardAPIVolumeSource represents a volume containing downward API info. -// Downward API volumes support ownership management and SELinux relabeling. -#DownwardAPIVolumeSource: { - // Items is a list of downward API volume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) - - // Optional: mode bits to use on created files by default. Must be a - // Optional: mode bits used to set permissions on created files by default. - // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // Defaults to 0644. - // Directories within the path are not affected by this setting. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) -} - -#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 - -// DownwardAPIVolumeFile represents information to create the file containing the pod field -#DownwardAPIVolumeFile: { - // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' - path: string @go(Path) @protobuf(1,bytes,opt) - - // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. - // +optional - fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) - - // Selects a resource of the container: only resources limits and requests - // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - // +optional - resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) - - // Optional: mode bits used to set permissions on this file, must be an octal value - // between 0000 and 0777 or a decimal value between 0 and 511. - // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - // If not specified, the volume defaultMode will be used. - // This might be in conflict with other options that affect the file - // mode, like fsGroup, and the result can be other mode bits set. - // +optional - mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) -} - -// Represents downward API info for projecting into a projected volume. -// Note that this is identical to a downwardAPI volume source without the default -// mode. -#DownwardAPIProjection: { - // Items is a list of DownwardAPIVolume file - // +optional - items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) -} - -// SecurityContext holds security configuration that will be applied to a container. -// Some fields are present in both SecurityContext and PodSecurityContext. When both -// are set, the values in SecurityContext take precedence. -#SecurityContext: { - // The capabilities to add/drop when running containers. - // Defaults to the default set of capabilities granted by the container runtime. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) - - // Run container in privileged mode. - // Processes in privileged containers are essentially equivalent to root on the host. - // Defaults to false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) - - // The SELinux context to be applied to the container. - // If unspecified, the container runtime will allocate a random SELinux context for each - // container. May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) - - // The Windows specific settings applied to all containers. - // If unspecified, the options from the PodSecurityContext will be used. - // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is linux. - // +optional - windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) - - // The UID to run the entrypoint of the container process. - // Defaults to user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) - - // The GID to run the entrypoint of the container process. - // Uses runtime default if unset. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) - - // Indicates that the container must run as a non-root user. - // If true, the Kubelet will validate the image at runtime to ensure that it - // does not run as UID 0 (root) and fail to start the container if it does. - // If unset or false, no such validation will be performed. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) - - // Whether this container has a read-only root filesystem. - // Default is false. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) - - // AllowPrivilegeEscalation controls whether a process can gain more - // privileges than its parent process. This bool directly controls if - // the no_new_privs flag will be set on the container process. - // AllowPrivilegeEscalation is true always when the container is: - // 1) run as Privileged - // 2) has CAP_SYS_ADMIN - // Note that this field cannot be set when spec.os.name is windows. - // +optional - allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) - - // procMount denotes the type of proc mount to use for the containers. - // The default is DefaultProcMount which uses the container runtime defaults for - // readonly paths and masked paths. - // This requires the ProcMountType feature flag to be enabled. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) - - // The seccomp options to use by this container. If seccomp options are - // provided at both the pod & container level, the container options - // override the pod options. - // Note that this field cannot be set when spec.os.name is windows. - // +optional - seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) -} - -// +enum -#ProcMountType: string // #enumProcMountType - -#enumProcMountType: - #DefaultProcMount | - #UnmaskedProcMount - -// DefaultProcMount uses the container runtime defaults for readonly and masked -// paths for /proc. Most container runtimes mask certain paths in /proc to avoid -// accidental security exposure of special devices or information. -#DefaultProcMount: #ProcMountType & "Default" - -// UnmaskedProcMount bypasses the default masking behavior of the container -// runtime and ensures the newly created /proc the container stays in tact with -// no modifications. -#UnmaskedProcMount: #ProcMountType & "Unmasked" - -// SELinuxOptions are the labels to be applied to the container -#SELinuxOptions: { - // User is a SELinux user label that applies to the container. - // +optional - user?: string @go(User) @protobuf(1,bytes,opt) - - // Role is a SELinux role label that applies to the container. - // +optional - role?: string @go(Role) @protobuf(2,bytes,opt) - - // Type is a SELinux type label that applies to the container. - // +optional - type?: string @go(Type) @protobuf(3,bytes,opt) - - // Level is SELinux level label that applies to the container. - // +optional - level?: string @go(Level) @protobuf(4,bytes,opt) -} - -// WindowsSecurityContextOptions contain Windows-specific options and credentials. -#WindowsSecurityContextOptions: { - // GMSACredentialSpecName is the name of the GMSA credential spec to use. - // +optional - gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) - - // GMSACredentialSpec is where the GMSA admission webhook - // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - // GMSA credential spec named by the GMSACredentialSpecName field. - // +optional - gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) - - // The UserName in Windows to run the entrypoint of the container process. - // Defaults to the user specified in image metadata if unspecified. - // May also be set in PodSecurityContext. If set in both SecurityContext and - // PodSecurityContext, the value specified in SecurityContext takes precedence. - // +optional - runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) - - // HostProcess determines if a container should be run as a 'Host Process' container. - // All of a Pod's containers must have the same effective HostProcess value - // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - // In addition, if HostProcess is true then HostNetwork must also be set to true. - // +optional - hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) -} - -// RangeAllocation is not a public type. -#RangeAllocation: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Range is string that identifies the range represented by 'data'. - range: string @go(Range) @protobuf(2,bytes,opt) - - // Data is a bit array containing all allocated addresses in the previous segment. - data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) -} - -// DefaultSchedulerName defines the name of default scheduler. -#DefaultSchedulerName: "default-scheduler" - -// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule -// corresponding to every RequiredDuringScheduling affinity rule. -// When the --hard-pod-affinity-weight scheduler flag is not specified, -// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. -#DefaultHardPodAffinitySymmetricWeight: int32 & 1 - -// Sysctl defines a kernel parameter to be set -#Sysctl: { - // Name of a property to set - name: string @go(Name) @protobuf(1,bytes,opt) - - // Value of a property to set - value: string @go(Value) @protobuf(2,bytes,opt) -} - -// NodeResources is an object for conveying resource information about a node. -// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. -#NodeResources: { - // Capacity represents the available resources of a node - Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) -} - -// Enable stdin for remote command execution -#ExecStdinParam: "input" - -// Enable stdout for remote command execution -#ExecStdoutParam: "output" - -// Enable stderr for remote command execution -#ExecStderrParam: "error" - -// Enable TTY for remote command execution -#ExecTTYParam: "tty" - -// Command to run for remote command execution -#ExecCommandParam: "command" - -// Name of header that specifies stream type -#StreamType: "streamType" - -// Value for streamType header for stdin stream -#StreamTypeStdin: "stdin" - -// Value for streamType header for stdout stream -#StreamTypeStdout: "stdout" - -// Value for streamType header for stderr stream -#StreamTypeStderr: "stderr" - -// Value for streamType header for data stream -#StreamTypeData: "data" - -// Value for streamType header for error stream -#StreamTypeError: "error" - -// Value for streamType header for terminal resize stream -#StreamTypeResize: "resize" - -// Name of header that specifies the port being forwarded -#PortHeader: "port" - -// Name of header that specifies a request ID used to associate the error -// and data streams for a single forwarded connection -#PortForwardRequestIDHeader: "requestID" - -// MixedProtocolNotSupported error in PortStatus means that the cloud provider -// can't publish the port on the load balancer because mixed values of protocols -// on the same LoadBalancer type of Service are not supported by the cloud provider. -#MixedProtocolNotSupported: "MixedProtocolNotSupported" - -#PortStatus: { - // Port is the port number of the service port of which status is recorded here - port: int32 @go(Port) @protobuf(1,varint,opt) - - // Protocol is the protocol of the service port of which status is recorded here - // The supported values are: "TCP", "UDP", "SCTP" - protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // Error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 2a1f060b..00000000 --- a/test/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -#LabelHostname: "kubernetes.io/hostname" - -// Label value is the network location of kube-apiserver stored as -// Stored in APIServer Identity lease objects to view what address is used for peer proxy -#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" -#LabelTopologyZone: "topology.kubernetes.io/zone" -#LabelTopologyRegion: "topology.kubernetes.io/region" - -// These label have been deprecated since 1.17, but will be supported for -// the foreseeable future, to accommodate things like long-lived PVs that -// use them. New users should prefer the "topology.kubernetes.io/*" -// equivalents. -#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" -#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" - -// Retained for compat when vendored. Do not use these consts in new code. -#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" -#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" -#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" -#LabelZoneRegionStable: "topology.kubernetes.io/region" -#LabelInstanceType: "beta.kubernetes.io/instance-type" -#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" -#LabelOSStable: "kubernetes.io/os" -#LabelArchStable: "kubernetes.io/arch" - -// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. -// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) -#LabelWindowsBuild: "node.kubernetes.io/windows-build" - -// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) -#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" - -// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) -#LabelNamespaceSuffixNode: "node.kubernetes.io" - -// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled -#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" - -// IsHeadlessService is added by Controller to an Endpoint denoting if its parent -// Service is Headless. The existence of this label can be used further by other -// controllers and kube-proxy to check if the Endpoint objects should be replicated when -// using Headless Services -#IsHeadlessService: "service.kubernetes.io/headless" - -// LabelNodeExcludeBalancers specifies that the node should not be considered as a target -// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only -// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that -// any backends on excluded nodes are not reachable by those external load-balancers. -// Implementations of this exclusion may vary based on provider. -#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" - -// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels -#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue deleted file mode 100644 index b7c09733..00000000 --- a/test/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/core/v1 - -package v1 - -// TaintNodeNotReady will be added when node is not ready -// and removed when node becomes ready. -#TaintNodeNotReady: "node.kubernetes.io/not-ready" - -// TaintNodeUnreachable will be added when node becomes unreachable -// (corresponding to NodeReady status ConditionUnknown) -// and removed when node becomes reachable (NodeReady status ConditionTrue). -#TaintNodeUnreachable: "node.kubernetes.io/unreachable" - -// TaintNodeUnschedulable will be added when node becomes unschedulable -// and removed when node becomes schedulable. -#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" - -// TaintNodeMemoryPressure will be added when node has memory pressure -// and removed when node has enough memory. -#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" - -// TaintNodeDiskPressure will be added when node has disk pressure -// and removed when node has enough disk. -#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" - -// TaintNodeNetworkUnavailable will be added when node's network is unavailable -// and removed when network becomes ready. -#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" - -// TaintNodePIDPressure will be added when node has pid pressure -// and removed when node has enough pid. -#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" - -// TaintNodeOutOfService can be added when node is out of service in case of -// a non-graceful shutdown -#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue deleted file mode 100644 index 19a7d631..00000000 --- a/test/cue.mod/gen/k8s.io/api/discovery/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -#GroupName: "discovery.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue deleted file mode 100644 index 144ef53e..00000000 --- a/test/cue.mod/gen/k8s.io/api/discovery/v1/types_go_gen.cue +++ /dev/null @@ -1,206 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" -) - -// EndpointSlice represents a subset of the endpoints that implement a service. -// For a given service there may be multiple EndpointSlice objects, selected by -// labels, which must be joined to produce the full set of endpoints. -#EndpointSlice: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // addressType specifies the type of address carried by this EndpointSlice. - // All addresses in this slice must be the same type. This field is - // immutable after creation. The following address types are currently - // supported: - // * IPv4: Represents an IPv4 Address. - // * IPv6: Represents an IPv6 Address. - // * FQDN: Represents a Fully Qualified Domain Name. - addressType: #AddressType @go(AddressType) @protobuf(4,bytes,rep) - - // endpoints is a list of unique endpoints in this slice. Each slice may - // include a maximum of 1000 endpoints. - // +listType=atomic - endpoints: [...#Endpoint] @go(Endpoints,[]Endpoint) @protobuf(2,bytes,rep) - - // ports specifies the list of network ports exposed by each endpoint in - // this slice. Each port must have a unique name. When ports is empty, it - // indicates that there are no defined ports. When a port is defined with a - // nil port value, it indicates "all ports". Each slice may include a - // maximum of 100 ports. - // +optional - // +listType=atomic - ports: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) -} - -// AddressType represents the type of address referred to by an endpoint. -// +enum -#AddressType: string // #enumAddressType - -#enumAddressType: - #AddressTypeIPv4 | - #AddressTypeIPv6 | - #AddressTypeFQDN - -// AddressTypeIPv4 represents an IPv4 Address. -#AddressTypeIPv4: #AddressType & "IPv4" - -// AddressTypeIPv6 represents an IPv6 Address. -#AddressTypeIPv6: #AddressType & "IPv6" - -// AddressTypeFQDN represents a FQDN. -#AddressTypeFQDN: #AddressType & "FQDN" - -// Endpoint represents a single logical "backend" implementing a service. -#Endpoint: { - // addresses of this endpoint. The contents of this field are interpreted - // according to the corresponding EndpointSlice addressType field. Consumers - // must handle different types of addresses in the context of their own - // capabilities. This must contain at least one address but no more than - // 100. These are all assumed to be fungible and clients may choose to only - // use the first element. Refer to: https://issue.k8s.io/106267 - // +listType=set - addresses: [...string] @go(Addresses,[]string) @protobuf(1,bytes,rep) - - // conditions contains information about the current status of the endpoint. - conditions?: #EndpointConditions @go(Conditions) @protobuf(2,bytes,opt) - - // hostname of this endpoint. This field may be used by consumers of - // endpoints to distinguish endpoints from each other (e.g. in DNS names). - // Multiple endpoints which use the same hostname should be considered - // fungible (e.g. multiple A values in DNS). Must be lowercase and pass DNS - // Label (RFC 1123) validation. - // +optional - hostname?: null | string @go(Hostname,*string) @protobuf(3,bytes,opt) - - // targetRef is a reference to a Kubernetes object that represents this - // endpoint. - // +optional - targetRef?: null | v1.#ObjectReference @go(TargetRef,*v1.ObjectReference) @protobuf(4,bytes,opt) - - // deprecatedTopology contains topology information part of the v1beta1 - // API. This field is deprecated, and will be removed when the v1beta1 - // API is removed (no sooner than kubernetes v1.24). While this field can - // hold values, it is not writable through the v1 API, and any attempts to - // write to it will be silently ignored. Topology information can be found - // in the zone and nodeName fields instead. - // +optional - deprecatedTopology?: {[string]: string} @go(DeprecatedTopology,map[string]string) @protobuf(5,bytes,opt) - - // nodeName represents the name of the Node hosting this endpoint. This can - // be used to determine endpoints local to a Node. - // +optional - nodeName?: null | string @go(NodeName,*string) @protobuf(6,bytes,opt) - - // zone is the name of the Zone this endpoint exists in. - // +optional - zone?: null | string @go(Zone,*string) @protobuf(7,bytes,opt) - - // hints contains information associated with how an endpoint should be - // consumed. - // +optional - hints?: null | #EndpointHints @go(Hints,*EndpointHints) @protobuf(8,bytes,opt) -} - -// EndpointConditions represents the current condition of an endpoint. -#EndpointConditions: { - // ready indicates that this endpoint is prepared to receive traffic, - // according to whatever system is managing the endpoint. A nil value - // indicates an unknown state. In most cases consumers should interpret this - // unknown state as ready. For compatibility reasons, ready should never be - // "true" for terminating endpoints, except when the normal readiness - // behavior is being explicitly overridden, for example when the associated - // Service has set the publishNotReadyAddresses flag. - // +optional - ready?: null | bool @go(Ready,*bool) @protobuf(1,bytes) - - // serving is identical to ready except that it is set regardless of the - // terminating state of endpoints. This condition should be set to true for - // a ready endpoint that is terminating. If nil, consumers should defer to - // the ready condition. - // +optional - serving?: null | bool @go(Serving,*bool) @protobuf(2,bytes) - - // terminating indicates that this endpoint is terminating. A nil value - // indicates an unknown state. Consumers should interpret this unknown state - // to mean that the endpoint is not terminating. - // +optional - terminating?: null | bool @go(Terminating,*bool) @protobuf(3,bytes) -} - -// EndpointHints provides hints describing how an endpoint should be consumed. -#EndpointHints: { - // forZones indicates the zone(s) this endpoint should be consumed by to - // enable topology aware routing. - // +listType=atomic - forZones?: [...#ForZone] @go(ForZones,[]ForZone) @protobuf(1,bytes) -} - -// ForZone provides information about which zones should consume this endpoint. -#ForZone: { - // name represents the name of the zone. - name: string @go(Name) @protobuf(1,bytes) -} - -// EndpointPort represents a Port used by an EndpointSlice -// +structType=atomic -#EndpointPort: { - // name represents the name of this port. All ports in an EndpointSlice must have a unique name. - // If the EndpointSlice is dervied from a Kubernetes service, this corresponds to the Service.ports[].name. - // Name must either be an empty string or pass DNS_LABEL validation: - // * must be no more than 63 characters long. - // * must consist of lower case alphanumeric characters or '-'. - // * must start and end with an alphanumeric character. - // Default is empty string. - name?: null | string @go(Name,*string) @protobuf(1,bytes) - - // protocol represents the IP protocol for this port. - // Must be UDP, TCP, or SCTP. - // Default is TCP. - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(2,bytes) - - // port represents the port number of the endpoint. - // If this is not specified, ports are not restricted and must be - // interpreted in the context of the specific consumer. - port?: null | int32 @go(Port,*int32) @protobuf(3,bytes,opt) - - // The application protocol for this port. - // This is used as a hint for implementations to offer richer behavior for protocols that they understand. - // This field follows standard Kubernetes label syntax. - // Valid values are either: - // - // * Un-prefixed protocol names - reserved for IANA standard service names (as per - // RFC-6335 and https://www.iana.org/assignments/service-names). - // - // * Kubernetes-defined prefixed names: - // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 - // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 - // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 - // - // * Other protocols should use implementation-defined prefixed names such as - // mycompany.com/my-custom-protocol. - // +optional - appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes) -} - -// EndpointSliceList represents a list of endpoint slices -#EndpointSliceList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of endpoint slices - items: [...#EndpointSlice] @go(Items,[]EndpointSlice) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue b/test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue deleted file mode 100644 index 9c40d30e..00000000 --- a/test/cue.mod/gen/k8s.io/api/discovery/v1/well_known_labels_go_gen.cue +++ /dev/null @@ -1,20 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/discovery/v1 - -package v1 - -// LabelServiceName is used to indicate the name of a Kubernetes service. -#LabelServiceName: "kubernetes.io/service-name" - -// LabelManagedBy is used to indicate the controller or entity that manages -// an EndpointSlice. This label aims to enable different EndpointSlice -// objects to be managed by different controllers or entities within the -// same cluster. It is highly recommended to configure this label for all -// EndpointSlices. -#LabelManagedBy: "endpointslice.kubernetes.io/managed-by" - -// LabelSkipMirror can be set to true on an Endpoints resource to indicate -// that the EndpointSliceMirroring controller should not mirror this -// resource with EndpointSlices. -#LabelSkipMirror: "endpointslice.kubernetes.io/skip-mirror" diff --git a/test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue deleted file mode 100644 index c4138c1c..00000000 --- a/test/cue.mod/gen/k8s.io/api/events/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/events/v1 - -package v1 - -#GroupName: "events.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue deleted file mode 100644 index 47acc8fc..00000000 --- a/test/cue.mod/gen/k8s.io/api/events/v1/types_go_gen.cue +++ /dev/null @@ -1,111 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/events/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" -) - -// Event is a report of an event somewhere in the cluster. It generally denotes some state change in the system. -// Events have a limited retention time and triggers and messages may evolve -// with time. Event consumers should not rely on the timing of an event -// with a given Reason reflecting a consistent underlying trigger, or the -// continued existence of events with that Reason. Events should be -// treated as informative, best-effort, supplemental data. -#Event: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // eventTime is the time when this Event was first observed. It is required. - eventTime: metav1.#MicroTime @go(EventTime) @protobuf(2,bytes,opt) - - // series is data about the Event series this event represents or nil if it's a singleton Event. - // +optional - series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(3,bytes,opt) - - // reportingController is the name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. - // This field cannot be empty for new Events. - reportingController?: string @go(ReportingController) @protobuf(4,bytes,opt) - - // reportingInstance is the ID of the controller instance, e.g. `kubelet-xyzf`. - // This field cannot be empty for new Events and it can have at most 128 characters. - reportingInstance?: string @go(ReportingInstance) @protobuf(5,bytes,opt) - - // action is what action was taken/failed regarding to the regarding object. It is machine-readable. - // This field cannot be empty for new Events and it can have at most 128 characters. - action?: string @go(Action) @protobuf(6,bytes) - - // reason is why the action was taken. It is human-readable. - // This field cannot be empty for new Events and it can have at most 128 characters. - reason?: string @go(Reason) @protobuf(7,bytes) - - // regarding contains the object this Event is about. In most cases it's an Object reporting controller - // implements, e.g. ReplicaSetController implements ReplicaSets and this event is emitted because - // it acts on some changes in a ReplicaSet object. - // +optional - regarding?: corev1.#ObjectReference @go(Regarding) @protobuf(8,bytes,opt) - - // related is the optional secondary object for more complex actions. E.g. when regarding object triggers - // a creation or deletion of related object. - // +optional - related?: null | corev1.#ObjectReference @go(Related,*corev1.ObjectReference) @protobuf(9,bytes,opt) - - // note is a human-readable description of the status of this operation. - // Maximal length of the note is 1kB, but libraries should be prepared to - // handle values up to 64kB. - // +optional - note?: string @go(Note) @protobuf(10,bytes,opt) - - // type is the type of this event (Normal, Warning), new types could be added in the future. - // It is machine-readable. - // This field cannot be empty for new Events. - type?: string @go(Type) @protobuf(11,bytes,opt) - - // deprecatedSource is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedSource?: corev1.#EventSource @go(DeprecatedSource) @protobuf(12,bytes,opt) - - // deprecatedFirstTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedFirstTimestamp?: metav1.#Time @go(DeprecatedFirstTimestamp) @protobuf(13,bytes,opt) - - // deprecatedLastTimestamp is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedLastTimestamp?: metav1.#Time @go(DeprecatedLastTimestamp) @protobuf(14,bytes,opt) - - // deprecatedCount is the deprecated field assuring backward compatibility with core.v1 Event type. - // +optional - deprecatedCount?: int32 @go(DeprecatedCount) @protobuf(15,varint,opt) -} - -// EventSeries contain information on series of events, i.e. thing that was/is happening -// continuously for some time. How often to update the EventSeries is up to the event reporters. -// The default event reporter in "k8s.io/client-go/tools/events/event_broadcaster.go" shows -// how this struct is updated on heartbeats and can guide customized reporter implementations. -#EventSeries: { - // count is the number of occurrences in this series up to the last heartbeat time. - count: int32 @go(Count) @protobuf(1,varint,opt) - - // lastObservedTime is the time when last Event from the series was seen before last heartbeat. - lastObservedTime: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes,opt) -} - -// EventList is a list of Event objects. -#EventList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue deleted file mode 100644 index f1042622..00000000 --- a/test/cue.mod/gen/k8s.io/api/networking/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -#GroupName: "networking.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue deleted file mode 100644 index bbdc7f2b..00000000 --- a/test/cue.mod/gen/k8s.io/api/networking/v1/types_go_gen.cue +++ /dev/null @@ -1,588 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -// NetworkPolicy describes what network traffic is allowed for a set of Pods -#NetworkPolicy: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the desired behavior for this NetworkPolicy. - // +optional - spec?: #NetworkPolicySpec @go(Spec) @protobuf(2,bytes,opt) -} - -// PolicyType string describes the NetworkPolicy type -// This type is beta-level in 1.8 -// +enum -#PolicyType: string // #enumPolicyType - -#enumPolicyType: - #PolicyTypeIngress | - #PolicyTypeEgress - -// PolicyTypeIngress is a NetworkPolicy that affects ingress traffic on selected pods -#PolicyTypeIngress: #PolicyType & "Ingress" - -// PolicyTypeEgress is a NetworkPolicy that affects egress traffic on selected pods -#PolicyTypeEgress: #PolicyType & "Egress" - -// NetworkPolicySpec provides the specification of a NetworkPolicy -#NetworkPolicySpec: { - // podSelector selects the pods to which this NetworkPolicy object applies. - // The array of ingress rules is applied to any pods selected by this field. - // Multiple network policies can select the same set of pods. In this case, - // the ingress rules for each are combined additively. - // This field is NOT optional and follows standard label selector semantics. - // An empty podSelector matches all pods in this namespace. - podSelector: metav1.#LabelSelector @go(PodSelector) @protobuf(1,bytes,opt) - - // ingress is a list of ingress rules to be applied to the selected pods. - // Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod - // (and cluster policy otherwise allows the traffic), OR if the traffic source is - // the pod's local node, OR if the traffic matches at least one ingress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy does not allow any traffic (and serves - // solely to ensure that the pods it selects are isolated by default) - // +optional - ingress?: [...#NetworkPolicyIngressRule] @go(Ingress,[]NetworkPolicyIngressRule) @protobuf(2,bytes,rep) - - // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic - // is allowed if there are no NetworkPolicies selecting the pod (and cluster policy - // otherwise allows the traffic), OR if the traffic matches at least one egress rule - // across all of the NetworkPolicy objects whose podSelector matches the pod. If - // this field is empty then this NetworkPolicy limits all outgoing traffic (and serves - // solely to ensure that the pods it selects are isolated by default). - // This field is beta-level in 1.8 - // +optional - egress?: [...#NetworkPolicyEgressRule] @go(Egress,[]NetworkPolicyEgressRule) @protobuf(3,bytes,rep) - - // policyTypes is a list of rule types that the NetworkPolicy relates to. - // Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. - // If this field is not specified, it will default based on the existence of ingress or egress rules; - // policies that contain an egress section are assumed to affect egress, and all policies - // (whether or not they contain an ingress section) are assumed to affect ingress. - // If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. - // Likewise, if you want to write a policy that specifies that no egress is allowed, - // you must specify a policyTypes value that include "Egress" (since such a policy would not include - // an egress section and would otherwise default to just [ "Ingress" ]). - // This field is beta-level in 1.8 - // +optional - policyTypes?: [...#PolicyType] @go(PolicyTypes,[]PolicyType) @protobuf(4,bytes,rep,casttype=PolicyType) -} - -// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from. -#NetworkPolicyIngressRule: { - // ports is a list of ports which should be made accessible on the pods selected for - // this rule. Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // from is a list of sources which should be able to access the pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all sources (traffic not restricted by - // source). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the from list. - // +optional - from?: [...#NetworkPolicyPeer] @go(From,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods -// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and to. -// This type is beta-level in 1.8 -#NetworkPolicyEgressRule: { - // ports is a list of destination ports for outgoing traffic. - // Each item in this list is combined using a logical OR. If this field is - // empty or missing, this rule matches all ports (traffic not restricted by port). - // If this field is present and contains at least one item, then this rule allows - // traffic only if the traffic matches at least one port in the list. - // +optional - ports?: [...#NetworkPolicyPort] @go(Ports,[]NetworkPolicyPort) @protobuf(1,bytes,rep) - - // to is a list of destinations for outgoing traffic of pods selected for this rule. - // Items in this list are combined using a logical OR operation. If this field is - // empty or missing, this rule matches all destinations (traffic not restricted by - // destination). If this field is present and contains at least one item, this rule - // allows traffic only if the traffic matches at least one item in the to list. - // +optional - to?: [...#NetworkPolicyPeer] @go(To,[]NetworkPolicyPeer) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPort describes a port to allow traffic on -#NetworkPolicyPort: { - // protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. - // If not specified, this field defaults to TCP. - // +optional - protocol?: null | v1.#Protocol @go(Protocol,*v1.Protocol) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.Protocol) - - // port represents the port on the given protocol. This can either be a numerical or named - // port on a pod. If this field is not provided, this matches all port names and - // numbers. - // If present, only traffic on the specified protocol AND port will be matched. - // +optional - port?: null | intstr.#IntOrString @go(Port,*intstr.IntOrString) @protobuf(2,bytes,opt) - - // endPort indicates that the range of ports from port to endPort if set, inclusive, - // should be allowed by the policy. This field cannot be defined if the port field - // is not defined or if the port field is defined as a named (string) port. - // The endPort must be equal or greater than port. - // +optional - endPort?: null | int32 @go(EndPort,*int32) @protobuf(3,bytes,opt) -} - -// IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed -// to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs -// that should not be included within this rule. -#IPBlock: { - // cidr is a string representing the IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - cidr: string @go(CIDR) @protobuf(1,bytes) - - // except is a slice of CIDRs that should not be included within an IPBlock - // Valid examples are "192.168.1.0/24" or "2001:db8::/64" - // Except values will be rejected if they are outside the cidr range - // +optional - except?: [...string] @go(Except,[]string) @protobuf(2,bytes,rep) -} - -// NetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of -// fields are allowed -#NetworkPolicyPeer: { - // podSelector is a label selector which selects pods. This field follows standard label - // selector semantics; if present but empty, it selects all pods. - // - // If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the Namespaces selected by NamespaceSelector. - // Otherwise it selects the pods matching podSelector in the policy's own namespace. - // +optional - podSelector?: null | metav1.#LabelSelector @go(PodSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) - - // namespaceSelector selects namespaces using cluster-scoped labels. This field follows - // standard label selector semantics; if present but empty, it selects all namespaces. - // - // If podSelector is also set, then the NetworkPolicyPeer as a whole selects - // the pods matching podSelector in the namespaces selected by namespaceSelector. - // Otherwise it selects all pods in the namespaces selected by namespaceSelector. - // +optional - namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // ipBlock defines policy on a particular IPBlock. If this field is set then - // neither of the other fields can be. - // +optional - ipBlock?: null | #IPBlock @go(IPBlock,*IPBlock) @protobuf(3,bytes,rep) -} - -// NetworkPolicyList is a list of NetworkPolicy objects. -#NetworkPolicyList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#NetworkPolicy] @go(Items,[]NetworkPolicy) @protobuf(2,bytes,rep) -} - -// Ingress is a collection of rules that allow inbound connections to reach the -// endpoints defined by a backend. An Ingress can be configured to give services -// externally-reachable urls, load balance traffic, terminate SSL, offer name -// based virtual hosting etc. -#Ingress: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressSpec @go(Spec) @protobuf(2,bytes,opt) - - // status is the current state of the Ingress. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: #IngressStatus @go(Status) @protobuf(3,bytes,opt) -} - -// IngressList is a collection of Ingress. -#IngressList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of Ingress. - items: [...#Ingress] @go(Items,[]Ingress) @protobuf(2,bytes,rep) -} - -// IngressSpec describes the Ingress the user wishes to exist. -#IngressSpec: { - // ingressClassName is the name of an IngressClass cluster resource. Ingress - // controller implementations use this field to know whether they should be - // serving this Ingress resource, by a transitive connection - // (controller -> IngressClass -> Ingress resource). Although the - // `kubernetes.io/ingress.class` annotation (simple constant name) was never - // formally defined, it was widely supported by Ingress controllers to create - // a direct binding between Ingress controller and Ingress resources. Newly - // created Ingress resources should prefer using the field. However, even - // though the annotation is officially deprecated, for backwards compatibility - // reasons, ingress controllers should still honor that annotation if present. - // +optional - ingressClassName?: null | string @go(IngressClassName,*string) @protobuf(4,bytes,opt) - - // defaultBackend is the backend that should handle requests that don't - // match any rule. If Rules are not specified, DefaultBackend must be specified. - // If DefaultBackend is not set, the handling of requests that do not match any - // of the rules will be up to the Ingress controller. - // +optional - defaultBackend?: null | #IngressBackend @go(DefaultBackend,*IngressBackend) @protobuf(1,bytes,opt) - - // tls represents the TLS configuration. Currently the Ingress only supports a - // single TLS port, 443. If multiple members of this list specify different hosts, - // they will be multiplexed on the same port according to the hostname specified - // through the SNI TLS extension, if the ingress controller fulfilling the - // ingress supports SNI. - // +listType=atomic - // +optional - tls?: [...#IngressTLS] @go(TLS,[]IngressTLS) @protobuf(2,bytes,rep) - - // rules is a list of host rules used to configure the Ingress. If unspecified, - // or no rule matches, all traffic is sent to the default backend. - // +listType=atomic - // +optional - rules?: [...#IngressRule] @go(Rules,[]IngressRule) @protobuf(3,bytes,rep) -} - -// IngressTLS describes the transport layer security associated with an ingress. -#IngressTLS: { - // hosts is a list of hosts included in the TLS certificate. The values in - // this list must match the name/s used in the tlsSecret. Defaults to the - // wildcard host setting for the loadbalancer controller fulfilling this - // Ingress, if left unspecified. - // +listType=atomic - // +optional - hosts?: [...string] @go(Hosts,[]string) @protobuf(1,bytes,rep) - - // secretName is the name of the secret used to terminate TLS traffic on - // port 443. Field is left optional to allow TLS routing based on SNI - // hostname alone. If the SNI host in a listener conflicts with the "Host" - // header field used by an IngressRule, the SNI host is used for termination - // and value of the "Host" header is used for routing. - // +optional - secretName?: string @go(SecretName) @protobuf(2,bytes,opt) -} - -// IngressStatus describe the current state of the Ingress. -#IngressStatus: { - // loadBalancer contains the current status of the load-balancer. - // +optional - loadBalancer?: #IngressLoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) -} - -// IngressLoadBalancerStatus represents the status of a load-balancer. -#IngressLoadBalancerStatus: { - // ingress is a list containing ingress points for the load-balancer. - // +optional - ingress?: [...#IngressLoadBalancerIngress] @go(Ingress,[]IngressLoadBalancerIngress) @protobuf(1,bytes,rep) -} - -// IngressLoadBalancerIngress represents the status of a load-balancer ingress point. -#IngressLoadBalancerIngress: { - // ip is set for load-balancer ingress points that are IP based. - // +optional - ip?: string @go(IP) @protobuf(1,bytes,opt) - - // hostname is set for load-balancer ingress points that are DNS based. - // +optional - hostname?: string @go(Hostname) @protobuf(2,bytes,opt) - - // ports provides information about the ports exposed by this LoadBalancer. - // +listType=atomic - // +optional - ports?: [...#IngressPortStatus] @go(Ports,[]IngressPortStatus) @protobuf(4,bytes,rep) -} - -// IngressPortStatus represents the error condition of a service port -#IngressPortStatus: { - // port is the port number of the ingress port. - port: int32 @go(Port) @protobuf(1,varint,opt) - - // protocol is the protocol of the ingress port. - // The supported values are: "TCP", "UDP", "SCTP" - protocol: v1.#Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) - - // error is to record the problem with the service port - // The format of the error shall comply with the following rules: - // - built-in error values shall be specified in this file and those shall use - // CamelCase names - // - cloud provider specific error values must have names that comply with the - // format foo.example.com/CamelCase. - // --- - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +optional - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) -} - -// IngressRule represents the rules mapping the paths under a specified host to -// the related backend services. Incoming requests are first evaluated for a host -// match, then routed to the backend associated with the matching IngressRuleValue. -#IngressRule: { - // host is the fully qualified domain name of a network host, as defined by RFC 3986. - // Note the following deviations from the "host" part of the - // URI as defined in RFC 3986: - // 1. IPs are not allowed. Currently an IngressRuleValue can only apply to - // the IP in the Spec of the parent Ingress. - // 2. The `:` delimiter is not respected because ports are not allowed. - // Currently the port of an Ingress is implicitly :80 for http and - // :443 for https. - // Both these may change in the future. - // Incoming requests are matched against the host before the - // IngressRuleValue. If the host is unspecified, the Ingress routes all - // traffic based on the specified IngressRuleValue. - // - // host can be "precise" which is a domain name without the terminating dot of - // a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name - // prefixed with a single wildcard label (e.g. "*.foo.com"). - // The wildcard character '*' must appear by itself as the first DNS label and - // matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*"). - // Requests will be matched against the Host field in the following way: - // 1. If host is precise, the request matches this rule if the http host header is equal to Host. - // 2. If host is a wildcard, then the request matches this rule if the http host header - // is to equal to the suffix (removing the first label) of the wildcard rule. - // +optional - host?: string @go(Host) @protobuf(1,bytes,opt) - - #IngressRuleValue -} - -// IngressRuleValue represents a rule to apply against incoming requests. If the -// rule is satisfied, the request is routed to the specified backend. Currently -// mixing different types of rules in a single Ingress is disallowed, so exactly -// one of the following must be set. -#IngressRuleValue: { - // +optional - http?: null | #HTTPIngressRuleValue @go(HTTP,*HTTPIngressRuleValue) @protobuf(1,bytes,opt) -} - -// HTTPIngressRuleValue is a list of http selectors pointing to backends. -// In the example: http:///? -> backend where -// where parts of the url correspond to RFC 3986, this resource will be used -// to match against everything after the last '/' and before the first '?' -// or '#'. -#HTTPIngressRuleValue: { - // paths is a collection of paths that map requests to backends. - // +listType=atomic - paths: [...#HTTPIngressPath] @go(Paths,[]HTTPIngressPath) @protobuf(1,bytes,rep) -} - -// PathType represents the type of path referred to by a HTTPIngressPath. -// +enum -#PathType: string // #enumPathType - -#enumPathType: - #PathTypeExact | - #PathTypePrefix | - #PathTypeImplementationSpecific - -// PathTypeExact matches the URL path exactly and with case sensitivity. -#PathTypeExact: #PathType & "Exact" - -// PathTypePrefix matches based on a URL path prefix split by '/'. Matching -// is case sensitive and done on a path element by element basis. A path -// element refers to the list of labels in the path split by the '/' -// separator. A request is a match for path p if every p is an element-wise -// prefix of p of the request path. Note that if the last element of the -// path is a substring of the last element in request path, it is not a -// match (e.g. /foo/bar matches /foo/bar/baz, but does not match -// /foo/barbaz). If multiple matching paths exist in an Ingress spec, the -// longest matching path is given priority. -// Examples: -// - /foo/bar does not match requests to /foo/barbaz -// - /foo/bar matches request to /foo/bar and /foo/bar/baz -// - /foo and /foo/ both match requests to /foo and /foo/. If both paths are -// present in an Ingress spec, the longest matching path (/foo/) is given -// priority. -#PathTypePrefix: #PathType & "Prefix" - -// PathTypeImplementationSpecific matching is up to the IngressClass. -// Implementations can treat this as a separate PathType or treat it -// identically to Prefix or Exact path types. -#PathTypeImplementationSpecific: #PathType & "ImplementationSpecific" - -// HTTPIngressPath associates a path with a backend. Incoming urls matching the -// path are forwarded to the backend. -#HTTPIngressPath: { - // path is matched against the path of an incoming request. Currently it can - // contain characters disallowed from the conventional "path" part of a URL - // as defined by RFC 3986. Paths must begin with a '/' and must be present - // when using PathType with value "Exact" or "Prefix". - // +optional - path?: string @go(Path) @protobuf(1,bytes,opt) - - // pathType determines the interpretation of the path matching. PathType can - // be one of the following values: - // * Exact: Matches the URL path exactly. - // * Prefix: Matches based on a URL path prefix split by '/'. Matching is - // done on a path element by element basis. A path element refers is the - // list of labels in the path split by the '/' separator. A request is a - // match for path p if every p is an element-wise prefix of p of the - // request path. Note that if the last element of the path is a substring - // of the last element in request path, it is not a match (e.g. /foo/bar - // matches /foo/bar/baz, but does not match /foo/barbaz). - // * ImplementationSpecific: Interpretation of the Path matching is up to - // the IngressClass. Implementations can treat this as a separate PathType - // or treat it identically to Prefix or Exact path types. - // Implementations are required to support all path types. - pathType?: null | #PathType @go(PathType,*PathType) @protobuf(3,bytes,opt) - - // backend defines the referenced service endpoint to which the traffic - // will be forwarded to. - backend: #IngressBackend @go(Backend) @protobuf(2,bytes,opt) -} - -// IngressBackend describes all endpoints for a given service and port. -#IngressBackend: { - // service references a service as a backend. - // This is a mutually exclusive setting with "Resource". - // +optional - service?: null | #IngressServiceBackend @go(Service,*IngressServiceBackend) @protobuf(4,bytes,opt) - - // resource is an ObjectRef to another Kubernetes resource in the namespace - // of the Ingress object. If resource is specified, a service.Name and - // service.Port must not be specified. - // This is a mutually exclusive setting with "Service". - // +optional - resource?: null | v1.#TypedLocalObjectReference @go(Resource,*v1.TypedLocalObjectReference) @protobuf(3,bytes,opt) -} - -// IngressServiceBackend references a Kubernetes Service as a Backend. -#IngressServiceBackend: { - // name is the referenced service. The service must exist in - // the same namespace as the Ingress object. - name: string @go(Name) @protobuf(1,bytes,opt) - - // port of the referenced service. A port name or port number - // is required for a IngressServiceBackend. - port?: #ServiceBackendPort @go(Port) @protobuf(2,bytes,opt) -} - -// ServiceBackendPort is the service port being referenced. -#ServiceBackendPort: { - // name is the name of the port on the Service. - // This is a mutually exclusive setting with "Number". - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // number is the numerical port number (e.g. 80) on the Service. - // This is a mutually exclusive setting with "Name". - // +optional - number?: int32 @go(Number) @protobuf(2,bytes,opt) -} - -// IngressClass represents the class of the Ingress, referenced by the Ingress -// Spec. The `ingressclass.kubernetes.io/is-default-class` annotation can be -// used to indicate that an IngressClass should be considered default. When a -// single IngressClass resource has this annotation set to true, new Ingress -// resources without a class specified will be assigned this default class. -#IngressClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the desired state of the IngressClass. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - spec?: #IngressClassSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// IngressClassSpec provides information about the class of an Ingress. -#IngressClassSpec: { - // controller refers to the name of the controller that should handle this - // class. This allows for different "flavors" that are controlled by the - // same controller. For example, you may have different parameters for the - // same implementing controller. This should be specified as a - // domain-prefixed path no more than 250 characters in length, e.g. - // "acme.io/ingress-controller". This field is immutable. - controller?: string @go(Controller) @protobuf(1,bytes,opt) - - // parameters is a link to a custom resource containing additional - // configuration for the controller. This is optional if the controller does - // not require extra parameters. - // +optional - parameters?: null | #IngressClassParametersReference @go(Parameters,*IngressClassParametersReference) @protobuf(2,bytes,opt) -} - -// IngressClassParametersReferenceScopeNamespace indicates that the -// referenced Parameters resource is namespace-scoped. -#IngressClassParametersReferenceScopeNamespace: "Namespace" - -// IngressClassParametersReferenceScopeCluster indicates that the -// referenced Parameters resource is cluster-scoped. -#IngressClassParametersReferenceScopeCluster: "Cluster" - -// IngressClassParametersReference identifies an API object. This can be used -// to specify a cluster or namespace-scoped resource. -#IngressClassParametersReference: { - // apiGroup is the group for the resource being referenced. If APIGroup is - // not specified, the specified Kind must be in the core API group. For any - // other third-party types, APIGroup is required. - // +optional - apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt,name=aPIGroup) - - // kind is the type of resource being referenced. - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // name is the name of resource being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // scope represents if this refers to a cluster or namespace scoped resource. - // This may be set to "Cluster" (default) or "Namespace". - // +optional - scope?: null | string @go(Scope,*string) @protobuf(4,bytes,opt) - - // namespace is the namespace of the resource being referenced. This field is - // required when scope is set to "Namespace" and must be unset when scope is set to - // "Cluster". - // +optional - namespace?: null | string @go(Namespace,*string) @protobuf(5,bytes,opt) -} - -// IngressClassList is a collection of IngressClasses. -#IngressClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of IngressClasses. - items: [...#IngressClass] @go(Items,[]IngressClass) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue b/test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue deleted file mode 100644 index bee74f4b..00000000 --- a/test/cue.mod/gen/k8s.io/api/networking/v1/well_known_annotations_go_gen.cue +++ /dev/null @@ -1,11 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/networking/v1 - -package v1 - -// AnnotationIsDefaultIngressClass can be used to indicate that an -// IngressClass should be considered default. When a single IngressClass -// resource has this annotation set to true, new Ingress resources without a -// class specified will be assigned this default class. -#AnnotationIsDefaultIngressClass: "ingressclass.kubernetes.io/is-default-class" diff --git a/test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue deleted file mode 100644 index 5969b44f..00000000 --- a/test/cue.mod/gen/k8s.io/api/node/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/node/v1 - -package v1 - -#GroupName: "node.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue deleted file mode 100644 index 3934557c..00000000 --- a/test/cue.mod/gen/k8s.io/api/node/v1/types_go_gen.cue +++ /dev/null @@ -1,90 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/node/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - corev1 "k8s.io/api/core/v1" -) - -// RuntimeClass defines a class of container runtime supported in the cluster. -// The RuntimeClass is used to determine which container runtime is used to run -// all containers in a pod. RuntimeClasses are manually defined by a -// user or cluster provisioner, and referenced in the PodSpec. The Kubelet is -// responsible for resolving the RuntimeClassName reference before running the -// pod. For more details, see -// https://kubernetes.io/docs/concepts/containers/runtime-class/ -#RuntimeClass: { - metav1.#TypeMeta - - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // handler specifies the underlying runtime and configuration that the CRI - // implementation will use to handle pods of this class. The possible values - // are specific to the node & CRI configuration. It is assumed that all - // handlers are available on every node, and handlers of the same name are - // equivalent on every node. - // For example, a handler called "runc" might specify that the runc OCI - // runtime (using native Linux containers) will be used to run the containers - // in a pod. - // The Handler must be lowercase, conform to the DNS Label (RFC 1123) requirements, - // and is immutable. - handler: string @go(Handler) @protobuf(2,bytes,opt) - - // overhead represents the resource overhead associated with running a pod for a - // given RuntimeClass. For more details, see - // https://kubernetes.io/docs/concepts/scheduling-eviction/pod-overhead/ - // +optional - overhead?: null | #Overhead @go(Overhead,*Overhead) @protobuf(3,bytes,opt) - - // scheduling holds the scheduling constraints to ensure that pods running - // with this RuntimeClass are scheduled to nodes that support it. - // If scheduling is nil, this RuntimeClass is assumed to be supported by all - // nodes. - // +optional - scheduling?: null | #Scheduling @go(Scheduling,*Scheduling) @protobuf(4,bytes,opt) -} - -// Overhead structure represents the resource overhead associated with running a pod. -#Overhead: { - // podFixed represents the fixed resource overhead associated with running a pod. - // +optional - podFixed?: corev1.#ResourceList @go(PodFixed) @protobuf(1,bytes,opt,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName,castvalue=k8s.io/apimachinery/pkg/api/resource.Quantity) -} - -// Scheduling specifies the scheduling constraints for nodes supporting a -// RuntimeClass. -#Scheduling: { - // nodeSelector lists labels that must be present on nodes that support this - // RuntimeClass. Pods using this RuntimeClass can only be scheduled to a - // node matched by this selector. The RuntimeClass nodeSelector is merged - // with a pod's existing nodeSelector. Any conflicts will cause the pod to - // be rejected in admission. - // +optional - // +mapType=atomic - nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(1,bytes,opt) - - // tolerations are appended (excluding duplicates) to pods running with this - // RuntimeClass during admission, effectively unioning the set of nodes - // tolerated by the pod and the RuntimeClass. - // +optional - // +listType=atomic - tolerations?: [...corev1.#Toleration] @go(Tolerations,[]corev1.Toleration) @protobuf(2,bytes,rep) -} - -// RuntimeClassList is a list of RuntimeClass objects. -#RuntimeClassList: { - metav1.#TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is a list of schema objects. - items: [...#RuntimeClass] @go(Items,[]RuntimeClass) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue deleted file mode 100644 index dedcdc34..00000000 --- a/test/cue.mod/gen/k8s.io/api/policy/v1/doc_go_gen.cue +++ /dev/null @@ -1,8 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -// Package policy is for any kind of policy object. Suitable examples, even if -// they aren't all here, are PodDisruptionBudget, PodSecurityPolicy, -// NetworkPolicy, etc. -package v1 diff --git a/test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue deleted file mode 100644 index e38fa373..00000000 --- a/test/cue.mod/gen/k8s.io/api/policy/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -package v1 - -#GroupName: "policy" diff --git a/test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue deleted file mode 100644 index 5901cc6d..00000000 --- a/test/cue.mod/gen/k8s.io/api/policy/v1/types_go_gen.cue +++ /dev/null @@ -1,204 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/policy/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" -) - -#DisruptionBudgetCause: metav1.#CauseType & "DisruptionBudget" - -// PodDisruptionBudgetSpec is a description of a PodDisruptionBudget. -#PodDisruptionBudgetSpec: { - // An eviction is allowed if at least "minAvailable" pods selected by - // "selector" will still be available after the eviction, i.e. even in the - // absence of the evicted pod. So for example you can prevent all voluntary - // evictions by specifying "100%". - // +optional - minAvailable?: null | intstr.#IntOrString @go(MinAvailable,*intstr.IntOrString) @protobuf(1,bytes,opt) - - // Label query over pods whose evictions are managed by the disruption - // budget. - // A null selector will match no pods, while an empty ({}) selector will select - // all pods within the namespace. - // +patchStrategy=replace - // +optional - selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // An eviction is allowed if at most "maxUnavailable" pods selected by - // "selector" are unavailable after the eviction, i.e. even in absence of - // the evicted pod. For example, one can prevent all voluntary evictions - // by specifying 0. This is a mutually exclusive setting with "minAvailable". - // +optional - maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(3,bytes,opt) - - // UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods - // should be considered for eviction. Current implementation considers healthy pods, - // as pods that have status.conditions item with type="Ready",status="True". - // - // Valid policies are IfHealthyBudget and AlwaysAllow. - // If no policy is specified, the default behavior will be used, - // which corresponds to the IfHealthyBudget policy. - // - // IfHealthyBudget policy means that running pods (status.phase="Running"), - // but not yet healthy can be evicted only if the guarded application is not - // disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - // Healthy pods will be subject to the PDB for eviction. - // - // AlwaysAllow policy means that all running pods (status.phase="Running"), - // but not yet healthy are considered disrupted and can be evicted regardless - // of whether the criteria in a PDB is met. This means perspective running - // pods of a disrupted application might not get a chance to become healthy. - // Healthy pods will be subject to the PDB for eviction. - // - // Additional policies may be added in the future. - // Clients making eviction decisions should disallow eviction of unhealthy pods - // if they encounter an unrecognized policy in this field. - // - // This field is beta-level. The eviction API uses this field when - // the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). - // +optional - unhealthyPodEvictionPolicy?: null | #UnhealthyPodEvictionPolicyType @go(UnhealthyPodEvictionPolicy,*UnhealthyPodEvictionPolicyType) @protobuf(4,bytes,opt) -} - -// UnhealthyPodEvictionPolicyType defines the criteria for when unhealthy pods -// should be considered for eviction. -// +enum -#UnhealthyPodEvictionPolicyType: string // #enumUnhealthyPodEvictionPolicyType - -#enumUnhealthyPodEvictionPolicyType: - #IfHealthyBudget | - #AlwaysAllow - -// IfHealthyBudget policy means that running pods (status.phase="Running"), -// but not yet healthy can be evicted only if the guarded application is not -// disrupted (status.currentHealthy is at least equal to status.desiredHealthy). -// Healthy pods will be subject to the PDB for eviction. -#IfHealthyBudget: #UnhealthyPodEvictionPolicyType & "IfHealthyBudget" - -// AlwaysAllow policy means that all running pods (status.phase="Running"), -// but not yet healthy are considered disrupted and can be evicted regardless -// of whether the criteria in a PDB is met. This means perspective running -// pods of a disrupted application might not get a chance to become healthy. -// Healthy pods will be subject to the PDB for eviction. -#AlwaysAllow: #UnhealthyPodEvictionPolicyType & "AlwaysAllow" - -// PodDisruptionBudgetStatus represents information about the status of a -// PodDisruptionBudget. Status may trail the actual state of a system. -#PodDisruptionBudgetStatus: { - // Most recent generation observed when updating this PDB status. DisruptionsAllowed and other - // status information is valid only if observedGeneration equals to PDB's object generation. - // +optional - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) - - // DisruptedPods contains information about pods whose eviction was - // processed by the API server eviction subresource handler but has not - // yet been observed by the PodDisruptionBudget controller. - // A pod will be in this map from the time when the API server processed the - // eviction request to the time when the pod is seen by PDB controller - // as having been marked for deletion (or after a timeout). The key in the map is the name of the pod - // and the value is the time when the API server processed the eviction request. If - // the deletion didn't occur and a pod is still there it will be removed from - // the list automatically by PodDisruptionBudget controller after some time. - // If everything goes smooth this map should be empty for the most of the time. - // Large number of entries in the map may indicate problems with pod deletions. - // +optional - disruptedPods?: {[string]: metav1.#Time} @go(DisruptedPods,map[string]metav1.Time) @protobuf(2,bytes,rep) - - // Number of pod disruptions that are currently allowed. - disruptionsAllowed: int32 @go(DisruptionsAllowed) @protobuf(3,varint,opt) - - // current number of healthy pods - currentHealthy: int32 @go(CurrentHealthy) @protobuf(4,varint,opt) - - // minimum desired number of healthy pods - desiredHealthy: int32 @go(DesiredHealthy) @protobuf(5,varint,opt) - - // total number of pods counted by this disruption budget - expectedPods: int32 @go(ExpectedPods) @protobuf(6,varint,opt) - - // Conditions contain conditions for PDB. The disruption controller sets the - // DisruptionAllowed condition. The following are known values for the reason field - // (additional reasons could be added in the future): - // - SyncFailed: The controller encountered an error and wasn't able to compute - // the number of allowed disruptions. Therefore no disruptions are - // allowed and the status of the condition will be False. - // - InsufficientPods: The number of pods are either at or below the number - // required by the PodDisruptionBudget. No disruptions are - // allowed and the status of the condition will be False. - // - SufficientPods: There are more pods than required by the PodDisruptionBudget. - // The condition will be True, and the number of allowed - // disruptions are provided by the disruptionsAllowed property. - // - // +optional - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(7,bytes,rep) -} - -// DisruptionAllowedCondition is a condition set by the disruption controller -// that signal whether any of the pods covered by the PDB can be disrupted. -#DisruptionAllowedCondition: "DisruptionAllowed" - -// SyncFailedReason is set on the DisruptionAllowed condition if reconcile -// of the PDB failed and therefore disruption of pods are not allowed. -#SyncFailedReason: "SyncFailed" - -// SufficientPodsReason is set on the DisruptionAllowed condition if there are -// more pods covered by the PDB than required and at least one can be disrupted. -#SufficientPodsReason: "SufficientPods" - -// InsufficientPodsReason is set on the DisruptionAllowed condition if the number -// of pods are equal to or fewer than required by the PDB. -#InsufficientPodsReason: "InsufficientPods" - -// PodDisruptionBudget is an object to define the max disruption that can be caused to a collection of pods -#PodDisruptionBudget: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Specification of the desired behavior of the PodDisruptionBudget. - // +optional - spec?: #PodDisruptionBudgetSpec @go(Spec) @protobuf(2,bytes,opt) - - // Most recently observed status of the PodDisruptionBudget. - // +optional - status?: #PodDisruptionBudgetStatus @go(Status) @protobuf(3,bytes,opt) -} - -// PodDisruptionBudgetList is a collection of PodDisruptionBudgets. -#PodDisruptionBudgetList: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of PodDisruptionBudgets - items: [...#PodDisruptionBudget] @go(Items,[]PodDisruptionBudget) @protobuf(2,bytes,rep) -} - -// Eviction evicts a pod from its node subject to certain policies and safety constraints. -// This is a subresource of Pod. A request to cause such an eviction is -// created by POSTing to .../pods//evictions. -#Eviction: { - metav1.#TypeMeta - - // ObjectMeta describes the pod that is being evicted. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // DeleteOptions may be provided - // +optional - deleteOptions?: null | metav1.#DeleteOptions @go(DeleteOptions,*metav1.DeleteOptions) @protobuf(2,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue deleted file mode 100644 index 1c83e8b4..00000000 --- a/test/cue.mod/gen/k8s.io/api/rbac/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -#GroupName: "rbac.authorization.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue deleted file mode 100644 index 521e355e..00000000 --- a/test/cue.mod/gen/k8s.io/api/rbac/v1/types_go_gen.cue +++ /dev/null @@ -1,207 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/rbac/v1 - -package v1 - -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - -#APIGroupAll: "*" -#ResourceAll: "*" -#VerbAll: "*" -#NonResourceAll: "*" -#GroupKind: "Group" -#ServiceAccountKind: "ServiceAccount" -#UserKind: "User" - -// AutoUpdateAnnotationKey is the name of an annotation which prevents reconciliation if set to "false" -#AutoUpdateAnnotationKey: "rbac.authorization.kubernetes.io/autoupdate" - -// PolicyRule holds information that describes a policy rule, but does not contain information -// about who the rule applies to or which namespace the rule applies to. -#PolicyRule: { - // Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. - verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep) - - // APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of - // the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups. - // +optional - apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep) - - // Resources is a list of resources this rule applies to. '*' represents all resources. - // +optional - resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep) - - // ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - // +optional - resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep) - - // NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path - // Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. - // Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - // +optional - nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(5,bytes,rep) -} - -// Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, -// or a value for non-objects such as user and group names. -// +structType=atomic -#Subject: { - // Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - // If the Authorizer does not recognized the kind value, the Authorizer should report an error. - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // APIGroup holds the API group of the referenced subject. - // Defaults to "" for ServiceAccount subjects. - // Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - // +optional - apiGroup?: string @go(APIGroup) @protobuf(2,bytes,opt.name=apiGroup) - - // Name of the object being referenced. - name: string @go(Name) @protobuf(3,bytes,opt) - - // Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - // the Authorizer should report an error. - // +optional - namespace?: string @go(Namespace) @protobuf(4,bytes,opt) -} - -// RoleRef contains information that points to the role being used -// +structType=atomic -#RoleRef: { - // APIGroup is the group for the resource being referenced - apiGroup: string @go(APIGroup) @protobuf(1,bytes,opt) - - // Kind is the type of resource being referenced - kind: string @go(Kind) @protobuf(2,bytes,opt) - - // Name is the name of resource being referenced - name: string @go(Name) @protobuf(3,bytes,opt) -} - -// Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding. -#Role: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this Role - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) -} - -// RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. -// It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given -// namespace only have effect in that namespace. -#RoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// RoleBindingList is a collection of RoleBindings -#RoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of RoleBindings - items: [...#RoleBinding] @go(Items,[]RoleBinding) @protobuf(2,bytes,rep) -} - -// RoleList is a collection of Roles -#RoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of Roles - items: [...#Role] @go(Items,[]Role) @protobuf(2,bytes,rep) -} - -// ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding. -#ClusterRole: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Rules holds all the PolicyRules for this ClusterRole - // +optional - rules: [...#PolicyRule] @go(Rules,[]PolicyRule) @protobuf(2,bytes,rep) - - // AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. - // If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be - // stomped by the controller. - // +optional - aggregationRule?: null | #AggregationRule @go(AggregationRule,*AggregationRule) @protobuf(3,bytes,opt) -} - -// AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole -#AggregationRule: { - // ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. - // If any of the selectors match, then the ClusterRole's permissions will be added - // +optional - clusterRoleSelectors?: [...metav1.#LabelSelector] @go(ClusterRoleSelectors,[]metav1.LabelSelector) @protobuf(1,bytes,rep) -} - -// ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, -// and adds who information via Subject. -#ClusterRoleBinding: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // Subjects holds references to the objects the role applies to. - // +optional - subjects?: [...#Subject] @go(Subjects,[]Subject) @protobuf(2,bytes,rep) - - // RoleRef can only reference a ClusterRole in the global namespace. - // If the RoleRef cannot be resolved, the Authorizer must return an error. - // This field is immutable. - roleRef: #RoleRef @go(RoleRef) @protobuf(3,bytes,opt) -} - -// ClusterRoleBindingList is a collection of ClusterRoleBindings -#ClusterRoleBindingList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoleBindings - items: [...#ClusterRoleBinding] @go(Items,[]ClusterRoleBinding) @protobuf(2,bytes,rep) -} - -// ClusterRoleList is a collection of ClusterRoles -#ClusterRoleList: { - metav1.#TypeMeta - - // Standard object's metadata. - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Items is a list of ClusterRoles - items: [...#ClusterRole] @go(Items,[]ClusterRole) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue deleted file mode 100644 index 8cc2b5f2..00000000 --- a/test/cue.mod/gen/k8s.io/api/scheduling/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/scheduling/v1 - -package v1 - -#GroupName: "scheduling.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue deleted file mode 100644 index 1d8f9574..00000000 --- a/test/cue.mod/gen/k8s.io/api/scheduling/v1/types_go_gen.cue +++ /dev/null @@ -1,57 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/scheduling/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - apiv1 "k8s.io/api/core/v1" -) - -// PriorityClass defines mapping from a priority class name to the priority -// integer value. The value can be any valid integer. -#PriorityClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // value represents the integer value of this priority class. This is the actual priority that pods - // receive when they have the name of this class in their pod spec. - value: int32 @go(Value) @protobuf(2,bytes,opt) - - // globalDefault specifies whether this PriorityClass should be considered as - // the default priority for pods that do not have any priority class. - // Only one PriorityClass can be marked as `globalDefault`. However, if more than - // one PriorityClasses exists with their `globalDefault` field set to true, - // the smallest value of such global default PriorityClasses will be used as the default priority. - // +optional - globalDefault?: bool @go(GlobalDefault) @protobuf(3,bytes,opt) - - // description is an arbitrary string that usually provides guidelines on - // when this priority class should be used. - // +optional - description?: string @go(Description) @protobuf(4,bytes,opt) - - // preemptionPolicy is the Policy for preempting pods with lower priority. - // One of Never, PreemptLowerPriority. - // Defaults to PreemptLowerPriority if unset. - // +optional - preemptionPolicy?: null | apiv1.#PreemptionPolicy @go(PreemptionPolicy,*apiv1.PreemptionPolicy) @protobuf(5,bytes,opt) -} - -// PriorityClassList is a collection of priority classes. -#PriorityClassList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of PriorityClasses - items: [...#PriorityClass] @go(Items,[]PriorityClass) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue deleted file mode 100644 index 641ce60c..00000000 --- a/test/cue.mod/gen/k8s.io/api/storage/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/storage/v1 - -package v1 - -#GroupName: "storage.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue deleted file mode 100644 index b5158650..00000000 --- a/test/cue.mod/gen/k8s.io/api/storage/v1/types_go_gen.cue +++ /dev/null @@ -1,652 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/api/storage/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" -) - -// StorageClass describes the parameters for a class of storage for -// which PersistentVolumes can be dynamically provisioned. -// -// StorageClasses are non-namespaced; the name of the storage class -// according to etcd is in ObjectMeta.Name. -#StorageClass: { - metav1.#TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // provisioner indicates the type of the provisioner. - provisioner: string @go(Provisioner) @protobuf(2,bytes,opt) - - // parameters holds the parameters for the provisioner that should - // create volumes of this storage class. - // +optional - parameters?: {[string]: string} @go(Parameters,map[string]string) @protobuf(3,bytes,rep) - - // reclaimPolicy controls the reclaimPolicy for dynamically provisioned PersistentVolumes of this storage class. - // Defaults to Delete. - // +optional - reclaimPolicy?: null | v1.#PersistentVolumeReclaimPolicy @go(ReclaimPolicy,*v1.PersistentVolumeReclaimPolicy) @protobuf(4,bytes,opt,casttype=k8s.io/api/core/v1.PersistentVolumeReclaimPolicy) - - // mountOptions controls the mountOptions for dynamically provisioned PersistentVolumes of this storage class. - // e.g. ["ro", "soft"]. Not validated - - // mount of the PVs will simply fail if one is invalid. - // +optional - mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(5,bytes,opt) - - // allowVolumeExpansion shows whether the storage class allow volume expand. - // +optional - allowVolumeExpansion?: null | bool @go(AllowVolumeExpansion,*bool) @protobuf(6,varint,opt) - - // volumeBindingMode indicates how PersistentVolumeClaims should be - // provisioned and bound. When unset, VolumeBindingImmediate is used. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - volumeBindingMode?: null | #VolumeBindingMode @go(VolumeBindingMode,*VolumeBindingMode) @protobuf(7,bytes,opt) - - // allowedTopologies restrict the node topologies where volumes can be dynamically provisioned. - // Each volume plugin defines its own supported topology specifications. - // An empty TopologySelectorTerm list means there is no topology restriction. - // This field is only honored by servers that enable the VolumeScheduling feature. - // +optional - // +listType=atomic - allowedTopologies?: [...v1.#TopologySelectorTerm] @go(AllowedTopologies,[]v1.TopologySelectorTerm) @protobuf(8,bytes,rep) -} - -// StorageClassList is a collection of storage classes. -#StorageClassList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of StorageClasses - items: [...#StorageClass] @go(Items,[]StorageClass) @protobuf(2,bytes,rep) -} - -// VolumeBindingMode indicates how PersistentVolumeClaims should be bound. -// +enum -#VolumeBindingMode: string // #enumVolumeBindingMode - -#enumVolumeBindingMode: - #VolumeBindingImmediate | - #VolumeBindingWaitForFirstConsumer - -// VolumeBindingImmediate indicates that PersistentVolumeClaims should be -// immediately provisioned and bound. This is the default mode. -#VolumeBindingImmediate: #VolumeBindingMode & "Immediate" - -// VolumeBindingWaitForFirstConsumer indicates that PersistentVolumeClaims -// should not be provisioned and bound until the first Pod is created that -// references the PeristentVolumeClaim. The volume provisioning and -// binding will occur during Pod scheduing. -#VolumeBindingWaitForFirstConsumer: #VolumeBindingMode & "WaitForFirstConsumer" - -// VolumeAttachment captures the intent to attach or detach the specified volume -// to/from the specified node. -// -// VolumeAttachment objects are non-namespaced. -#VolumeAttachment: { - metav1.#TypeMeta - - // Standard object metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents specification of the desired attach/detach volume behavior. - // Populated by the Kubernetes system. - spec: #VolumeAttachmentSpec @go(Spec) @protobuf(2,bytes,opt) - - // status represents status of the VolumeAttachment request. - // Populated by the entity completing the attach or detach - // operation, i.e. the external-attacher. - // +optional - status?: #VolumeAttachmentStatus @go(Status) @protobuf(3,bytes,opt) -} - -// VolumeAttachmentList is a collection of VolumeAttachment objects. -#VolumeAttachmentList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of VolumeAttachments - items: [...#VolumeAttachment] @go(Items,[]VolumeAttachment) @protobuf(2,bytes,rep) -} - -// VolumeAttachmentSpec is the specification of a VolumeAttachment request. -#VolumeAttachmentSpec: { - // attacher indicates the name of the volume driver that MUST handle this - // request. This is the name returned by GetPluginName(). - attacher: string @go(Attacher) @protobuf(1,bytes,opt) - - // source represents the volume that should be attached. - source: #VolumeAttachmentSource @go(Source) @protobuf(2,bytes,opt) - - // nodeName represents the node that the volume should be attached to. - nodeName: string @go(NodeName) @protobuf(3,bytes,opt) -} - -// VolumeAttachmentSource represents a volume that should be attached. -// Right now only PersistenVolumes can be attached via external attacher, -// in future we may allow also inline volumes in pods. -// Exactly one member can be set. -#VolumeAttachmentSource: { - // persistentVolumeName represents the name of the persistent volume to attach. - // +optional - persistentVolumeName?: null | string @go(PersistentVolumeName,*string) @protobuf(1,bytes,opt) - - // inlineVolumeSpec contains all the information necessary to attach - // a persistent volume defined by a pod's inline VolumeSource. This field - // is populated only for the CSIMigration feature. It contains - // translated fields from a pod's inline VolumeSource to a - // PersistentVolumeSpec. This field is beta-level and is only - // honored by servers that enabled the CSIMigration feature. - // +optional - inlineVolumeSpec?: null | v1.#PersistentVolumeSpec @go(InlineVolumeSpec,*v1.PersistentVolumeSpec) @protobuf(2,bytes,opt) -} - -// VolumeAttachmentStatus is the status of a VolumeAttachment request. -#VolumeAttachmentStatus: { - // attached indicates the volume is successfully attached. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - attached: bool @go(Attached) @protobuf(1,varint,opt) - - // attachmentMetadata is populated with any - // information returned by the attach operation, upon successful attach, that must be passed - // into subsequent WaitForAttach or Mount calls. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - attachmentMetadata?: {[string]: string} @go(AttachmentMetadata,map[string]string) @protobuf(2,bytes,rep) - - // attachError represents the last error encountered during attach operation, if any. - // This field must only be set by the entity completing the attach - // operation, i.e. the external-attacher. - // +optional - attachError?: null | #VolumeError @go(AttachError,*VolumeError) @protobuf(3,bytes,opt,casttype=VolumeError) - - // detachError represents the last error encountered during detach operation, if any. - // This field must only be set by the entity completing the detach - // operation, i.e. the external-attacher. - // +optional - detachError?: null | #VolumeError @go(DetachError,*VolumeError) @protobuf(4,bytes,opt,casttype=VolumeError) -} - -// VolumeError captures an error encountered during a volume operation. -#VolumeError: { - // time represents the time the error was encountered. - // +optional - time?: metav1.#Time @go(Time) @protobuf(1,bytes,opt) - - // message represents the error encountered during Attach or Detach operation. - // This string may be logged, so it should not contain sensitive - // information. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) -} - -// CSIDriver captures information about a Container Storage Interface (CSI) -// volume driver deployed on the cluster. -// Kubernetes attach detach controller uses this object to determine whether attach is required. -// Kubelet uses this object to determine whether pod information needs to be passed on mount. -// CSIDriver objects are non-namespaced. -#CSIDriver: { - metav1.#TypeMeta - - // Standard object metadata. - // metadata.Name indicates the name of the CSI driver that this object - // refers to; it MUST be the same name returned by the CSI GetPluginName() - // call for that driver. - // The driver name must be 63 characters or less, beginning and ending with - // an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and - // alphanumerics between. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec represents the specification of the CSI Driver. - spec: #CSIDriverSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CSIDriverList is a collection of CSIDriver objects. -#CSIDriverList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSIDriver - items: [...#CSIDriver] @go(Items,[]CSIDriver) @protobuf(2,bytes,rep) -} - -// CSIDriverSpec is the specification of a CSIDriver. -#CSIDriverSpec: { - // attachRequired indicates this CSI volume driver requires an attach - // operation (because it implements the CSI ControllerPublishVolume() - // method), and that the Kubernetes attach detach controller should call - // the attach volume interface which checks the volumeattachment status - // and waits until the volume is attached before proceeding to mounting. - // The CSI external-attacher coordinates with CSI volume driver and updates - // the volumeattachment status when the attach operation is complete. - // If the CSIDriverRegistry feature gate is enabled and the value is - // specified to false, the attach operation will be skipped. - // Otherwise the attach operation will be called. - // - // This field is immutable. - // - // +optional - attachRequired?: null | bool @go(AttachRequired,*bool) @protobuf(1,varint,opt) - - // podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) - // during mount operations, if set to true. - // If set to false, pod information will not be passed on mount. - // Default is false. - // - // The CSI driver specifies podInfoOnMount as part of driver deployment. - // If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. - // The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. - // - // The following VolumeConext will be passed if podInfoOnMount is set to true. - // This list might grow, but the prefix will be used. - // "csi.storage.k8s.io/pod.name": pod.Name - // "csi.storage.k8s.io/pod.namespace": pod.Namespace - // "csi.storage.k8s.io/pod.uid": string(pod.UID) - // "csi.storage.k8s.io/ephemeral": "true" if the volume is an ephemeral inline volume - // defined by a CSIVolumeSource, otherwise "false" - // - // "csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only - // required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. - // Other drivers can leave pod info disabled and/or ignore this field. - // As Kubernetes 1.15 doesn't support this field, drivers can only support one mode when - // deployed on such a cluster and the deployment determines which mode that is, for example - // via a command line parameter of the driver. - // - // This field is immutable. - // - // +optional - podInfoOnMount?: null | bool @go(PodInfoOnMount,*bool) @protobuf(2,bytes,opt) - - // volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. - // The default if the list is empty is "Persistent", which is the usage defined by the - // CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. - // - // The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec - // with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. - // A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. - // - // For more information about implementing this mode, see - // https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html - // A driver can support one or more of these modes and more modes may be added in the future. - // - // This field is beta. - // This field is immutable. - // - // +optional - // +listType=set - volumeLifecycleModes?: [...#VolumeLifecycleMode] @go(VolumeLifecycleModes,[]VolumeLifecycleMode) @protobuf(3,bytes,opt) - - // storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage - // capacity that the driver deployment will report by creating - // CSIStorageCapacity objects with capacity information, if set to true. - // - // The check can be enabled immediately when deploying a driver. - // In that case, provisioning new volumes with late binding - // will pause until the driver deployment has published - // some suitable CSIStorageCapacity object. - // - // Alternatively, the driver can be deployed with the field - // unset or false and it can be flipped later when storage - // capacity information has been published. - // - // This field was immutable in Kubernetes <= 1.22 and now is mutable. - // - // +optional - // +featureGate=CSIStorageCapacity - storageCapacity?: null | bool @go(StorageCapacity,*bool) @protobuf(4,bytes,opt) - - // fsGroupPolicy defines if the underlying volume supports changing ownership and - // permission of the volume before being mounted. - // Refer to the specific FSGroupPolicy values for additional details. - // - // This field is immutable. - // - // Defaults to ReadWriteOnceWithFSType, which will examine each volume - // to determine if Kubernetes should modify ownership and permissions of the volume. - // With the default policy the defined fsGroup will only be applied - // if a fstype is defined and the volume's access mode contains ReadWriteOnce. - // - // +optional - fsGroupPolicy?: null | #FSGroupPolicy @go(FSGroupPolicy,*FSGroupPolicy) @protobuf(5,bytes,opt) - - // tokenRequests indicates the CSI driver needs pods' service account - // tokens it is mounting volume for to do necessary authentication. Kubelet - // will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. - // The CSI driver should parse and validate the following VolumeContext: - // "csi.storage.k8s.io/serviceAccount.tokens": { - // "": { - // "token": , - // "expirationTimestamp": , - // }, - // ... - // } - // - // Note: Audience in each TokenRequest should be different and at - // most one token is empty string. To receive a new token after expiry, - // RequiresRepublish can be used to trigger NodePublishVolume periodically. - // - // +optional - // +listType=atomic - tokenRequests?: [...#TokenRequest] @go(TokenRequests,[]TokenRequest) @protobuf(6,bytes,opt) - - // requiresRepublish indicates the CSI driver wants `NodePublishVolume` - // being periodically called to reflect any possible change in the mounted - // volume. This field defaults to false. - // - // Note: After a successful initial NodePublishVolume call, subsequent calls - // to NodePublishVolume should only update the contents of the volume. New - // mount points will not be seen by a running container. - // - // +optional - requiresRepublish?: null | bool @go(RequiresRepublish,*bool) @protobuf(7,varint,opt) - - // seLinuxMount specifies if the CSI driver supports "-o context" - // mount option. - // - // When "true", the CSI driver must ensure that all volumes provided by this CSI - // driver can be mounted separately with different `-o context` options. This is - // typical for storage backends that provide volumes as filesystems on block - // devices or as independent shared volumes. - // Kubernetes will call NodeStage / NodePublish with "-o context=xyz" mount - // option when mounting a ReadWriteOncePod volume used in Pod that has - // explicitly set SELinux context. In the future, it may be expanded to other - // volume AccessModes. In any case, Kubernetes will ensure that the volume is - // mounted only with a single SELinux context. - // - // When "false", Kubernetes won't pass any special SELinux mount options to the driver. - // This is typical for volumes that represent subdirectories of a bigger shared filesystem. - // - // Default is "false". - // - // +featureGate=SELinuxMountReadWriteOncePod - // +optional - seLinuxMount?: null | bool @go(SELinuxMount,*bool) @protobuf(8,varint,opt) -} - -// FSGroupPolicy specifies if a CSI Driver supports modifying -// volume ownership and permissions of the volume to be mounted. -// More modes may be added in the future. -#FSGroupPolicy: string // #enumFSGroupPolicy - -#enumFSGroupPolicy: - #ReadWriteOnceWithFSTypeFSGroupPolicy | - #FileFSGroupPolicy | - #NoneFSGroupPolicy - -// ReadWriteOnceWithFSTypeFSGroupPolicy indicates that each volume will be examined -// to determine if the volume ownership and permissions -// should be modified. If a fstype is defined and the volume's access mode -// contains ReadWriteOnce, then the defined fsGroup will be applied. -// This mode should be defined if it's expected that the -// fsGroup may need to be modified depending on the pod's SecurityPolicy. -// This is the default behavior if no other FSGroupPolicy is defined. -#ReadWriteOnceWithFSTypeFSGroupPolicy: #FSGroupPolicy & "ReadWriteOnceWithFSType" - -// FileFSGroupPolicy indicates that CSI driver supports volume ownership -// and permission change via fsGroup, and Kubernetes will change the permissions -// and ownership of every file in the volume to match the user requested fsGroup in -// the pod's SecurityPolicy regardless of fstype or access mode. -// Use this mode if Kubernetes should modify the permissions and ownership -// of the volume. -#FileFSGroupPolicy: #FSGroupPolicy & "File" - -// NoneFSGroupPolicy indicates that volumes will be mounted without performing -// any ownership or permission modifications, as the CSIDriver does not support -// these operations. -// This mode should be selected if the CSIDriver does not support fsGroup modifications, -// for example when Kubernetes cannot change ownership and permissions on a volume due -// to root-squash settings on a NFS volume. -#NoneFSGroupPolicy: #FSGroupPolicy & "None" - -// VolumeLifecycleMode is an enumeration of possible usage modes for a volume -// provided by a CSI driver. More modes may be added in the future. -#VolumeLifecycleMode: string // #enumVolumeLifecycleMode - -#enumVolumeLifecycleMode: - #VolumeLifecyclePersistent | - #VolumeLifecycleEphemeral - -// TokenRequest contains parameters of a service account token. -#TokenRequest: { - // audience is the intended audience of the token in "TokenRequestSpec". - // It will default to the audiences of kube apiserver. - audience: string @go(Audience) @protobuf(1,bytes,opt) - - // expirationSeconds is the duration of validity of the token in "TokenRequestSpec". - // It has the same default value of "ExpirationSeconds" in "TokenRequestSpec". - // - // +optional - expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) -} - -// VolumeLifecyclePersistent explicitly confirms that the driver implements -// the full CSI spec. It is the default when CSIDriverSpec.VolumeLifecycleModes is not -// set. Such volumes are managed in Kubernetes via the persistent volume -// claim mechanism and have a lifecycle that is independent of the pods which -// use them. -#VolumeLifecyclePersistent: #VolumeLifecycleMode & "Persistent" - -// VolumeLifecycleEphemeral indicates that the driver can be used for -// ephemeral inline volumes. Such volumes are specified inside the pod -// spec with a CSIVolumeSource and, as far as Kubernetes is concerned, have -// a lifecycle that is tied to the lifecycle of the pod. For example, such -// a volume might contain data that gets created specifically for that pod, -// like secrets. -// But how the volume actually gets created and managed is entirely up to -// the driver. It might also use reference counting to share the same volume -// instance among different pods if the CSIVolumeSource of those pods is -// identical. -#VolumeLifecycleEphemeral: #VolumeLifecycleMode & "Ephemeral" - -// CSINode holds information about all CSI drivers installed on a node. -// CSI drivers do not need to create the CSINode object directly. As long as -// they use the node-driver-registrar sidecar container, the kubelet will -// automatically populate the CSINode object for the CSI driver as part of -// kubelet plugin registration. -// CSINode has the same name as a node. If the object is missing, it means either -// there are no CSI Drivers available on the node, or the Kubelet version is low -// enough that it doesn't create this object. -// CSINode has an OwnerReference that points to the corresponding node object. -#CSINode: { - metav1.#TypeMeta - - // Standard object's metadata. - // metadata.name must be the Kubernetes node name. - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec is the specification of CSINode - spec: #CSINodeSpec @go(Spec) @protobuf(2,bytes,opt) -} - -// CSINodeSpec holds information about the specification of all CSI drivers installed on a node -#CSINodeSpec: { - // drivers is a list of information of all CSI Drivers existing on a node. - // If all drivers in the list are uninstalled, this can become empty. - // +patchMergeKey=name - // +patchStrategy=merge - drivers: [...#CSINodeDriver] @go(Drivers,[]CSINodeDriver) @protobuf(1,bytes,rep) -} - -// CSINodeDriver holds information about the specification of one CSI driver installed on a node -#CSINodeDriver: { - // name represents the name of the CSI driver that this object refers to. - // This MUST be the same name returned by the CSI GetPluginName() call for - // that driver. - name: string @go(Name) @protobuf(1,bytes,opt) - - // nodeID of the node from the driver point of view. - // This field enables Kubernetes to communicate with storage systems that do - // not share the same nomenclature for nodes. For example, Kubernetes may - // refer to a given node as "node1", but the storage system may refer to - // the same node as "nodeA". When Kubernetes issues a command to the storage - // system to attach a volume to a specific node, it can use this field to - // refer to the node name using the ID that the storage system will - // understand, e.g. "nodeA" instead of "node1". This field is required. - nodeID: string @go(NodeID) @protobuf(2,bytes,opt) - - // topologyKeys is the list of keys supported by the driver. - // When a driver is initialized on a cluster, it provides a set of topology - // keys that it understands (e.g. "company.com/zone", "company.com/region"). - // When a driver is initialized on a node, it provides the same topology keys - // along with values. Kubelet will expose these topology keys as labels - // on its own node object. - // When Kubernetes does topology aware provisioning, it can use this list to - // determine which labels it should retrieve from the node object and pass - // back to the driver. - // It is possible for different nodes to use different topology keys. - // This can be empty if driver does not support topology. - // +optional - topologyKeys: [...string] @go(TopologyKeys,[]string) @protobuf(3,bytes,rep) - - // allocatable represents the volume resources of a node that are available for scheduling. - // This field is beta. - // +optional - allocatable?: null | #VolumeNodeResources @go(Allocatable,*VolumeNodeResources) @protobuf(4,bytes,opt) -} - -// VolumeNodeResources is a set of resource limits for scheduling of volumes. -#VolumeNodeResources: { - // count indicates the maximum number of unique volumes managed by the CSI driver that can be used on a node. - // A volume that is both attached and mounted on a node is considered to be used once, not twice. - // The same rule applies for a unique volume that is shared among multiple pods on the same node. - // If this field is not specified, then the supported number of volumes on this node is unbounded. - // +optional - count?: null | int32 @go(Count,*int32) @protobuf(1,varint,opt) -} - -// CSINodeList is a collection of CSINode objects. -#CSINodeList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSINode - items: [...#CSINode] @go(Items,[]CSINode) @protobuf(2,bytes,rep) -} - -// CSIStorageCapacity stores the result of one CSI GetCapacity call. -// For a given StorageClass, this describes the available capacity in a -// particular topology segment. This can be used when considering where to -// instantiate new PersistentVolumes. -// -// For example this can express things like: -// - StorageClass "standard" has "1234 GiB" available in "topology.kubernetes.io/zone=us-east1" -// - StorageClass "localssd" has "10 GiB" available in "kubernetes.io/hostname=knode-abc123" -// -// The following three cases all imply that no capacity is available for -// a certain combination: -// - no object exists with suitable topology and storage class name -// - such an object exists, but the capacity is unset -// - such an object exists, but the capacity is zero -// -// The producer of these objects can decide which approach is more suitable. -// -// They are consumed by the kube-scheduler when a CSI driver opts into -// capacity-aware scheduling with CSIDriverSpec.StorageCapacity. The scheduler -// compares the MaximumVolumeSize against the requested size of pending volumes -// to filter out unsuitable nodes. If MaximumVolumeSize is unset, it falls back -// to a comparison against the less precise Capacity. If that is also unset, -// the scheduler assumes that capacity is insufficient and tries some other -// node. -#CSIStorageCapacity: { - metav1.#TypeMeta - - // Standard object's metadata. - // The name has no particular meaning. It must be a DNS subdomain (dots allowed, 253 characters). - // To ensure that there are no conflicts with other CSI drivers on the cluster, - // the recommendation is to use csisc-, a generated name, or a reverse-domain name - // which ends with the unique CSI driver name. - // - // Objects are namespaced. - // - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // nodeTopology defines which nodes have access to the storage - // for which capacity was reported. If not set, the storage is - // not accessible from any node in the cluster. If empty, the - // storage is accessible from all nodes. This field is - // immutable. - // - // +optional - nodeTopology?: null | metav1.#LabelSelector @go(NodeTopology,*metav1.LabelSelector) @protobuf(2,bytes,opt) - - // storageClassName represents the name of the StorageClass that the reported capacity applies to. - // It must meet the same requirements as the name of a StorageClass - // object (non-empty, DNS subdomain). If that object no longer exists, - // the CSIStorageCapacity object is obsolete and should be removed by its - // creator. - // This field is immutable. - storageClassName: string @go(StorageClassName) @protobuf(3,bytes) - - // capacity is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // The semantic is currently (CSI spec 1.2) defined as: - // The available capacity, in bytes, of the storage that can be used - // to provision volumes. If not set, that information is currently - // unavailable. - // - // +optional - capacity?: null | resource.#Quantity @go(Capacity,*resource.Quantity) @protobuf(4,bytes,opt) - - // maximumVolumeSize is the value reported by the CSI driver in its GetCapacityResponse - // for a GetCapacityRequest with topology and parameters that match the - // previous fields. - // - // This is defined since CSI spec 1.4.0 as the largest size - // that may be used in a - // CreateVolumeRequest.capacity_range.required_bytes field to - // create a volume with the same parameters as those in - // GetCapacityRequest. The corresponding value in the Kubernetes - // API is ResourceRequirements.Requests in a volume claim. - // - // +optional - maximumVolumeSize?: null | resource.#Quantity @go(MaximumVolumeSize,*resource.Quantity) @protobuf(5,bytes,opt) -} - -// CSIStorageCapacityList is a collection of CSIStorageCapacity objects. -#CSIStorageCapacityList: { - metav1.#TypeMeta - - // Standard list metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items is the list of CSIStorageCapacity objects. - // +listType=map - // +listMapKey=name - items: [...#CSIStorageCapacity] @go(Items,[]CSIStorageCapacity) @protobuf(2,bytes,rep) -} diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue deleted file mode 100644 index 083aa825..00000000 --- a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -// Package v1 is the v1 version of the API. -package v1 diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue deleted file mode 100644 index c4ce800f..00000000 --- a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/register_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -#GroupName: "apiextensions.k8s.io" diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue deleted file mode 100644 index b938c8ba..00000000 --- a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_go_gen.cue +++ /dev/null @@ -1,513 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// ConversionStrategyType describes different conversion types. -#ConversionStrategyType: string // #enumConversionStrategyType - -#enumConversionStrategyType: - #NoneConverter | - #WebhookConverter - -// KubeAPIApprovedAnnotation is an annotation that must be set to create a CRD for the k8s.io, *.k8s.io, kubernetes.io, or *.kubernetes.io namespaces. -// The value should be a link to a URL where the current spec was approved, so updates to the spec should also update the URL. -// If the API is unapproved, you may set the annotation to a string starting with `"unapproved"`. For instance, `"unapproved, temporarily squatting"` or `"unapproved, experimental-only"`. This is discouraged. -#KubeAPIApprovedAnnotation: "api-approved.kubernetes.io" - -// NoneConverter is a converter that only sets apiversion of the CR and leave everything else unchanged. -#NoneConverter: #ConversionStrategyType & "None" - -// WebhookConverter is a converter that calls to an external webhook to convert the CR. -#WebhookConverter: #ConversionStrategyType & "Webhook" - -// CustomResourceDefinitionSpec describes how a user wants their resource to appear -#CustomResourceDefinitionSpec: { - // group is the API group of the defined custom resource. - // The custom resources are served under `/apis//...`. - // Must match the name of the CustomResourceDefinition (in the form `.`). - group: string @go(Group) @protobuf(1,bytes,opt) - - // names specify the resource and kind names for the custom resource. - names: #CustomResourceDefinitionNames @go(Names) @protobuf(3,bytes,opt) - - // scope indicates whether the defined custom resource is cluster- or namespace-scoped. - // Allowed values are `Cluster` and `Namespaced`. - scope: #ResourceScope @go(Scope) @protobuf(4,bytes,opt,casttype=ResourceScope) - - // versions is the list of all API versions of the defined custom resource. - // Version names are used to compute the order in which served versions are listed in API discovery. - // If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered - // lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), - // then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first - // by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing - // major version, then minor version. An example sorted list of versions: - // v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10. - versions: [...#CustomResourceDefinitionVersion] @go(Versions,[]CustomResourceDefinitionVersion) @protobuf(7,bytes,rep) - - // conversion defines conversion settings for the CRD. - // +optional - conversion?: null | #CustomResourceConversion @go(Conversion,*CustomResourceConversion) @protobuf(9,bytes,opt) - - // preserveUnknownFields indicates that object fields which are not specified - // in the OpenAPI schema should be preserved when persisting to storage. - // apiVersion, kind, metadata and known fields inside metadata are always preserved. - // This field is deprecated in favor of setting `x-preserve-unknown-fields` to true in `spec.versions[*].schema.openAPIV3Schema`. - // See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning for details. - // +optional - preserveUnknownFields?: bool @go(PreserveUnknownFields) @protobuf(10,varint,opt) -} - -// CustomResourceConversion describes how to convert different versions of a CR. -#CustomResourceConversion: { - // strategy specifies how custom resources are converted between versions. Allowed values are: - // - `"None"`: The converter only change the apiVersion and would not touch any other field in the custom resource. - // - `"Webhook"`: API Server will call to an external webhook to do the conversion. Additional information - // is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set. - strategy: #ConversionStrategyType @go(Strategy) @protobuf(1,bytes) - - // webhook describes how to call the conversion webhook. Required when `strategy` is set to `"Webhook"`. - // +optional - webhook?: null | #WebhookConversion @go(Webhook,*WebhookConversion) @protobuf(2,bytes,opt) -} - -// WebhookConversion describes how to call a conversion webhook -#WebhookConversion: { - // clientConfig is the instructions for how to call the webhook if strategy is `Webhook`. - // +optional - clientConfig?: null | #WebhookClientConfig @go(ClientConfig,*WebhookClientConfig) @protobuf(2,bytes) - - // conversionReviewVersions is an ordered list of preferred `ConversionReview` - // versions the Webhook expects. The API server will use the first version in - // the list which it supports. If none of the versions specified in this list - // are supported by API server, conversion will fail for the custom resource. - // If a persisted Webhook configuration specifies allowed versions and does not - // include any versions known to the API Server, calls to the webhook will fail. - conversionReviewVersions: [...string] @go(ConversionReviewVersions,[]string) @protobuf(3,bytes,rep) -} - -// WebhookClientConfig contains the information to make a TLS connection with the webhook. -#WebhookClientConfig: { - // url gives the location of the webhook, in standard URL form - // (`scheme://host:port/path`). Exactly one of `url` or `service` - // must be specified. - // - // The `host` should not refer to a service running in the cluster; use - // the `service` field instead. The host might be resolved via external - // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve - // in-cluster DNS as that would be a layering violation). `host` may - // also be an IP address. - // - // Please note that using `localhost` or `127.0.0.1` as a `host` is - // risky unless you take great care to run this webhook on all hosts - // which run an apiserver which might need to make calls to this - // webhook. Such installs are likely to be non-portable, i.e., not easy - // to turn up in a new cluster. - // - // The scheme must be "https"; the URL must begin with "https://". - // - // A path is optional, and if present may be any string permissible in - // a URL. You may use the path to pass an arbitrary string to the - // webhook, for example, a cluster identifier. - // - // Attempting to use a user or basic auth e.g. "user:password@" is not - // allowed. Fragments ("#...") and query parameters ("?...") are not - // allowed, either. - // - // +optional - url?: null | string @go(URL,*string) @protobuf(3,bytes,opt) - - // service is a reference to the service for this webhook. Either - // service or url must be specified. - // - // If the webhook is running within the cluster, then you should use `service`. - // - // +optional - service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt) - - // caBundle is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. - // If unspecified, system trust roots on the apiserver are used. - // +optional - caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt) -} - -// ServiceReference holds a reference to Service.legacy.k8s.io -#ServiceReference: { - // namespace is the namespace of the service. - // Required - namespace: string @go(Namespace) @protobuf(1,bytes,opt) - - // name is the name of the service. - // Required - name: string @go(Name) @protobuf(2,bytes,opt) - - // path is an optional URL path at which the webhook will be contacted. - // +optional - path?: null | string @go(Path,*string) @protobuf(3,bytes,opt) - - // port is an optional service port at which the webhook will be contacted. - // `port` should be a valid port number (1-65535, inclusive). - // Defaults to 443 for backward compatibility. - // +optional - port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt) -} - -// CustomResourceDefinitionVersion describes a version for CRD. -#CustomResourceDefinitionVersion: { - // name is the version name, e.g. “v1”, “v2beta1”, etc. - // The custom resources are served under this version at `/apis///...` if `served` is true. - name: string @go(Name) @protobuf(1,bytes,opt) - - // served is a flag enabling/disabling this version from being served via REST APIs - served: bool @go(Served) @protobuf(2,varint,opt) - - // storage indicates this version should be used when persisting custom resources to storage. - // There must be exactly one version with storage=true. - storage: bool @go(Storage) @protobuf(3,varint,opt) - - // deprecated indicates this version of the custom resource API is deprecated. - // When set to true, API requests to this version receive a warning header in the server response. - // Defaults to false. - // +optional - deprecated?: bool @go(Deprecated) @protobuf(7,varint,opt) - - // deprecationWarning overrides the default warning returned to API clients. - // May only be set when `deprecated` is true. - // The default warning indicates this version is deprecated and recommends use - // of the newest served version of equal or greater stability, if one exists. - // +optional - deprecationWarning?: null | string @go(DeprecationWarning,*string) @protobuf(8,bytes,opt) - - // schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource. - // +optional - schema?: null | #CustomResourceValidation @go(Schema,*CustomResourceValidation) @protobuf(4,bytes,opt) - - // subresources specify what subresources this version of the defined custom resource have. - // +optional - subresources?: null | #CustomResourceSubresources @go(Subresources,*CustomResourceSubresources) @protobuf(5,bytes,opt) - - // additionalPrinterColumns specifies additional columns returned in Table output. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. - // If no columns are specified, a single column displaying the age of the custom resource is used. - // +optional - additionalPrinterColumns?: [...#CustomResourceColumnDefinition] @go(AdditionalPrinterColumns,[]CustomResourceColumnDefinition) @protobuf(6,bytes,rep) -} - -// CustomResourceColumnDefinition specifies a column for server side printing. -#CustomResourceColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) @protobuf(1,bytes,opt) - - // type is an OpenAPI type definition for this column. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. - type: string @go(Type) @protobuf(2,bytes,opt) - - // format is an optional OpenAPI type definition for this column. The 'name' format is applied - // to the primary identifier column to assist in clients identifying column is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details. - // +optional - format?: string @go(Format) @protobuf(3,bytes,opt) - - // description is a human readable description of this column. - // +optional - description?: string @go(Description) @protobuf(4,bytes,opt) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a priority greater than 0. - // +optional - priority?: int32 @go(Priority) @protobuf(5,bytes,opt) - - // jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against - // each custom resource to produce the value for this column. - jsonPath: string @go(JSONPath) @protobuf(6,bytes,opt) -} - -// CustomResourceDefinitionNames indicates the names to serve this CustomResourceDefinition -#CustomResourceDefinitionNames: { - // plural is the plural name of the resource to serve. - // The custom resources are served under `/apis///.../`. - // Must match the name of the CustomResourceDefinition (in the form `.`). - // Must be all lowercase. - plural: string @go(Plural) @protobuf(1,bytes,opt) - - // singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased `kind`. - // +optional - singular?: string @go(Singular) @protobuf(2,bytes,opt) - - // shortNames are short names for the resource, exposed in API discovery documents, - // and used by clients to support invocations like `kubectl get `. - // It must be all lowercase. - // +optional - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(3,bytes,opt) - - // kind is the serialized kind of the resource. It is normally CamelCase and singular. - // Custom resource instances will use this value as the `kind` attribute in API calls. - kind: string @go(Kind) @protobuf(4,bytes,opt) - - // listKind is the serialized kind of the list for this resource. Defaults to "`kind`List". - // +optional - listKind?: string @go(ListKind) @protobuf(5,bytes,opt) - - // categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). - // This is published in API discovery documents, and used by clients to support invocations like - // `kubectl get all`. - // +optional - categories?: [...string] @go(Categories,[]string) @protobuf(6,bytes,rep) -} - -// ResourceScope is an enum defining the different scopes available to a custom resource -#ResourceScope: string // #enumResourceScope - -#enumResourceScope: - #ClusterScoped | - #NamespaceScoped - -#ClusterScoped: #ResourceScope & "Cluster" -#NamespaceScoped: #ResourceScope & "Namespaced" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// CustomResourceDefinitionConditionType is a valid value for CustomResourceDefinitionCondition.Type -#CustomResourceDefinitionConditionType: string // #enumCustomResourceDefinitionConditionType - -#enumCustomResourceDefinitionConditionType: - #Established | - #NamesAccepted | - #NonStructuralSchema | - #Terminating | - #KubernetesAPIApprovalPolicyConformant - -// Established means that the resource has become active. A resource is established when all names are -// accepted without a conflict for the first time. A resource stays established until deleted, even during -// a later NamesAccepted due to changed names. Note that not all names can be changed. -#Established: #CustomResourceDefinitionConditionType & "Established" - -// NamesAccepted means the names chosen for this CustomResourceDefinition do not conflict with others in -// the group and are therefore accepted. -#NamesAccepted: #CustomResourceDefinitionConditionType & "NamesAccepted" - -// NonStructuralSchema means that one or more OpenAPI schema is not structural. -// -// A schema is structural if it specifies types for all values, with the only exceptions of those with -// - x-kubernetes-int-or-string: true — for fields which can be integer or string -// - x-kubernetes-preserve-unknown-fields: true — for raw, unspecified JSON values -// and there is no type, additionalProperties, default, nullable or x-kubernetes-* vendor extenions -// specified under allOf, anyOf, oneOf or not. -// -// Non-structural schemas will not be allowed anymore in v1 API groups. Moreover, new features will not be -// available for non-structural CRDs: -// - pruning -// - defaulting -// - read-only -// - OpenAPI publishing -// - webhook conversion -#NonStructuralSchema: #CustomResourceDefinitionConditionType & "NonStructuralSchema" - -// Terminating means that the CustomResourceDefinition has been deleted and is cleaning up. -#Terminating: #CustomResourceDefinitionConditionType & "Terminating" - -// KubernetesAPIApprovalPolicyConformant indicates that an API in *.k8s.io or *.kubernetes.io is or is not approved. For CRDs -// outside those groups, this condition will not be set. For CRDs inside those groups, the condition will -// be true if .metadata.annotations["api-approved.kubernetes.io"] is set to a URL, otherwise it will be false. -// See https://github.com/kubernetes/enhancements/pull/1111 for more details. -#KubernetesAPIApprovalPolicyConformant: #CustomResourceDefinitionConditionType & "KubernetesAPIApprovalPolicyConformant" - -// CustomResourceDefinitionCondition contains details for the current condition of this pod. -#CustomResourceDefinitionCondition: { - // type is the type of the condition. Types include Established, NamesAccepted and Terminating. - type: #CustomResourceDefinitionConditionType @go(Type) @protobuf(1,bytes,opt,casttype=CustomResourceDefinitionConditionType) - - // status is the status of the condition. - // Can be True, False, Unknown. - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) - - // lastTransitionTime last time the condition transitioned from one status to another. - // +optional - lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) - - // reason is a unique, one-word, CamelCase reason for the condition's last transition. - // +optional - reason?: string @go(Reason) @protobuf(4,bytes,opt) - - // message is a human-readable message indicating details about last transition. - // +optional - message?: string @go(Message) @protobuf(5,bytes,opt) -} - -// CustomResourceDefinitionStatus indicates the state of the CustomResourceDefinition -#CustomResourceDefinitionStatus: { - // conditions indicate state for particular aspects of a CustomResourceDefinition - // +optional - // +listType=map - // +listMapKey=type - conditions: [...#CustomResourceDefinitionCondition] @go(Conditions,[]CustomResourceDefinitionCondition) @protobuf(1,bytes,opt) - - // acceptedNames are the names that are actually being used to serve discovery. - // They may be different than the names in spec. - // +optional - acceptedNames: #CustomResourceDefinitionNames @go(AcceptedNames) @protobuf(2,bytes,opt) - - // storedVersions lists all versions of CustomResources that were ever persisted. Tracking these - // versions allows a migration path for stored versions in etcd. The field is mutable - // so a migration controller can finish a migration to another version (ensuring - // no old objects are left in storage), and then remove the rest of the - // versions from this list. - // Versions may not be removed from `spec.versions` while they exist in this list. - // +optional - storedVersions: [...string] @go(StoredVersions,[]string) @protobuf(3,bytes,rep) -} - -#CustomResourceCleanupFinalizer: "customresourcecleanup.apiextensions.k8s.io" - -// CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format -// <.spec.name>.<.spec.group>. -#CustomResourceDefinition: { - metav1.#TypeMeta - - // Standard object's metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) - - // spec describes how the user wants the resources to appear - spec: #CustomResourceDefinitionSpec @go(Spec) @protobuf(2,bytes,opt) - - // status indicates the actual state of the CustomResourceDefinition - // +optional - status?: #CustomResourceDefinitionStatus @go(Status) @protobuf(3,bytes,opt) -} - -// CustomResourceDefinitionList is a list of CustomResourceDefinition objects. -#CustomResourceDefinitionList: { - metav1.#TypeMeta - - // Standard object's metadata - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items list individual CustomResourceDefinition objects - items: [...#CustomResourceDefinition] @go(Items,[]CustomResourceDefinition) @protobuf(2,bytes,rep) -} - -// CustomResourceValidation is a list of validation methods for CustomResources. -#CustomResourceValidation: { - // openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning. - // +optional - openAPIV3Schema?: null | #JSONSchemaProps @go(OpenAPIV3Schema,*JSONSchemaProps) @protobuf(1,bytes,opt) -} - -// CustomResourceSubresources defines the status and scale subresources for CustomResources. -#CustomResourceSubresources: { - // status indicates the custom resource should serve a `/status` subresource. - // When enabled: - // 1. requests to the custom resource primary endpoint ignore changes to the `status` stanza of the object. - // 2. requests to the custom resource `/status` subresource ignore changes to anything other than the `status` stanza of the object. - // +optional - status?: null | #CustomResourceSubresourceStatus @go(Status,*CustomResourceSubresourceStatus) @protobuf(1,bytes,opt) - - // scale indicates the custom resource should serve a `/scale` subresource that returns an `autoscaling/v1` Scale object. - // +optional - scale?: null | #CustomResourceSubresourceScale @go(Scale,*CustomResourceSubresourceScale) @protobuf(2,bytes,opt) -} - -// CustomResourceSubresourceStatus defines how to serve the status subresource for CustomResources. -// Status is represented by the `.status` JSON path inside of a CustomResource. When set, -// * exposes a /status subresource for the custom resource -// * PUT requests to the /status subresource take a custom resource object, and ignore changes to anything except the status stanza -// * PUT/POST/PATCH requests to the custom resource ignore changes to the status stanza -#CustomResourceSubresourceStatus: { -} - -// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources. -#CustomResourceSubresourceScale: { - // specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `spec.replicas`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.spec`. - // If there is no value under the given path in the custom resource, the `/scale` subresource will return an error on GET. - specReplicasPath: string @go(SpecReplicasPath) @protobuf(1,bytes) - - // statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale `status.replicas`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.status`. - // If there is no value under the given path in the custom resource, the `status.replicas` value in the `/scale` subresource - // will default to 0. - statusReplicasPath: string @go(StatusReplicasPath) @protobuf(2,bytes,opt) - - // labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale `status.selector`. - // Only JSON paths without the array notation are allowed. - // Must be a JSON Path under `.status` or `.spec`. - // Must be set to work with HorizontalPodAutoscaler. - // The field pointed by this JSON path must be a string field (not a complex selector struct) - // which contains a serialized label selector in string form. - // More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource - // If there is no value under the given path in the custom resource, the `status.selector` value in the `/scale` - // subresource will default to the empty string. - // +optional - labelSelectorPath?: null | string @go(LabelSelectorPath,*string) @protobuf(3,bytes,opt) -} - -// ConversionReview describes a conversion request/response. -#ConversionReview: { - metav1.#TypeMeta - - // request describes the attributes for the conversion request. - // +optional - request?: null | #ConversionRequest @go(Request,*ConversionRequest) @protobuf(1,bytes,opt) - - // response describes the attributes for the conversion response. - // +optional - response?: null | #ConversionResponse @go(Response,*ConversionResponse) @protobuf(2,bytes,opt) -} - -// ConversionRequest describes the conversion request parameters. -#ConversionRequest: { - // uid is an identifier for the individual request/response. It allows distinguishing instances of requests which are - // otherwise identical (parallel requests, etc). - // The UID is meant to track the round trip (request/response) between the Kubernetes API server and the webhook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - uid: types.#UID @go(UID) @protobuf(1,bytes) - - // desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1" - desiredAPIVersion: string @go(DesiredAPIVersion) @protobuf(2,bytes) - - // objects is the list of custom resource objects to be converted. - objects: [...runtime.#RawExtension] @go(Objects,[]runtime.RawExtension) @protobuf(3,bytes,rep) -} - -// ConversionResponse describes a conversion response. -#ConversionResponse: { - // uid is an identifier for the individual request/response. - // This should be copied over from the corresponding `request.uid`. - uid: types.#UID @go(UID) @protobuf(1,bytes) - - // convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty. - // The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list - // must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace). - // The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored. - convertedObjects: [...runtime.#RawExtension] @go(ConvertedObjects,[]runtime.RawExtension) @protobuf(2,bytes,rep) - - // result contains the result of conversion with extra details if the conversion failed. `result.status` determines if - // the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the - // conversion. A successful conversion must set `result.status` to `Success`. A failed conversion must set - // `result.status` to `Failure` and provide more details in `result.message` and return http status 200. The `result.message` - // will be used to construct an error message for the end user. - result: metav1.#Status @go(Result) @protobuf(3,bytes) -} diff --git a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue b/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue deleted file mode 100644 index 19f42c1f..00000000 --- a/test/cue.mod/gen/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema_go_gen.cue +++ /dev/null @@ -1,317 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 - -package v1 - -// FieldValueErrorReason is a machine-readable value providing more detail about why a field failed the validation. -// +enum -#FieldValueErrorReason: string // #enumFieldValueErrorReason - -#enumFieldValueErrorReason: - #FieldValueRequired | - #FieldValueDuplicate | - #FieldValueInvalid | - #FieldValueForbidden - -// FieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#FieldValueRequired: #FieldValueErrorReason & "FieldValueRequired" - -// FieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#FieldValueDuplicate: #FieldValueErrorReason & "FieldValueDuplicate" - -// FieldValueInvalid is used to report malformed values (e.g. failed regex -// match, too long, out of bounds). -#FieldValueInvalid: #FieldValueErrorReason & "FieldValueInvalid" - -// FieldValueForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). -#FieldValueForbidden: #FieldValueErrorReason & "FieldValueForbidden" - -// JSONSchemaProps is a JSON-Schema following Specification Draft 4 (http://json-schema.org/). -#JSONSchemaProps: { - id?: string @go(ID) @protobuf(1,bytes,opt) - $schema?: #JSONSchemaURL @go(Schema) @protobuf(2,bytes,opt,name=schema) - $ref?: null | string @go(Ref,*string) @protobuf(3,bytes,opt,name=ref) - description?: string @go(Description) @protobuf(4,bytes,opt) - type?: string @go(Type) @protobuf(5,bytes,opt) - - // format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated: - // - // - bsonobjectid: a bson object ID, i.e. a 24 characters hex string - // - uri: an URI as parsed by Golang net/url.ParseRequestURI - // - email: an email address as parsed by Golang net/mail.ParseAddress - // - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - // - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - // - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - // - cidr: a CIDR as parsed by Golang net.ParseCIDR - // - mac: a MAC address as parsed by Golang net.ParseMAC - // - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - // - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - // - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - // - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - // - isbn: an ISBN10 or ISBN13 number string like "0321751043" or "978-0321751041" - // - isbn10: an ISBN10 number string like "0321751043" - // - isbn13: an ISBN13 number string like "978-0321751041" - // - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in - // - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ - // - hexcolor: an hexadecimal color code like "#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - // - rgbcolor: an RGB color code like rgb like "rgb(255,255,2559" - // - byte: base64 encoded binary data - // - password: any kind of string - // - date: a date string like "2006-01-02" as defined by full-date in RFC3339 - // - duration: a duration string like "22 ns" as parsed by Golang time.ParseDuration or compatible with Scala duration format - // - datetime: a date time string like "2014-12-15T19:30:20.000Z" as defined by date-time in RFC3339. - format?: string @go(Format) @protobuf(6,bytes,opt) - title?: string @go(Title) @protobuf(7,bytes,opt) - - // default is a default value for undefined object fields. - // Defaulting is a beta feature under the CustomResourceDefaulting feature gate. - // Defaulting requires spec.preserveUnknownFields to be false. - default?: null | #JSON @go(Default,*JSON) @protobuf(8,bytes,opt) - maximum?: null | float64 @go(Maximum,*float64) @protobuf(9,bytes,opt) - exclusiveMaximum?: bool @go(ExclusiveMaximum) @protobuf(10,bytes,opt) - minimum?: null | float64 @go(Minimum,*float64) @protobuf(11,bytes,opt) - exclusiveMinimum?: bool @go(ExclusiveMinimum) @protobuf(12,bytes,opt) - maxLength?: null | int64 @go(MaxLength,*int64) @protobuf(13,bytes,opt) - minLength?: null | int64 @go(MinLength,*int64) @protobuf(14,bytes,opt) - pattern?: string @go(Pattern) @protobuf(15,bytes,opt) - maxItems?: null | int64 @go(MaxItems,*int64) @protobuf(16,bytes,opt) - minItems?: null | int64 @go(MinItems,*int64) @protobuf(17,bytes,opt) - uniqueItems?: bool @go(UniqueItems) @protobuf(18,bytes,opt) - multipleOf?: null | float64 @go(MultipleOf,*float64) @protobuf(19,bytes,opt) - enum?: [...#JSON] @go(Enum,[]JSON) @protobuf(20,bytes,rep) - maxProperties?: null | int64 @go(MaxProperties,*int64) @protobuf(21,bytes,opt) - minProperties?: null | int64 @go(MinProperties,*int64) @protobuf(22,bytes,opt) - required?: [...string] @go(Required,[]string) @protobuf(23,bytes,rep) - items?: null | #JSONSchemaPropsOrArray @go(Items,*JSONSchemaPropsOrArray) @protobuf(24,bytes,opt) - allOf?: [...#JSONSchemaProps] @go(AllOf,[]JSONSchemaProps) @protobuf(25,bytes,rep) - oneOf?: [...#JSONSchemaProps] @go(OneOf,[]JSONSchemaProps) @protobuf(26,bytes,rep) - anyOf?: [...#JSONSchemaProps] @go(AnyOf,[]JSONSchemaProps) @protobuf(27,bytes,rep) - not?: null | #JSONSchemaProps @go(Not,*JSONSchemaProps) @protobuf(28,bytes,opt) - properties?: {[string]: #JSONSchemaProps} @go(Properties,map[string]JSONSchemaProps) @protobuf(29,bytes,rep) - additionalProperties?: null | #JSONSchemaPropsOrBool @go(AdditionalProperties,*JSONSchemaPropsOrBool) @protobuf(30,bytes,opt) - patternProperties?: {[string]: #JSONSchemaProps} @go(PatternProperties,map[string]JSONSchemaProps) @protobuf(31,bytes,rep) - dependencies?: #JSONSchemaDependencies @go(Dependencies) @protobuf(32,bytes,opt) - additionalItems?: null | #JSONSchemaPropsOrBool @go(AdditionalItems,*JSONSchemaPropsOrBool) @protobuf(33,bytes,opt) - definitions?: #JSONSchemaDefinitions @go(Definitions) @protobuf(34,bytes,opt) - externalDocs?: null | #ExternalDocumentation @go(ExternalDocs,*ExternalDocumentation) @protobuf(35,bytes,opt) - example?: null | #JSON @go(Example,*JSON) @protobuf(36,bytes,opt) - nullable?: bool @go(Nullable) @protobuf(37,bytes,opt) - - // x-kubernetes-preserve-unknown-fields stops the API server - // decoding step from pruning fields which are not specified - // in the validation schema. This affects fields recursively, - // but switches back to normal pruning behaviour if nested - // properties or additionalProperties are specified in the schema. - // This can either be true or undefined. False is forbidden. - "x-kubernetes-preserve-unknown-fields"?: null | bool @go(XPreserveUnknownFields,*bool) @protobuf(38,bytes,opt,name=xKubernetesPreserveUnknownFields) - - // x-kubernetes-embedded-resource defines that the value is an - // embedded Kubernetes runtime.Object, with TypeMeta and - // ObjectMeta. The type must be object. It is allowed to further - // restrict the embedded object. kind, apiVersion and metadata - // are validated automatically. x-kubernetes-preserve-unknown-fields - // is allowed to be true, but does not have to be if the object - // is fully specified (up to kind, apiVersion, metadata). - "x-kubernetes-embedded-resource"?: bool @go(XEmbeddedResource) @protobuf(39,bytes,opt,name=xKubernetesEmbeddedResource) - - // x-kubernetes-int-or-string specifies that this value is - // either an integer or a string. If this is true, an empty - // type is allowed and type as child of anyOf is permitted - // if following one of the following patterns: - // - // 1) anyOf: - // - type: integer - // - type: string - // 2) allOf: - // - anyOf: - // - type: integer - // - type: string - // - ... zero or more - "x-kubernetes-int-or-string"?: bool @go(XIntOrString) @protobuf(40,bytes,opt,name=xKubernetesIntOrString) - - // x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used - // as the index of the map. - // - // This tag MUST only be used on lists that have the "x-kubernetes-list-type" - // extension set to "map". Also, the values specified for this attribute must - // be a scalar typed field of the child structure (no nesting is supported). - // - // The properties specified must either be required or have a default value, - // to ensure those properties are present for all list items. - // - // +optional - "x-kubernetes-list-map-keys"?: [...string] @go(XListMapKeys,[]string) @protobuf(41,bytes,rep,name=xKubernetesListMapKeys) - - // x-kubernetes-list-type annotates an array to further describe its topology. - // This extension must only be used on lists and may have 3 possible values: - // - // 1) `atomic`: the list is treated as a single entity, like a scalar. - // Atomic lists will be entirely replaced when updated. This extension - // may be used on any type of list (struct, scalar, ...). - // 2) `set`: - // Sets are lists that must not have multiple items with the same value. Each - // value must be a scalar, an object with x-kubernetes-map-type `atomic` or an - // array with x-kubernetes-list-type `atomic`. - // 3) `map`: - // These lists are like maps in that their elements have a non-index key - // used to identify them. Order is preserved upon merge. The map tag - // must only be used on a list with elements of type object. - // Defaults to atomic for arrays. - // +optional - "x-kubernetes-list-type"?: null | string @go(XListType,*string) @protobuf(42,bytes,opt,name=xKubernetesListType) - - // x-kubernetes-map-type annotates an object to further describe its topology. - // This extension must only be used when type is object and may have 2 possible values: - // - // 1) `granular`: - // These maps are actual maps (key-value pairs) and each fields are independent - // from each other (they can each be manipulated by separate actors). This is - // the default behaviour for all maps. - // 2) `atomic`: the list is treated as a single entity, like a scalar. - // Atomic maps will be entirely replaced when updated. - // +optional - "x-kubernetes-map-type"?: null | string @go(XMapType,*string) @protobuf(43,bytes,opt,name=xKubernetesMapType) - - // x-kubernetes-validations describes a list of validation rules written in the CEL expression language. - // This field is an alpha-level. Using this field requires the feature gate `CustomResourceValidationExpressions` to be enabled. - // +patchMergeKey=rule - // +patchStrategy=merge - // +listType=map - // +listMapKey=rule - "x-kubernetes-validations"?: #ValidationRules @go(XValidations) @protobuf(44,bytes,rep,name=xKubernetesValidations) -} - -// ValidationRules describes a list of validation rules written in the CEL expression language. -#ValidationRules: [...#ValidationRule] - -// ValidationRule describes a validation rule written in the CEL expression language. -#ValidationRule: { - // Rule represents the expression which will be evaluated by CEL. - // ref: https://github.com/google/cel-spec - // The Rule is scoped to the location of the x-kubernetes-validations extension in the schema. - // The `self` variable in the CEL expression is bound to the scoped value. - // Example: - // - Rule scoped to the root of a resource with a status subresource: {"rule": "self.status.actual <= self.spec.maxDesired"} - // - // If the Rule is scoped to an object with properties, the accessible properties of the object are field selectable - // via `self.field` and field presence can be checked via `has(self.field)`. Null valued fields are treated as - // absent fields in CEL expressions. - // If the Rule is scoped to an object with additionalProperties (i.e. a map) the value of the map - // are accessible via `self[mapKey]`, map containment can be checked via `mapKey in self` and all entries of the map - // are accessible via CEL macros and functions such as `self.all(...)`. - // If the Rule is scoped to an array, the elements of the array are accessible via `self[i]` and also by macros and - // functions. - // If the Rule is scoped to a scalar, `self` is bound to the scalar value. - // Examples: - // - Rule scoped to a map of objects: {"rule": "self.components['Widget'].priority < 10"} - // - Rule scoped to a list of integers: {"rule": "self.values.all(value, value >= 0 && value < 100)"} - // - Rule scoped to a string value: {"rule": "self.startsWith('kube')"} - // - // The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the - // object and from any x-kubernetes-embedded-resource annotated objects. No other metadata properties are accessible. - // - // Unknown data preserved in custom resources via x-kubernetes-preserve-unknown-fields is not accessible in CEL - // expressions. This includes: - // - Unknown field values that are preserved by object schemas with x-kubernetes-preserve-unknown-fields. - // - Object properties where the property schema is of an "unknown type". An "unknown type" is recursively defined as: - // - A schema with no type and x-kubernetes-preserve-unknown-fields set to true - // - An array where the items schema is of an "unknown type" - // - An object where the additionalProperties schema is of an "unknown type" - // - // Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. - // Accessible property names are escaped according to the following rules when accessed in the expression: - // - '__' escapes to '__underscores__' - // - '.' escapes to '__dot__' - // - '-' escapes to '__dash__' - // - '/' escapes to '__slash__' - // - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are: - // "true", "false", "null", "in", "as", "break", "const", "continue", "else", "for", "function", "if", - // "import", "let", "loop", "package", "namespace", "return". - // Examples: - // - Rule accessing a property named "namespace": {"rule": "self.__namespace__ > 0"} - // - Rule accessing a property named "x-prop": {"rule": "self.x__dash__prop > 0"} - // - Rule accessing a property named "redact__d": {"rule": "self.redact__underscores__d > 0"} - // - // Equality on arrays with x-kubernetes-list-type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. - // Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type: - // - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and - // non-intersecting elements in `Y` are appended, retaining their partial order. - // - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values - // are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with - // non-intersecting keys are appended, retaining their partial order. - rule: string @go(Rule) @protobuf(1,bytes,opt) - - // Message represents the message displayed when validation fails. The message is required if the Rule contains - // line breaks. The message must not contain line breaks. - // If unset, the message is "failed rule: {Rule}". - // e.g. "must be a URL with the host matching spec.host" - message?: string @go(Message) @protobuf(2,bytes,opt) - - // MessageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. - // Since messageExpression is used as a failure message, it must evaluate to a string. - // If both message and messageExpression are present on a rule, then messageExpression will be used if validation - // fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced - // as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string - // that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and - // the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. - // messageExpression has access to all the same variables as the rule; the only difference is the return type. - // Example: - // "x must be less than max ("+string(self.max)+")" - // +optional - messageExpression?: string @go(MessageExpression) @protobuf(3,bytes,opt) - - // reason provides a machine-readable validation failure reason that is returned to the caller when a request fails this validation rule. - // The HTTP status code returned to the caller will match the reason of the reason of the first failed validation rule. - // The currently supported reasons are: "FieldValueInvalid", "FieldValueForbidden", "FieldValueRequired", "FieldValueDuplicate". - // If not set, default to use "FieldValueInvalid". - // All future added reasons must be accepted by clients when reading this value and unknown reasons should be treated as FieldValueInvalid. - // +optional - reason?: null | #FieldValueErrorReason @go(Reason,*FieldValueErrorReason) @protobuf(4,bytes,opt) - - // fieldPath represents the field path returned when the validation fails. - // It must be a relative JSON path (i.e. with array notation) scoped to the location of this x-kubernetes-validations extension in the schema and refer to an existing field. - // e.g. when validation checks if a specific attribute `foo` under a map `testMap`, the fieldPath could be set to `.testMap.foo` - // If the validation checks two lists must have unique attributes, the fieldPath could be set to either of the list: e.g. `.testList` - // It does not support list numeric index. - // It supports child operation to refer to an existing field currently. Refer to [JSONPath support in Kubernetes](https://kubernetes.io/docs/reference/kubectl/jsonpath/) for more info. - // Numeric index of array is not supported. - // For field name which contains special characters, use `['specialName']` to refer the field name. - // e.g. for attribute `foo.34$` appears in a list `testList`, the fieldPath could be set to `.testList['foo.34$']` - // +optional - fieldPath?: string @go(FieldPath) @protobuf(5,bytes,opt) -} - -// JSON represents any valid JSON value. -// These types are supported: bool, int64, float64, string, []interface{}, map[string]interface{} and nil. -#JSON: _ - -// JSONSchemaURL represents a schema url. -#JSONSchemaURL: string - -// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps -// or an array of JSONSchemaProps. Mainly here for serialization purposes. -#JSONSchemaPropsOrArray: _ - -// JSONSchemaPropsOrBool represents JSONSchemaProps or a boolean value. -// Defaults to true for the boolean property. -#JSONSchemaPropsOrBool: _ - -// JSONSchemaDependencies represent a dependencies property. -#JSONSchemaDependencies: {[string]: #JSONSchemaPropsOrStringArray} - -// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array. -#JSONSchemaPropsOrStringArray: _ - -// JSONSchemaDefinitions contains the models explicitly defined in this spec. -#JSONSchemaDefinitions: {[string]: #JSONSchemaProps} - -// ExternalDocumentation allows referencing an external resource for extended documentation. -#ExternalDocumentation: { - description?: string @go(Description) @protobuf(1,bytes,opt) - url?: string @go(URL) @protobuf(2,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue deleted file mode 100644 index cef44ba5..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Scale is used for getting and setting the base-10 scaled value. -// Base-2 scales are omitted for mathematical simplicity. -// See Quantity.ScaledValue for more details. -#Scale: int32 // #enumScale - -#enumScale: - #Nano | - #Micro | - #Milli | - #Kilo | - #Mega | - #Giga | - #Tera | - #Peta | - #Exa - -#values_Scale: { - Nano: #Nano - Micro: #Micro - Milli: #Milli - Kilo: #Kilo - Mega: #Mega - Giga: #Giga - Tera: #Tera - Peta: #Peta - Exa: #Exa -} - -#Nano: #Scale & -9 -#Micro: #Scale & -6 -#Milli: #Scale & -3 -#Kilo: #Scale & 3 -#Mega: #Scale & 6 -#Giga: #Scale & 9 -#Tera: #Scale & 12 -#Peta: #Scale & 15 -#Exa: #Scale & 18 - -// infDecAmount implements common operations over an inf.Dec that are specific to the quantity -// representation. -_#infDecAmount: string diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue deleted file mode 100644 index 711f2096..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue +++ /dev/null @@ -1,13 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. -// It is also the maximum decimal digits that can be represented with an int64. -_#maxInt64Factors: 18 - -_#mostNegative: -9223372036854775808 - -_#mostPositive: 9223372036854775807 diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue deleted file mode 100644 index 9d9713a1..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue +++ /dev/null @@ -1,107 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -// Quantity is a fixed-point representation of a number. -// It provides convenient marshaling/unmarshaling in JSON and YAML, -// in addition to String() and AsInt64() accessors. -// -// The serialization format is: -// -// ``` -// ::= -// -// (Note that may be empty, from the "" case in .) -// -// ::= 0 | 1 | ... | 9 -// ::= | -// ::= | . | . | . -// ::= "+" | "-" -// ::= | -// ::= | | -// ::= Ki | Mi | Gi | Ti | Pi | Ei -// -// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) -// -// ::= m | "" | k | M | G | T | P | E -// -// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) -// -// ::= "e" | "E" -// ``` -// -// No matter which of the three exponent forms is used, no quantity may represent -// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal -// places. Numbers larger or more precise will be capped or rounded up. -// (E.g.: 0.1m will rounded up to 1m.) -// This may be extended in the future if we require larger or smaller quantities. -// -// When a Quantity is parsed from a string, it will remember the type of suffix -// it had, and will use the same type again when it is serialized. -// -// Before serializing, Quantity will be put in "canonical form". -// This means that Exponent/suffix will be adjusted up or down (with a -// corresponding increase or decrease in Mantissa) such that: -// -// - No precision is lost -// - No fractional digits will be emitted -// - The exponent (or suffix) is as large as possible. -// -// The sign will be omitted unless the number is negative. -// -// Examples: -// -// - 1.5 will be serialized as "1500m" -// - 1.5Gi will be serialized as "1536Mi" -// -// Note that the quantity will NEVER be internally represented by a -// floating point number. That is the whole point of this exercise. -// -// Non-canonical values will still parse as long as they are well formed, -// but will be re-emitted in their canonical form. (So always use canonical -// form, or don't diff.) -// -// This format is intended to make it difficult to use these numbers without -// writing some sort of special handling code in the hopes that that will -// cause implementors to also use a fixed point implementation. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -// +k8s:openapi-gen=true -#Quantity: _ - -// CanonicalValue allows a quantity amount to be converted to a string. -#CanonicalValue: _ - -// Format lists the three possible formattings of a quantity. -#Format: string // #enumFormat - -#enumFormat: - #DecimalExponent | - #BinarySI | - #DecimalSI - -#DecimalExponent: #Format & "DecimalExponent" -#BinarySI: #Format & "BinarySI" -#DecimalSI: #Format & "DecimalSI" - -// splitREString is used to separate a number from its suffix; as such, -// this is overly permissive, but that's OK-- it will be checked later. -_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - -_#int64QuantityExpectedBytes: 18 - -// QuantityValue makes it possible to use a Quantity as value for a command -// line parameter. -// -// +protobuf=true -// +protobuf.embed=string -// +protobuf.options.marshal=false -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen=true -#QuantityValue: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue deleted file mode 100644 index b40d68ec..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource - -package resource - -_#suffix: string - -// suffixer can interpret and construct suffixes. -_#suffixer: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue deleted file mode 100644 index 25ea8ecf..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Duration is a wrapper around time.Duration which supports correct -// marshaling to YAML and JSON. In particular, it marshals into strings, which -// can be used as map keys in json. -#Duration: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue deleted file mode 100644 index 7ff53860..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - resource: string @go(Resource) @protobuf(2,bytes,opt) -} - -// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionResource: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - resource: string @go(Resource) @protobuf(3,bytes,opt) -} - -// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying -// concepts during lookup stages without having partially valid types -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - kind: string @go(Kind) @protobuf(2,bytes,opt) -} - -// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion -// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersionKind: { - group: string @go(Group) @protobuf(1,bytes,opt) - version: string @go(Version) @protobuf(2,bytes,opt) - kind: string @go(Kind) @protobuf(3,bytes,opt) -} - -// GroupVersion contains the "group" and the "version", which uniquely identifies the API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -#GroupVersion: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue deleted file mode 100644 index f3c39a46..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// TODO: move this, Object, List, and Type to a different package -#ObjectMetaAccessor: _ - -// Object lets you work with object metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field (Name, UID, Namespace on lists) will be a no-op and return -// a default value. -#Object: _ - -// ListMetaAccessor retrieves the list interface from an object -#ListMetaAccessor: _ - -// Common lets you work with core metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Common: _ - -// ListInterface lets you work with list metadata from any of the versioned or -// internal API objects. Attempting to set or retrieve a field on an object that does -// not support that field will be a no-op and return a default value. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#ListInterface: _ - -// Type exposes the type and APIVersion of versioned or internal API objects. -// TODO: move this, and TypeMeta and ListMeta, to a different package -#Type: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue deleted file mode 100644 index 3c067bae..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" - -// MicroTime is version of Time with microsecond level precision. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#MicroTime: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue deleted file mode 100644 index 39d23b28..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -#GroupName: "meta.k8s.io" - -#WatchEventKind: "WatchEvent" diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue deleted file mode 100644 index b3c8ec26..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Time is a wrapper around time.Time which supports correct -// marshaling to YAML and JSON. Wrappers are provided for many -// of the factory methods that the time package offers. -// -// +protobuf.options.marshal=false -// +protobuf.as=Timestamp -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Time: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue deleted file mode 100644 index 83539273..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -// Timestamp is a struct that is equivalent to Time, but intended for -// protobuf marshalling/unmarshalling. It is generated into a serialization -// that matches Time. Do not use in Go structs. -#Timestamp: { - // Represents seconds of UTC time since Unix epoch - // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to - // 9999-12-31T23:59:59Z inclusive. - seconds: int64 @go(Seconds) @protobuf(1,varint,opt) - - // Non-negative fractions of a second at nanosecond resolution. Negative - // second values with fractions must still have non-negative nanos values - // that count forward in time. Must be from 0 to 999,999,999 - // inclusive. This field may be limited in precision depending on context. - nanos: int32 @go(Nanos) @protobuf(2,varint,opt) -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue deleted file mode 100644 index a0deb7c9..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue +++ /dev/null @@ -1,1561 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -// Package v1 contains API types that are common to all versions. -// -// The package contains two categories of types: -// - external (serialized) types that lack their own version (e.g TypeMeta) -// - internal (never-serialized) types that are needed by several different -// api groups, and so live here, to avoid duplication and/or import loops -// (e.g. LabelSelector). -// -// In the future, we will probably move these categories of objects into -// separate packages. -package v1 - -import ( - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/runtime" -) - -// TypeMeta describes an individual object in an API response or request -// with strings representing the type of the object and its API schema version. -// Structures that are versioned or persisted should inline TypeMeta. -// -// +k8s:deepcopy-gen=false -#TypeMeta: { - // Kind is a string value representing the REST resource this object represents. - // Servers may infer this from the endpoint the client submits requests to. - // Cannot be updated. - // In CamelCase. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(1,bytes,opt) - - // APIVersion defines the versioned schema of this representation of an object. - // Servers should convert recognized schemas to the latest internal value, and - // may reject unrecognized values. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - // +optional - apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) -} - -// ListMeta describes metadata that synthetic resources must have, including lists and -// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. -#ListMeta: { - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) - - // String that identifies the server's internal version of this object that - // can be used by clients to determine when objects have changed. - // Value must be treated as opaque by clients and passed unmodified back to the server. - // Populated by the system. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) - - // continue may be set if the user set a limit on the number of items returned, and indicates that - // the server has more data available. The value is opaque and may be used to issue another request - // to the endpoint that served this list to retrieve the next set of available objects. Continuing a - // consistent list may not be possible if the server configuration has changed or more than a few - // minutes have passed. The resourceVersion field returned when using this continue value will be - // identical to the value in the first response, unless you have received this token from an error - // message. - continue?: string @go(Continue) @protobuf(3,bytes,opt) - - // remainingItemCount is the number of subsequent items in the list which are not included in this - // list response. If the list request contained label or field selectors, then the number of - // remaining items is unknown and the field will be left unset and omitted during serialization. - // If the list is complete (either because it is not chunking or because this is the last chunk), - // then there are no more remaining items and this field will be left unset and omitted during - // serialization. - // Servers older than v1.15 do not set this field. - // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients - // should not rely on the remainingItemCount to be set or to be exact. - // +optional - remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) -} - -#ObjectNameField: "metadata.name" - -#FinalizerOrphanDependents: "orphan" -#FinalizerDeleteDependents: "foregroundDeletion" - -// ObjectMeta is metadata that all persisted resources must have, which includes all objects -// users must create. -#ObjectMeta: { - // Name must be unique within a namespace. Is required when creating resources, although - // some resources may allow a client to request the generation of an appropriate name - // automatically. Name is primarily intended for creation idempotence and configuration - // definition. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // GenerateName is an optional prefix, used by the server, to generate a unique - // name ONLY IF the Name field has not been provided. - // If this field is used, the name returned to the client will be different - // than the name passed. This value will also be combined with a unique suffix. - // The provided value has the same validation rules as the Name field, - // and may be truncated by the length of the suffix required to make the value - // unique on the server. - // - // If this field is specified and the generated name exists, the server will return a 409. - // - // Applied only if Name is not specified. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency - // +optional - generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) - - // Namespace defines the space within which each name must be unique. An empty namespace is - // equivalent to the "default" namespace, but "default" is the canonical representation. - // Not all objects are required to be scoped to a namespace - the value of this field for - // those objects will be empty. - // - // Must be a DNS_LABEL. - // Cannot be updated. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - // +optional - namespace?: string @go(Namespace) @protobuf(3,bytes,opt) - - // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. - // +optional - selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) - - // UID is the unique in time and space value for this object. It is typically generated by - // the server on successful creation of a resource and is not allowed to change on PUT - // operations. - // - // Populated by the system. - // Read-only. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) - - // An opaque value that represents the internal version of this object that can - // be used by clients to determine when objects have changed. May be used for optimistic - // concurrency, change detection, and the watch operation on a resource or set of resources. - // Clients must treat these values as opaque and passed unmodified back to the server. - // They may only be valid for a particular resource or set of resources. - // - // Populated by the system. - // Read-only. - // Value must be treated as opaque by clients and . - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) - - // A sequence number representing a specific generation of the desired state. - // Populated by the system. Read-only. - // +optional - generation?: int64 @go(Generation) @protobuf(7,varint,opt) - - // CreationTimestamp is a timestamp representing the server time when this object was - // created. It is not guaranteed to be set in happens-before order across separate operations. - // Clients may not set this value. It is represented in RFC3339 form and is in UTC. - // - // Populated by the system. - // Read-only. - // Null for lists. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) - - // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This - // field is set by the server when a graceful deletion is requested by the user, and is not - // directly settable by a client. The resource is expected to be deleted (no longer visible - // from resource lists, and not reachable by name) after the time in this field, once the - // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. - // Once the deletionTimestamp is set, this value may not be unset or be set further into the - // future, although it may be shortened or the resource may be deleted prior to this time. - // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react - // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, - // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, - // remove the pod from the API. In the presence of network partitions, this object may still - // exist after this timestamp, until an administrator or automated process can determine the - // resource is fully terminated. - // If not set, graceful deletion of the object has not been requested. - // - // Populated by the system when a graceful deletion is requested. - // Read-only. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) - - // Number of seconds allowed for this object to gracefully terminate before - // it will be removed from the system. Only set when deletionTimestamp is also set. - // May only be shortened. - // Read-only. - // +optional - deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) - - // Map of string keys and values that can be used to organize and categorize - // (scope and select) objects. May match selectors of replication controllers - // and services. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - // +optional - labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) - - // Annotations is an unstructured key value map stored with a resource that may be - // set by external tools to store and retrieve arbitrary metadata. They are not - // queryable and should be preserved when modifying objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - // +optional - annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) - - // List of objects depended by this object. If ALL objects in the list have - // been deleted, this object will be garbage collected. If this object is managed by a controller, - // then an entry in this list will point to this controller, with the controller field set to true. - // There cannot be more than one managing controller. - // +optional - // +patchMergeKey=uid - // +patchStrategy=merge - ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) - - // Must be empty before the object is deleted from the registry. Each entry - // is an identifier for the responsible component that will remove the entry - // from the list. If the deletionTimestamp of the object is non-nil, entries - // in this list can only be removed. - // Finalizers may be processed and removed in any order. Order is NOT enforced - // because it introduces significant risk of stuck finalizers. - // finalizers is a shared field, any actor with permission can reorder it. - // If the finalizer list is processed in order, then this can lead to a situation - // in which the component responsible for the first finalizer in the list is - // waiting for a signal (field value, external system, or other) produced by a - // component responsible for a finalizer later in the list, resulting in a deadlock. - // Without enforced ordering finalizers are free to order amongst themselves and - // are not vulnerable to ordering changes in the list. - // +optional - // +patchStrategy=merge - finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) - - // ManagedFields maps workflow-id and version to the set of fields - // that are managed by that workflow. This is mostly for internal - // housekeeping, and users typically shouldn't need to set or - // understand this field. A workflow can be the user's name, a - // controller's name, or the name of a specific apply path like - // "ci-cd". The set of fields is always in the version that the - // workflow used when modifying the object. - // - // +optional - managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) -} - -// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients -#NamespaceDefault: "default" - -// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces -#NamespaceAll: "" - -// NamespaceNone is the argument for a context when there is no namespace. -#NamespaceNone: "" - -// NamespaceSystem is the system namespace where we place system components. -#NamespaceSystem: "kube-system" - -// NamespacePublic is the namespace where we place public info (ConfigMaps) -#NamespacePublic: "kube-public" - -// OwnerReference contains enough information to let you identify an owning -// object. An owning object must be in the same namespace as the dependent, or -// be cluster-scoped, so there is no namespace field. -// +structType=atomic -#OwnerReference: { - // API version of the referent. - apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) - - // Kind of the referent. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - kind: string @go(Kind) @protobuf(1,bytes,opt) - - // Name of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name: string @go(Name) @protobuf(3,bytes,opt) - - // UID of the referent. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // If true, this reference points to the managing controller. - // +optional - controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) - - // If true, AND if the owner has the "foregroundDeletion" finalizer, then - // the owner cannot be deleted from the key-value store until this - // reference is removed. - // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - // for how the garbage collector interacts with this field and enforces the foreground deletion. - // Defaults to false. - // To set this field, a user needs "delete" permission of the owner, - // otherwise 422 (Unprocessable Entity) will be returned. - // +optional - blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) -} - -// ListOptions is the query options to a standard REST list call. -#ListOptions: { - #TypeMeta - - // A selector to restrict the list of returned objects by their labels. - // Defaults to everything. - // +optional - labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) - - // A selector to restrict the list of returned objects by their fields. - // Defaults to everything. - // +optional - fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) - - // Watch for changes to the described resources and return them as a stream of - // add, update, and remove notifications. Specify resourceVersion. - // +optional - watch?: bool @go(Watch) @protobuf(3,varint,opt) - - // allowWatchBookmarks requests watch events with type "BOOKMARK". - // Servers that do not implement bookmarks may ignore this flag and - // bookmarks are sent at the server's discretion. Clients should not - // assume bookmarks are returned at any specific interval, nor may they - // assume the server will send any BOOKMARK event during a session. - // If this is not a watch, this field is ignored. - // +optional - allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) - - // resourceVersionMatch determines how resourceVersion is applied to list calls. - // It is highly recommended that resourceVersionMatch be set for list calls where - // resourceVersion is set - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) - - // Timeout for the list/watch call. - // This limits the duration of the call, regardless of any activity or inactivity. - // +optional - timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) - - // limit is a maximum number of responses to return for a list call. If more items exist, the - // server will set the `continue` field on the list metadata to a value that can be used with the - // same initial query to retrieve the next set of results. Setting a limit may return fewer than - // the requested amount of items (up to zero items) in the event all requested objects are - // filtered out and clients should only use the presence of the continue field to determine whether - // more results are available. Servers may choose not to support the limit argument and will return - // all of the available results. If limit is specified and the continue field is empty, clients may - // assume that no more results are available. This field is not supported if watch is true. - // - // The server guarantees that the objects returned when using continue will be identical to issuing - // a single list call without a limit - that is, no objects created, modified, or deleted after the - // first request is issued will be included in any subsequent continued requests. This is sometimes - // referred to as a consistent snapshot, and ensures that a client that is using limit to receive - // smaller chunks of a very large result can ensure they see all possible objects. If objects are - // updated during a chunked list the version of the object that was present at the time the first list - // result was calculated is returned. - limit?: int64 @go(Limit) @protobuf(7,varint,opt) - - // The continue option should be set when retrieving more results from the server. Since this value is - // server defined, clients may only use the continue value from a previous query result with identical - // query parameters (except for the value of continue) and the server may reject a continue value it - // does not recognize. If the specified continue value is no longer valid whether due to expiration - // (generally five to fifteen minutes) or a configuration change on the server, the server will - // respond with a 410 ResourceExpired error together with a continue token. If the client needs a - // consistent list, it must restart their list without the continue field. Otherwise, the client may - // send another list request with the token received with the 410 error, the server will respond with - // a list starting from the next key, but from the latest snapshot, which is inconsistent from the - // previous list results - objects that are created, modified, or deleted after the first list request - // will be included in the response, as long as their keys are after the "next key". - // - // This field is not supported when watch is true. Clients may start a watch from the last - // resourceVersion value returned by the server and not miss any modifications. - continue?: string @go(Continue) @protobuf(8,bytes,opt) - - // `sendInitialEvents=true` may be set together with `watch=true`. - // In that case, the watch stream will begin with synthetic events to - // produce the current state of objects in the collection. Once all such - // events have been sent, a synthetic "Bookmark" event will be sent. - // The bookmark will report the ResourceVersion (RV) corresponding to the - // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. - // Afterwards, the watch stream will proceed as usual, sending watch events - // corresponding to changes (subsequent to the RV) to objects watched. - // - // When `sendInitialEvents` option is set, we require `resourceVersionMatch` - // option to also be set. The semantic of the watch request is as following: - // - `resourceVersionMatch` = NotOlderThan - // is interpreted as "data at least as new as the provided `resourceVersion`" - // and the bookmark event is send when the state is synced - // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. - // If `resourceVersion` is unset, this is interpreted as "consistent read" and the - // bookmark event is send when the state is synced at least to the moment - // when request started being processed. - // - `resourceVersionMatch` set to any other value or unset - // Invalid error is returned. - // - // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward - // compatibility reasons) and to false otherwise. - // +optional - sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) -} - -// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch -// may only be set if resourceVersion is also set. -// -// "NotOlderThan" matches data at least as new as the provided resourceVersion. -// "Exact" matches data at the exact resourceVersion provided. -// -// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for -// details. -#ResourceVersionMatch: string // #enumResourceVersionMatch - -#enumResourceVersionMatch: - #ResourceVersionMatchNotOlderThan | - #ResourceVersionMatchExact - -// ResourceVersionMatchNotOlderThan matches data at least as new as the provided -// resourceVersion. -#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" - -// ResourceVersionMatchExact matches data at the exact resourceVersion -// provided. -#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" - -// GetOptions is the standard query options to the standard REST get call. -#GetOptions: { - #TypeMeta - - // resourceVersion sets a constraint on what resource versions a request may be served from. - // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for - // details. - // - // Defaults to unset - // +optional - resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) -} - -// DeletionPropagation decides if a deletion will propagate to the dependents of -// the object, and how the garbage collector will handle the propagation. -#DeletionPropagation: string // #enumDeletionPropagation - -#enumDeletionPropagation: - #DeletePropagationOrphan | - #DeletePropagationBackground | - #DeletePropagationForeground - -// Orphans the dependents. -#DeletePropagationOrphan: #DeletionPropagation & "Orphan" - -// Deletes the object from the key-value store, the garbage collector will -// delete the dependents in the background. -#DeletePropagationBackground: #DeletionPropagation & "Background" - -// The object exists in the key-value store until the garbage collector -// deletes all the dependents whose ownerReference.blockOwnerDeletion=true -// from the key-value store. API sever will put the "foregroundDeletion" -// finalizer on the object, and sets its deletionTimestamp. This policy is -// cascading, i.e., the dependents will be deleted with Foreground. -#DeletePropagationForeground: #DeletionPropagation & "Foreground" - -// DryRunAll means to complete all processing stages, but don't -// persist changes to storage. -#DryRunAll: "All" - -// DeleteOptions may be provided when deleting an API object. -#DeleteOptions: { - #TypeMeta - - // The duration in seconds before the object should be deleted. Value must be non-negative integer. - // The value zero indicates delete immediately. If this value is nil, the default grace period for the - // specified type will be used. - // Defaults to a per object value if not specified. zero means delete immediately. - // +optional - gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) - - // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be - // returned. - // +k8s:conversion-gen=false - // +optional - preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) - - // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. - // Should the dependent objects be orphaned. If true/false, the "orphan" - // finalizer will be added to/removed from the object's finalizers list. - // Either this field or PropagationPolicy may be set, but not both. - // +optional - orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) - - // Whether and how garbage collection will be performed. - // Either this field or OrphanDependents may be set, but not both. - // The default policy is decided by the existing finalizer set in the - // metadata.finalizers and the resource-specific default policy. - // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - - // allow the garbage collector to delete the dependents in the background; - // 'Foreground' - a cascading policy that deletes all dependents in the - // foreground. - // +optional - propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) -} - -// FieldValidationIgnore ignores unknown/duplicate fields -#FieldValidationIgnore: "Ignore" - -// FieldValidationWarn responds with a warning, but successfully serve the request -#FieldValidationWarn: "Warn" - -// FieldValidationStrict fails the request on unknown/duplicate fields -#FieldValidationStrict: "Strict" - -// CreateOptions may be provided when creating an API object. -#CreateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// PatchOptions may be provided when patching an API object. -// PatchOptions is meant to be a superset of UpdateOptions. -#PatchOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. Force - // flag must be unset for non-apply patch requests. - // +optional - force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required for apply requests - // (application/apply-patch) but optional for non-apply patch - // types (JsonPatch, MergePatch, StrategicMergePatch). - // +optional - fieldManager?: string @go(FieldManager) @protobuf(3,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) -} - -// ApplyOptions may be provided when applying an API object. -// FieldManager is required for apply requests. -// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation -// that speaks specifically to how the options fields relate to apply. -#ApplyOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // Force is going to "force" Apply requests. It means user will - // re-acquire conflicting fields owned by other people. - force: bool @go(Force) @protobuf(2,varint,opt) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. This - // field is required. - fieldManager: string @go(FieldManager) @protobuf(3,bytes) -} - -// UpdateOptions may be provided when updating an API object. -// All fields in UpdateOptions should also be present in PatchOptions. -#UpdateOptions: { - #TypeMeta - - // When present, indicates that modifications should not be - // persisted. An invalid or unrecognized dryRun directive will - // result in an error response and no further processing of the - // request. Valid values are: - // - All: all dry run stages will be processed - // +optional - dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) - - // fieldManager is a name associated with the actor or entity - // that is making these changes. The value must be less than or - // 128 characters long, and only contain printable characters, - // as defined by https://golang.org/pkg/unicode/#IsPrint. - // +optional - fieldManager?: string @go(FieldManager) @protobuf(2,bytes) - - // fieldValidation instructs the server on how to handle - // objects in the request (POST/PUT/PATCH) containing unknown - // or duplicate fields. Valid values are: - // - Ignore: This will ignore any unknown fields that are silently - // dropped from the object, and will ignore all but the last duplicate - // field that the decoder encounters. This is the default behavior - // prior to v1.23. - // - Warn: This will send a warning via the standard warning response - // header for each unknown field that is dropped from the object, and - // for each duplicate field that is encountered. The request will - // still succeed if there are no other errors, and will only persist - // the last of any duplicate fields. This is the default in v1.23+ - // - Strict: This will fail the request with a BadRequest error if - // any unknown fields would be dropped from the object, or if any - // duplicate fields are present. The error returned from the server - // will contain all unknown and duplicate fields encountered. - // +optional - fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) -} - -// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. -#Preconditions: { - // Specifies the target UID. - // +optional - uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // Specifies the target ResourceVersion - // +optional - resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) -} - -// Status is a return value for calls that don't return other objects. -#Status: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // Status of the operation. - // One of: "Success" or "Failure". - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - // +optional - status?: string @go(Status) @protobuf(2,bytes,opt) - - // A human-readable description of the status of this operation. - // +optional - message?: string @go(Message) @protobuf(3,bytes,opt) - - // A machine-readable description of why this operation is in the - // "Failure" status. If this value is empty there - // is no information available. A Reason clarifies an HTTP status - // code but does not override it. - // +optional - reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) - - // Extended data associated with the reason. Each reason may define its - // own extended details. This field is optional and the data returned - // is not guaranteed to conform to any schema except that defined by - // the reason type. - // +optional - details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) - - // Suggested HTTP return code for this status, 0 if not set. - // +optional - code?: int32 @go(Code) @protobuf(6,varint,opt) -} - -// StatusDetails is a set of additional properties that MAY be set by the -// server to provide additional information about a response. The Reason -// field of a Status object defines what attributes will be set. Clients -// must ignore fields that do not match the defined type of each attribute, -// and should assume that any attribute may be empty, invalid, or under -// defined. -#StatusDetails: { - // The name attribute of the resource associated with the status StatusReason - // (when there is a single name which can be described). - // +optional - name?: string @go(Name) @protobuf(1,bytes,opt) - - // The group attribute of the resource associated with the status StatusReason. - // +optional - group?: string @go(Group) @protobuf(2,bytes,opt) - - // The kind attribute of the resource associated with the status StatusReason. - // On some operations may differ from the requested resource Kind. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - kind?: string @go(Kind) @protobuf(3,bytes,opt) - - // UID of the resource. - // (when there is a single resource which can be described). - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids - // +optional - uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) - - // The Causes array includes more details associated with the StatusReason - // failure. Not all StatusReasons may provide detailed causes. - // +optional - causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) - - // If specified, the time in seconds before the operation should be retried. Some errors may indicate - // the client must take an alternate action - for those errors this field may indicate how long to wait - // before taking the alternate action. - // +optional - retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) -} - -#StatusSuccess: "Success" -#StatusFailure: "Failure" - -// StatusReason is an enumeration of possible failure causes. Each StatusReason -// must map to a single HTTP status code, but multiple reasons may map -// to the same HTTP status code. -// TODO: move to apiserver -#StatusReason: string // #enumStatusReason - -#enumStatusReason: - #StatusReasonUnknown | - #StatusReasonUnauthorized | - #StatusReasonForbidden | - #StatusReasonNotFound | - #StatusReasonAlreadyExists | - #StatusReasonConflict | - #StatusReasonGone | - #StatusReasonInvalid | - #StatusReasonServerTimeout | - #StatusReasonTimeout | - #StatusReasonTooManyRequests | - #StatusReasonBadRequest | - #StatusReasonMethodNotAllowed | - #StatusReasonNotAcceptable | - #StatusReasonRequestEntityTooLarge | - #StatusReasonUnsupportedMediaType | - #StatusReasonInternalError | - #StatusReasonExpired | - #StatusReasonServiceUnavailable - -// StatusReasonUnknown means the server has declined to indicate a specific reason. -// The details field may contain other information about this error. -// Status code 500. -#StatusReasonUnknown: #StatusReason & "" - -// StatusReasonUnauthorized means the server can be reached and understood the request, but requires -// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) -// in order for the action to be completed. If the user has specified credentials on the request, the -// server considers them insufficient. -// Status code 401 -#StatusReasonUnauthorized: #StatusReason & "Unauthorized" - -// StatusReasonForbidden means the server can be reached and understood the request, but refuses -// to take any further action. It is the result of the server being configured to deny access for some reason -// to the requested resource by the client. -// Details (optional): -// "kind" string - the kind attribute of the forbidden resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the forbidden resource -// Status code 403 -#StatusReasonForbidden: #StatusReason & "Forbidden" - -// StatusReasonNotFound means one or more resources required for this operation -// could not be found. -// Details (optional): -// "kind" string - the kind attribute of the missing resource -// on some operations may differ from the requested -// resource. -// "id" string - the identifier of the missing resource -// Status code 404 -#StatusReasonNotFound: #StatusReason & "NotFound" - -// StatusReasonAlreadyExists means the resource you are creating already exists. -// Details (optional): -// "kind" string - the kind attribute of the conflicting resource -// "id" string - the identifier of the conflicting resource -// Status code 409 -#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" - -// StatusReasonConflict means the requested operation cannot be completed -// due to a conflict in the operation. The client may need to alter the -// request. Each resource may define custom details that indicate the -// nature of the conflict. -// Status code 409 -#StatusReasonConflict: #StatusReason & "Conflict" - -// StatusReasonGone means the item is no longer available at the server and no -// forwarding address is known. -// Status code 410 -#StatusReasonGone: #StatusReason & "Gone" - -// StatusReasonInvalid means the requested create or update operation cannot be -// completed due to invalid data provided as part of the request. The client may -// need to alter the request. When set, the client may use the StatusDetails -// message field as a summary of the issues encountered. -// Details (optional): -// "kind" string - the kind attribute of the invalid resource -// "id" string - the identifier of the invalid resource -// "causes" - one or more StatusCause entries indicating the data in the -// provided resource that was invalid. The code, message, and -// field attributes will be set. -// Status code 422 -#StatusReasonInvalid: #StatusReason & "Invalid" - -// StatusReasonServerTimeout means the server can be reached and understood the request, -// but cannot complete the action in a reasonable time. The client should retry the request. -// This is may be due to temporary server load or a transient communication issue with -// another server. Status code 500 is used because the HTTP spec provides no suitable -// server-requested client retry and the 5xx class represents actionable errors. -// Details (optional): -// "kind" string - the kind attribute of the resource being acted on. -// "id" string - the operation that is being attempted. -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 500 -#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" - -// StatusReasonTimeout means that the request could not be completed within the given time. -// Clients can get this response only when they specified a timeout param in the request, -// or if the server cannot complete the operation within a reasonable amount of time. -// The request might succeed with an increased value of timeout param. The client *should* -// wait at least the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 504 -#StatusReasonTimeout: #StatusReason & "Timeout" - -// StatusReasonTooManyRequests means the server experienced too many requests within a -// given window and that the client must wait to perform the action again. A client may -// always retry the request that led to this error, although the client should wait at least -// the number of seconds specified by the retryAfterSeconds field. -// Details (optional): -// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried -// Status code 429 -#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" - -// StatusReasonBadRequest means that the request itself was invalid, because the request -// doesn't make any sense, for example deleting a read-only object. This is different than -// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the -// data was invalid. API calls that return BadRequest can never succeed. -// Status code 400 -#StatusReasonBadRequest: #StatusReason & "BadRequest" - -// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the -// resource was not supported by the code - for instance, attempting to delete a resource that -// can only be created. API calls that return MethodNotAllowed can never succeed. -// Status code 405 -#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" - -// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable -// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. -// API calls that return NotAcceptable can never succeed. -// Status code 406 -#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" - -// StatusReasonRequestEntityTooLarge means that the request entity is too large. -// Status code 413 -#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" - -// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable -// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. -// API calls that return UnsupportedMediaType can never succeed. -// Status code 415 -#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" - -// StatusReasonInternalError indicates that an internal error occurred, it is unexpected -// and the outcome of the call is unknown. -// Details (optional): -// "causes" - The original error -// Status code 500 -#StatusReasonInternalError: #StatusReason & "InternalError" - -// StatusReasonExpired indicates that the request is invalid because the content you are requesting -// has expired and is no longer available. It is typically associated with watches that can't be -// serviced. -// Status code 410 (gone) -#StatusReasonExpired: #StatusReason & "Expired" - -// StatusReasonServiceUnavailable means that the request itself was valid, -// but the requested service is unavailable at this time. -// Retrying the request after some time might succeed. -// Status code 503 -#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" - -// StatusCause provides more information about an api.Status failure, including -// cases when multiple errors are encountered. -#StatusCause: { - // A machine-readable description of the cause of the error. If this value is - // empty there is no information available. - // +optional - reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) - - // A human-readable description of the cause of the error. This field may be - // presented as-is to a reader. - // +optional - message?: string @go(Message) @protobuf(2,bytes,opt) - - // The field of the resource that has caused this error, as named by its JSON - // serialization. May include dot and postfix notation for nested attributes. - // Arrays are zero-indexed. Fields may appear more than once in an array of - // causes due to fields having multiple errors. - // Optional. - // - // Examples: - // "name" - the field "name" on the current resource - // "items[0].name" - the field "name" on the first array entry in "items" - // +optional - field?: string @go(Field) @protobuf(3,bytes,opt) -} - -// CauseType is a machine readable value providing more detail about what -// occurred in a status response. An operation may have multiple causes for a -// status (whether Failure or Success). -#CauseType: string // #enumCauseType - -#enumCauseType: - #CauseTypeFieldValueNotFound | - #CauseTypeFieldValueRequired | - #CauseTypeFieldValueDuplicate | - #CauseTypeFieldValueInvalid | - #CauseTypeFieldValueNotSupported | - #CauseTypeForbidden | - #CauseTypeTooLong | - #CauseTypeTooMany | - #CauseTypeInternal | - #CauseTypeTypeInvalid | - #CauseTypeUnexpectedServerResponse | - #CauseTypeFieldManagerConflict | - #CauseTypeResourceVersionTooLarge - -// CauseTypeFieldValueNotFound is used to report failure to find a requested value -// (e.g. looking up an ID). -#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" - -// CauseTypeFieldValueRequired is used to report required values that are not -// provided (e.g. empty strings, null values, or empty arrays). -#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" - -// CauseTypeFieldValueDuplicate is used to report collisions of values that must be -// unique (e.g. unique IDs). -#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" - -// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex -// match). -#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" - -// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) -// values that can not be handled (e.g. an enumerated string). -#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" - -// CauseTypeForbidden is used to report valid (as per formatting rules) -// values which would be accepted under some conditions, but which are not -// permitted by the current conditions (such as security policy). See -// Forbidden(). -#CauseTypeForbidden: #CauseType & "FieldValueForbidden" - -// CauseTypeTooLong is used to report that the given value is too long. -// This is similar to ErrorTypeInvalid, but the error will not include the -// too-long value. See TooLong(). -#CauseTypeTooLong: #CauseType & "FieldValueTooLong" - -// CauseTypeTooMany is used to report "too many". This is used to -// report that a given list has too many items. This is similar to FieldValueTooLong, -// but the error indicates quantity instead of length. -#CauseTypeTooMany: #CauseType & "FieldValueTooMany" - -// CauseTypeInternal is used to report other errors that are not related -// to user input. See InternalError(). -#CauseTypeInternal: #CauseType & "InternalError" - -// CauseTypeTypeInvalid is for the value did not match the schema type for that field -#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" - -// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client -// without the expected return type. The presence of this cause indicates the error may be -// due to an intervening proxy or the server software malfunctioning. -#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" - -// FieldManagerConflict is used to report when another client claims to manage this field, -// It should only be returned for a request using server-side apply. -#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" - -// CauseTypeResourceVersionTooLarge is used to report that the requested resource version -// is newer than the data observed by the API server, so the request cannot be served. -#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" - -// List holds a list of objects, which may not be known by the server. -#List: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // List of objects - items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) -} - -// APIVersions lists the versions that are available, to allow clients to -// discover the API at /api, which is the root path of the legacy v1 API. -// -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#APIVersions: { - #TypeMeta - - // versions are the api versions that are available. - versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) -} - -// APIGroupList is a list of APIGroup, to allow clients to discover the API at -// /apis. -#APIGroupList: { - #TypeMeta - - // groups is a list of APIGroup. - groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) -} - -// APIGroup contains the name, the supported versions, and the preferred version -// of a group. -#APIGroup: { - #TypeMeta - - // name is the name of the group. - name: string @go(Name) @protobuf(1,bytes,opt) - - // versions are the versions supported in this group. - versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) - - // preferredVersion is the version preferred by the API server, which - // probably is the storage version. - // +optional - preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) - - // a map of client CIDR to server address that is serving this group. - // This is to help clients reach servers in the most network-efficient way possible. - // Clients can use the appropriate server address as per the CIDR that they match. - // In case of multiple matches, clients should use the longest matching CIDR. - // The server returns only those CIDRs that it thinks that the client can match. - // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. - // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. - // +optional - serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) -} - -// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. -#ServerAddressByClientCIDR: { - // The CIDR with which clients can match their IP to figure out the server address that they should use. - clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) - - // Address of this server, suitable for a client that matches the above CIDR. - // This can be a hostname, hostname:port, IP or IP:port. - serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) -} - -// GroupVersion contains the "group/version" and "version" string of a version. -// It is made a struct to keep extensibility. -#GroupVersionForDiscovery: { - // groupVersion specifies the API group and version in the form "group/version" - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // version specifies the version in the form of "version". This is to save - // the clients the trouble of splitting the GroupVersion. - version: string @go(Version) @protobuf(2,bytes,opt) -} - -// APIResource specifies the name of a resource and whether it is namespaced. -#APIResource: { - // name is the plural name of the resource. - name: string @go(Name) @protobuf(1,bytes,opt) - - // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. - // The singularName is more correct for reporting status on a single item and both singular and plural are allowed - // from the kubectl CLI interface. - singularName: string @go(SingularName) @protobuf(6,bytes,opt) - - // namespaced indicates if a resource is namespaced or not. - namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) - - // group is the preferred group of the resource. Empty implies the group of the containing resource list. - // For subresources, this may have a different value, for example: Scale". - group?: string @go(Group) @protobuf(8,bytes,opt) - - // version is the preferred version of the resource. Empty implies the version of the containing resource list - // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". - version?: string @go(Version) @protobuf(9,bytes,opt) - - // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') - kind: string @go(Kind) @protobuf(3,bytes,opt) - - // verbs is a list of supported kube verbs (this includes get, list, watch, create, - // update, patch, delete, deletecollection, and proxy) - verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) - - // shortNames is a list of suggested short names of the resource. - shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) - - // categories is a list of the grouped resources this resource belongs to (e.g. 'all') - categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) - - // The hash value of the storage version, the version this resource is - // converted to when written to the data store. Value must be treated - // as opaque by clients. Only equality comparison on the value is valid. - // This is an alpha feature and may change or be removed in the future. - // The field is populated by the apiserver only if the - // StorageVersionHash feature gate is enabled. - // This field will remain optional even if it graduates. - // +optional - storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) -} - -// Verbs masks the value so protobuf can generate -// -// +protobuf.nullable=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -#Verbs: [...string] - -// APIResourceList is a list of APIResource, it is used to expose the name of the -// resources supported in a specific group and version, and if the resource -// is namespaced. -#APIResourceList: { - #TypeMeta - - // groupVersion is the group and version this APIResourceList is for. - groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) - - // resources contains the name of the resources and if they are namespaced. - resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) -} - -// RootPaths lists the paths available at root. -// For example: "/healthz", "/apis". -#RootPaths: { - // paths are the paths available at root. - paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) -} - -// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. -#Patch: { -} - -// A label selector is a label query over a set of resources. The result of matchLabels and -// matchExpressions are ANDed. An empty label selector matches all objects. A null -// label selector matches no objects. -// +structType=atomic -#LabelSelector: { - // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - // map is equivalent to an element of matchExpressions, whose key field is "key", the - // operator is "In", and the values array contains only "value". The requirements are ANDed. - // +optional - matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) - - // matchExpressions is a list of label selector requirements. The requirements are ANDed. - // +optional - matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) -} - -// A label selector requirement is a selector that contains values, a key, and an operator that -// relates the key and values. -#LabelSelectorRequirement: { - // key is the label key that the selector applies to. - key: string @go(Key) @protobuf(1,bytes,opt) - - // operator represents a key's relationship to a set of values. - // Valid operators are In, NotIn, Exists and DoesNotExist. - operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) - - // values is an array of string values. If the operator is In or NotIn, - // the values array must be non-empty. If the operator is Exists or DoesNotExist, - // the values array must be empty. This array is replaced during a strategic - // merge patch. - // +optional - values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) -} - -// A label selector operator is the set of operators that can be used in a selector requirement. -#LabelSelectorOperator: string // #enumLabelSelectorOperator - -#enumLabelSelectorOperator: - #LabelSelectorOpIn | - #LabelSelectorOpNotIn | - #LabelSelectorOpExists | - #LabelSelectorOpDoesNotExist - -#LabelSelectorOpIn: #LabelSelectorOperator & "In" -#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" -#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" -#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" - -// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource -// that the fieldset applies to. -#ManagedFieldsEntry: { - // Manager is an identifier of the workflow managing these fields. - manager?: string @go(Manager) @protobuf(1,bytes,opt) - - // Operation is the type of operation which lead to this ManagedFieldsEntry being created. - // The only valid values for this field are 'Apply' and 'Update'. - operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) - - // APIVersion defines the version of this resource that this field set - // applies to. The format is "group/version" just like the top-level - // APIVersion field. It is necessary to track the version of a field - // set because it cannot be automatically converted. - apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) - - // Time is the timestamp of when the ManagedFields entry was added. The - // timestamp will also be updated if a field is added, the manager - // changes any of the owned fields value or removes a field. The - // timestamp does not update when a field is removed from the entry - // because another manager took it over. - // +optional - time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) - - // FieldsType is the discriminator for the different fields format and version. - // There is currently only one possible value: "FieldsV1" - fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) - - // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. - // +optional - fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) - - // Subresource is the name of the subresource used to update that object, or - // empty string if the object was updated through the main resource. The - // value of this field is used to distinguish between managers, even if they - // share the same name. For example, a status update will be distinct from a - // regular update using the same manager name. - // Note that the APIVersion field is not related to the Subresource field and - // it always corresponds to the version of the main resource. - subresource?: string @go(Subresource) @protobuf(8,bytes,opt) -} - -// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. -#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType - -#enumManagedFieldsOperationType: - #ManagedFieldsOperationApply | - #ManagedFieldsOperationUpdate - -#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" -#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" - -// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. -// -// Each key is either a '.' representing the field itself, and will always map to an empty set, -// or a string representing a sub-field or item. The string will follow one of these four formats: -// 'f:', where is the name of a field in a struct, or key in a map -// 'v:', where is the exact json formatted value of a list item -// 'i:', where is position of a item in a list -// 'k:', where is a map of a list item's key fields to their unique values -// If a key maps to an empty Fields value, the field that key represents is part of the set. -// -// The exact format is defined in sigs.k8s.io/structured-merge-diff -// +protobuf.options.(gogoproto.goproto_stringer)=false -#FieldsV1: _ - -// Table is a tabular representation of a set of API resources. The server transforms the -// object into a set of preferred columns for quickly reviewing the objects. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=false -#Table: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) - - // columnDefinitions describes each column in the returned items array. The number of cells per row - // will always match the number of column definitions. - columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) - - // rows is the list of items in the table. - rows: [...#TableRow] @go(Rows,[]TableRow) -} - -// TableColumnDefinition contains information about a column returned in the Table. -// +protobuf=false -#TableColumnDefinition: { - // name is a human readable name for the column. - name: string @go(Name) - - // type is an OpenAPI type definition for this column, such as number, integer, string, or - // array. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - type: string @go(Type) - - // format is an optional OpenAPI type modifier for this column. A format modifies the type and - // imposes additional rules, like date or time formatting for a string. The 'name' format is applied - // to the primary identifier column which has type 'string' to assist in clients identifying column - // is the resource name. - // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. - format: string @go(Format) - - // description is a human readable description of this column. - description: string @go(Description) - - // priority is an integer defining the relative importance of this column compared to others. Lower - // numbers are considered higher priority. Columns that may be omitted in limited space scenarios - // should be given a higher priority. - priority: int32 @go(Priority) -} - -// TableRow is an individual row in a table. -// +protobuf=false -#TableRow: { - // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or - // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a - // more detailed description. - cells: [...] @go(Cells,[]interface{}) - - // conditions describe additional status of a row that are relevant for a human user. These conditions - // apply to the row, not to the object, and will be specific to table output. The only defined - // condition type is 'Completed', for a row that indicates a resource that has run to completion and - // can be given less visual priority. - // +optional - conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) - - // This field contains the requested additional information about each object based on the includeObject - // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the - // default serialization of the object for the current API version, and if "Metadata" (the default) will - // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. - // The media type of the object will always match the enclosing list - if this as a JSON table, these - // will be JSON encoded objects. - // +optional - object?: runtime.#RawExtension @go(Object) -} - -// TableRowCondition allows a row to be marked with additional information. -// +protobuf=false -#TableRowCondition: { - // Type of row condition. The only defined value is 'Completed' indicating that the - // object this row represents has reached a completed state and may be given less visual - // priority than other rows. Clients are not required to honor any conditions but should - // be consistent where possible about handling the conditions. - type: #RowConditionType @go(Type) - - // Status of the condition, one of True, False, Unknown. - status: #ConditionStatus @go(Status) - - // (brief) machine readable reason for the condition's last transition. - // +optional - reason?: string @go(Reason) - - // Human readable message indicating details about last transition. - // +optional - message?: string @go(Message) -} - -#RowConditionType: string // #enumRowConditionType - -#enumRowConditionType: - #RowCompleted - -// RowCompleted means the underlying resource has reached completion and may be given less -// visual priority than other resources. -#RowCompleted: #RowConditionType & "Completed" - -#ConditionStatus: string // #enumConditionStatus - -#enumConditionStatus: - #ConditionTrue | - #ConditionFalse | - #ConditionUnknown - -#ConditionTrue: #ConditionStatus & "True" -#ConditionFalse: #ConditionStatus & "False" -#ConditionUnknown: #ConditionStatus & "Unknown" - -// IncludeObjectPolicy controls which portion of the object is returned with a Table. -#IncludeObjectPolicy: string // #enumIncludeObjectPolicy - -#enumIncludeObjectPolicy: - #IncludeNone | - #IncludeMetadata | - #IncludeObject - -// IncludeNone returns no object. -#IncludeNone: #IncludeObjectPolicy & "None" - -// IncludeMetadata serializes the object containing only its metadata field. -#IncludeMetadata: #IncludeObjectPolicy & "Metadata" - -// IncludeObject contains the full object. -#IncludeObject: #IncludeObjectPolicy & "Object" - -// TableOptions are used when a Table is requested by the caller. -// +k8s:conversion-gen:explicit-from=net/url.Values -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#TableOptions: { - #TypeMeta - - // includeObject decides whether to include each object along with its columnar information. - // Specifying "None" will return no object, specifying "Object" will return the full object contents, and - // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind - // in version v1beta1 of the meta.k8s.io API group. - includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) -} - -// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients -// to get access to a particular ObjectMeta schema without knowing the details of the version. -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadata: { - #TypeMeta - - // Standard object's metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - // +optional - metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) -} - -// PartialObjectMetadataList contains a list of objects containing only their metadata -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#PartialObjectMetadataList: { - #TypeMeta - - // Standard list metadata. - // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - // +optional - metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) - - // items contains each of the included items. - items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) -} - -// Condition contains details for one aspect of the current state of this API Resource. -// --- -// This struct is intended for direct use as an array at the field path .status.conditions. For example, -// -// type FooStatus struct{ -// // Represents the observations of a foo's current state. -// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" -// // +patchMergeKey=type -// // +patchStrategy=merge -// // +listType=map -// // +listMapKey=type -// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` -// -// // other fields -// } -#Condition: { - // type of condition in CamelCase or in foo.example.com/CamelCase. - // --- - // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - // useful (see .node.status.conditions), the ability to deconflict is important. - // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` - // +kubebuilder:validation:MaxLength=316 - type: string @go(Type) @protobuf(1,bytes,opt) - - // status of the condition, one of True, False, Unknown. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Enum=True;False;Unknown - status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) - - // observedGeneration represents the .metadata.generation that the condition was set based upon. - // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - // with respect to the current state of the instance. - // +optional - // +kubebuilder:validation:Minimum=0 - observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) - - // lastTransitionTime is the last time the condition transitioned from one status to another. - // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:Type=string - // +kubebuilder:validation:Format=date-time - lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) - - // reason contains a programmatic identifier indicating the reason for the condition's last transition. - // Producers of specific condition types may define expected values and meanings for this field, - // and whether the values are considered a guaranteed API. - // The value should be a CamelCase string. - // This field may not be empty. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=1024 - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` - reason: string @go(Reason) @protobuf(5,bytes,opt) - - // message is a human readable message indicating details about the transition. - // This may be an empty string. - // +required - // +kubebuilder:validation:Required - // +kubebuilder:validation:MaxLength=32768 - message: string @go(Message) @protobuf(6,bytes,opt) -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue deleted file mode 100644 index 12f5f1b6..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue +++ /dev/null @@ -1,30 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 - -package v1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/watch" -) - -// Event represents a single event to a watched resource. -// -// +protobuf=true -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -#WatchEvent: { - type: string @go(Type) @protobuf(1,bytes,opt) - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Error: *Status is recommended; other types may make sense - // depending on context. - object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) -} - -// InternalEvent makes watch.Event versioned -// +protobuf=false -#InternalEvent: watch.#Event diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue deleted file mode 100644 index 43474c39..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// SimpleAllocator a wrapper around make([]byte) -// conforms to the MemoryAllocator interface -#SimpleAllocator: { -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue deleted file mode 100644 index a05de5d5..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue +++ /dev/null @@ -1,37 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// codec binds an encoder and decoder. -_#codec: { - Encoder: #Encoder - Decoder: #Decoder -} - -// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. -#NoopEncoder: { - Decoder: #Decoder -} - -_#noopEncoderIdentifier: #Identifier & "noop" - -// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. -#NoopDecoder: { - Encoder: #Encoder -} - -_#base64Serializer: { - Encoder: #Encoder - Decoder: #Decoder -} - -_#internalGroupVersionerIdentifier: "internal" -_#disabledGroupVersionerIdentifier: "disabled" - -_#internalGroupVersioner: { -} - -_#disabledGroupVersioner: { -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue deleted file mode 100644 index ce6d644c..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime defines conversions between generic types and structs to map query strings -// to struct objects. -package runtime diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue deleted file mode 100644 index f49ad1e3..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// UnstructuredConverter is an interface for converting between interface{} -// and map[string]interface representation. -#UnstructuredConverter: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue deleted file mode 100644 index 89c5c51b..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue +++ /dev/null @@ -1,39 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -// Package runtime includes helper functions for working with API objects -// that follow the kubernetes API object conventions, which are: -// -// 0. Your API objects have a common metadata struct member, TypeMeta. -// -// 1. Your code refers to an internal set of API objects. -// -// 2. In a separate package, you have an external set of API objects. -// -// 3. The external set is considered to be versioned, and no breaking -// changes are ever made to it (fields may be added but not changed -// or removed). -// -// 4. As your api evolves, you'll make an additional versioned package -// with every major change. -// -// 5. Versioned packages have conversion functions which convert to -// and from the internal version. -// -// 6. You'll continue to support older versions according to your -// deprecation policy, and you can easily provide a program/library -// to update old versions into new versions because of 5. -// -// 7. All of your serializations and deserializations are handled in a -// centralized place. -// -// Package runtime provides a conversion helper to make 5 easy, and the -// Encode/Decode/DecodeInto trio to accomplish 7. You can also register -// additional "codecs" which use a version of your choice. It's -// recommended that you register your types with runtime in your -// package's init function. -// -// As a bonus, a few common types useful from all api objects and versions -// are provided in types.go. -package runtime diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue deleted file mode 100644 index d43f15f2..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -_#encodable: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue deleted file mode 100644 index ec8f1f07..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue +++ /dev/null @@ -1,23 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// MultiObjectTyper returns the types of objects across multiple schemes in order. -#MultiObjectTyper: [...#ObjectTyper] - -_#defaultFramer: { -} - -// WithVersionEncoder serializes an object and ensures the GVK is set. -#WithVersionEncoder: { - Version: #GroupVersioner - Encoder: #Encoder - ObjectTyper: #ObjectTyper -} - -// WithoutVersionDecoder clears the group version kind of a deserialized object. -#WithoutVersionDecoder: { - Decoder: #Decoder -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue deleted file mode 100644 index 22abcb62..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue +++ /dev/null @@ -1,165 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// APIVersionInternal may be used if you are registering a type that should not -// be considered stable or serialized - it is a convention only and has no -// special behavior in this package. -#APIVersionInternal: "__internal" - -// GroupVersioner refines a set of possible conversion targets into a single option. -#GroupVersioner: _ - -// Identifier represents an identifier. -// Identitier of two different objects should be equal if and only if for every -// input the output they produce is exactly the same. -#Identifier: string // #enumIdentifier - -#enumIdentifier: - _#noopEncoderIdentifier - -// Encoder writes objects to a serialized form -#Encoder: _ - -// MemoryAllocator is responsible for allocating memory. -// By encapsulating memory allocation into its own interface, we can reuse the memory -// across many operations in places we know it can significantly improve the performance. -#MemoryAllocator: _ - -// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. -#EncoderWithAllocator: _ - -// Decoder attempts to load an object from data. -#Decoder: _ - -// Serializer is the core interface for transforming objects into a serialized format and back. -// Implementations may choose to perform conversion of the object, but no assumptions should be made. -#Serializer: _ - -// Codec is a Serializer that deals with the details of versioning objects. It offers the same -// interface as Serializer, so this is a marker to consumers that care about the version of the objects -// they receive. -#Codec: #Serializer - -// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and -// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing -// and the desired version must be specified. -#ParameterCodec: _ - -// Framer is a factory for creating readers and writers that obey a particular framing pattern. -#Framer: _ - -// SerializerInfo contains information about a specific serialization format -#SerializerInfo: { - // MediaType is the value that represents this serializer over the wire. - MediaType: string - - // MediaTypeType is the first part of the MediaType ("application" in "application/json"). - MediaTypeType: string - - // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). - MediaTypeSubType: string - - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the individual object serializer for this media type. - Serializer: #Serializer - - // PrettySerializer, if set, can serialize this object in a form biased towards - // readability. - PrettySerializer: #Serializer - - // StrictSerializer, if set, deserializes this object strictly, - // erring on unknown fields. - StrictSerializer: #Serializer - - // StreamSerializer, if set, describes the streaming serialization format - // for this media type. - StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) -} - -// StreamSerializerInfo contains information about a specific stream serialization format -#StreamSerializerInfo: { - // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. - EncodesAsText: bool - - // Serializer is the top level object serializer for this type when streaming - Serializer: #Serializer - - // Framer is the factory for retrieving streams that separate objects on the wire - Framer: #Framer -} - -// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers -// for multiple supported media types. This would commonly be accepted by a server component -// that performs HTTP content negotiation to accept multiple formats. -#NegotiatedSerializer: _ - -// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. -// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from -// a NegotiatedSerializer. -#ClientNegotiator: _ - -// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers -// that can read and write data at rest. This would commonly be used by client tools that must -// read files, or server side storage interfaces that persist restful objects. -#StorageSerializer: _ - -// NestedObjectEncoder is an optional interface that objects may implement to be given -// an opportunity to encode any nested Objects / RawExtensions during serialization. -#NestedObjectEncoder: _ - -// NestedObjectDecoder is an optional interface that objects may implement to be given -// an opportunity to decode any nested Objects / RawExtensions during serialization. -// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding -// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). -// As such it is important for callers of DecodeNestedObjects to check to confirm whether -// an error is a runtime.StrictDecodingError before short circuiting. -// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError -// is only returned when the rest of decoding has succeeded. -#NestedObjectDecoder: _ - -#ObjectDefaulter: _ - -#ObjectVersioner: _ - -// ObjectConvertor converts an object to a different version. -#ObjectConvertor: _ - -// ObjectTyper contains methods for extracting the APIVersion and Kind -// of objects. -#ObjectTyper: _ - -// ObjectCreater contains methods for instantiating an object by kind and version. -#ObjectCreater: _ - -// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource -#EquivalentResourceMapper: _ - -// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, -// and allows registering known resource[/subresource] -> kind -#EquivalentResourceRegistry: _ - -// ResourceVersioner provides methods for setting and retrieving -// the resource version from an API object. -#ResourceVersioner: _ - -// Namer provides methods for retrieving name and namespace of an API object. -#Namer: _ - -// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are -// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows -// serializers to set the kind, version, and group the object is represented as. An Object may choose -// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. -#Object: _ - -// CacheableObject allows an object to cache its different serializations -// to avoid performing the same serialization multiple times. -#CacheableObject: _ - -// Unstructured objects store values as map[string]interface{}, with only values that can be serialized -// to JSON allowed. -#Unstructured: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue deleted file mode 100644 index 7580f467..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// NegotiateError is returned when a ClientNegotiator is unable to locate -// a serializer for the requested operation. -#NegotiateError: { - ContentType: string - Stream: bool -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue deleted file mode 100644 index bd9c409a..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Splice is the interface that wraps the Splice method. -// -// Splice moves data from given slice without copying the underlying data for -// efficiency purpose. Therefore, the caller should make sure the underlying -// data is not changed later. -#Splice: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue deleted file mode 100644 index 9dfc078b..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue +++ /dev/null @@ -1,14 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// Pair of strings. We keed the name of fields and the doc -#Pair: { - Name: string - Doc: string -} - -// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself -#KubeTypes: [...#Pair] diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue deleted file mode 100644 index d1ee609a..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue +++ /dev/null @@ -1,97 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, -// like this: -// -// type MyAwesomeAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// ... // other fields -// } -// -// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind -// -// TypeMeta is provided here for convenience. You may use it directly from this package or define -// your own with the same fields. -// -// +k8s:deepcopy-gen=false -// +protobuf=true -// +k8s:openapi-gen=true -#TypeMeta: { - // +optional - apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) - - // +optional - kind?: string @go(Kind) @protobuf(2,bytes,opt) -} - -#ContentTypeJSON: "application/json" -#ContentTypeYAML: "application/yaml" -#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" - -// RawExtension is used to hold extensions in external versions. -// -// To use this, make a field which has RawExtension as its type in your external, versioned -// struct, and Object in your internal struct. You also need to register your -// various plugin types. -// -// // Internal package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.Object `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // External package: -// -// type MyAPIObject struct { -// runtime.TypeMeta `json:",inline"` -// MyPlugin runtime.RawExtension `json:"myPlugin"` -// } -// -// type PluginA struct { -// AOption string `json:"aOption"` -// } -// -// // On the wire, the JSON will look something like this: -// -// { -// "kind":"MyAPIObject", -// "apiVersion":"v1", -// "myPlugin": { -// "kind":"PluginA", -// "aOption":"foo", -// }, -// } -// -// So what happens? Decode first uses json or yaml to unmarshal the serialized data into -// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. -// The next step is to copy (using pkg/conversion) into the internal struct. The runtime -// package's DefaultScheme has conversion functions installed which will unpack the -// JSON stored in RawExtension, turning it into the correct object type, and storing it -// in the Object. (TODO: In the case where the object is of an unknown type, a -// runtime.Unknown object will be created and stored.) -// -// +k8s:deepcopy-gen=true -// +protobuf=true -// +k8s:openapi-gen=true -#RawExtension: _ - -// Unknown allows api objects with unknown types to be passed-through. This can be used -// to deal with the API objects from a plug-in. Unknown objects still have functioning -// TypeMeta features-- kind, version, etc. -// TODO: Make this object have easy access to field based accessors and settors for -// metadata and field mutatation. -// -// +k8s:deepcopy-gen=true -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +protobuf=true -// +k8s:openapi-gen=true -#Unknown: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue deleted file mode 100644 index 8b8ddf89..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue +++ /dev/null @@ -1,9 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/runtime - -package runtime - -#ProtobufMarshaller: _ - -#ProtobufReverseMarshaller: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue deleted file mode 100644 index bfb4bcda..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue +++ /dev/null @@ -1,6 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -// Package types implements various generic types used throughout kubernetes. -package types diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue deleted file mode 100644 index 7cb2745a..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -#NamespacedName: { - Namespace: string - Name: string -} - -#Separator: 47 // '/' diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue deleted file mode 100644 index 8b264b80..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// NodeName is a type that holds a api.Node's Name identifier. -// Being a type captures intent and helps make sure that the node name -// is not confused with similar concepts (the hostname, the cloud provider id, -// the cloud provider name etc) -// -// To clarify the various types: -// -// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. -// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. -// -// - Hostname is the hostname of the local machine (from uname -n). -// However, some components allow the user to pass in a --hostname-override flag, -// which will override this in most places. In the absence of anything more meaningful, -// kubelet will use Hostname as the Node.Name when it creates the Node. -// -// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. -// -// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the -// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up -// to the cloudprovider how to do this mapping. -// -// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the -// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if -// we are using a custom DHCP domain it won't be. -#NodeName: string diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue deleted file mode 100644 index 3de5d80f..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// Similarly to above, these are constants to support HTTP PATCH utilized by -// both the client and server that didn't make sense for a whole package to be -// dedicated to. -#PatchType: string // #enumPatchType - -#enumPatchType: - #JSONPatchType | - #MergePatchType | - #StrategicMergePatchType | - #ApplyPatchType - -#JSONPatchType: #PatchType & "application/json-patch+json" -#MergePatchType: #PatchType & "application/merge-patch+json" -#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" -#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue deleted file mode 100644 index 40bdd828..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/types - -package types - -// UID is a type that holds unique ID values, including UUIDs. Because we -// don't ONLY use UUIDs, this is an alias to string. Being a type captures -// intent and helps make sure that UIDs and names do not get conflated. -#UID: string diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue deleted file mode 100644 index 2c8cc365..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue +++ /dev/null @@ -1,31 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr - -package intstr - -// IntOrString is a type that can hold an int32 or a string. When used in -// JSON or YAML marshalling and unmarshalling, it produces or consumes the -// inner type. This allows you to have, for example, a JSON field that can -// accept a name or number. -// TODO: Rename to Int32OrString -// -// +protobuf=true -// +protobuf.options.(gogoproto.goproto_stringer)=false -// +k8s:openapi-gen=true -#IntOrString: _ - -// Type represents the stored type of IntOrString. -#Type: int64 // #enumType - -#enumType: - #Int | - #String - -#values_Type: { - Int: #Int - String: #String -} - -#Int: #Type & 0 -#String: #Type & 1 diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue deleted file mode 100644 index bc1b9189..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue +++ /dev/null @@ -1,7 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -// Package watch contains a generic watchable interface, and a fake for -// testing code that uses the watch interface. -package watch diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue deleted file mode 100644 index 045e8ec8..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue +++ /dev/null @@ -1,10 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Recorder records all events that are sent from the watch until it is closed. -#Recorder: { - Interface: #Interface -} diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue deleted file mode 100644 index dcf72d5b..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue +++ /dev/null @@ -1,25 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch -// channel is full. -#FullChannelBehavior: int // #enumFullChannelBehavior - -#enumFullChannelBehavior: - #WaitIfChannelFull | - #DropIfChannelFull - -#values_FullChannelBehavior: { - WaitIfChannelFull: #WaitIfChannelFull - DropIfChannelFull: #DropIfChannelFull -} - -#WaitIfChannelFull: #FullChannelBehavior & 0 -#DropIfChannelFull: #FullChannelBehavior & 1 - -_#incomingQueueLength: 25 - -_#internalRunFunctionMarker: "internal-do-function" diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue deleted file mode 100644 index f0805cfb..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue +++ /dev/null @@ -1,12 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. -#Decoder: _ - -// Reporter hides the details of how an error is turned into a runtime.Object for -// reporting on a watch stream since this package may not import a higher level report. -#Reporter: _ diff --git a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue deleted file mode 100644 index 0db2e6be..00000000 --- a/test/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by cue get go. DO NOT EDIT. - -//cue:generate cue get go k8s.io/apimachinery/pkg/watch - -package watch - -import "k8s.io/apimachinery/pkg/runtime" - -// Interface can be implemented by anything that knows how to watch and report changes. -#Interface: _ - -// EventType defines the possible types of events. -#EventType: string // #enumEventType - -#enumEventType: - #Added | - #Modified | - #Deleted | - #Bookmark | - #Error - -#Added: #EventType & "ADDED" -#Modified: #EventType & "MODIFIED" -#Deleted: #EventType & "DELETED" -#Bookmark: #EventType & "BOOKMARK" -#Error: #EventType & "ERROR" - -// Event represents a single event to a watched resource. -// +k8s:deepcopy-gen=true -#Event: { - Type: #EventType - - // Object is: - // * If Type is Added or Modified: the new state of the object. - // * If Type is Deleted: the state of the object immediately before deletion. - // * If Type is Bookmark: the object (instance of a type being watched) where - // only ResourceVersion field is set. On successful restart of watch from a - // bookmark resourceVersion, client is guaranteed to not get repeat event - // nor miss any events. - // * If Type is Error: *api.Status is recommended; other types may make sense - // depending on context. - Object: runtime.#Object -} - -// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. -#RaceFreeFakeWatcher: { - Stopped: bool -} diff --git a/test/cue.mod/module.cue b/test/cue.mod/module.cue deleted file mode 100644 index 1507ea27..00000000 --- a/test/cue.mod/module.cue +++ /dev/null @@ -1,2 +0,0 @@ -module: "timoni.sh/test" -language: version: "v0.9.0" diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue deleted file mode 100644 index 2c579e99..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Action holds the list of annotations for controlling -// Timoni's apply behaviour of Kubernetes resources. -Action: { - // Force annotation for recreating immutable resources such as Kubernetes Jobs. - Force: { - "action.timoni.sh/force": ActionStatus.Enabled - } - // One-off annotation for appling resources only if they don't exist on the cluster. - Oneoff: { - "action.timoni.sh/one-off": ActionStatus.Enabled - } - // Keep annotation for preventing Timoni's garbage collector from deleting resources. - Keep: { - "action.timoni.sh/prune": ActionStatus.Disabled - } -} - -ActionStatus: { - Enabled: "enabled" - Disabled: "disabled" -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue deleted file mode 100644 index 1535ea43..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strings" -) - -// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. -#Image: { - - // Repository is the address of a container registry repository. - // An image repository is made up of slash-separated name components, optionally - // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. - repository!: string - - // Tag identifies an image in the repository. - // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. - // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. - tag!: string & strings.MaxRunes(128) - - // Digest uniquely and immutably identifies an image in the repository. - // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. - digest!: string - - // PullPolicy defines the pull policy for the image. - // By default, it is set to IfNotPresent. - pullPolicy: *"IfNotPresent" | "Always" | "Never" - - // Reference is the image address computed from repository, tag and digest - // in the format [REPOSITORY]:[TAG]@[DIGEST]. - reference: string - - if digest != "" && tag != "" { - reference: "\(repository):\(tag)@\(digest)" - } - - if digest != "" && tag == "" { - reference: "\(repository)@\(digest)" - } - - if digest == "" && tag != "" { - reference: "\(repository):\(tag)" - } - - if digest == "" && tag == "" { - reference: "\(repository):latest" - } -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue deleted file mode 100644 index 19f09896..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/imagepullsecret.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/base64" - "strings" -) - -// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. -// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. -#ImagePullSecret: { - // Metadata is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. - #Registry!: string - - // Username is the username used to authenticate to the container registry. - #Username!: string - - // Password is the password used to authenticate to the container registry. - #Password!: string - - // Optional suffix used to generate the Secret name. - #Suffix: *"" | string & strings.MaxRunes(30) - - let auth = base64.Encode(null, #Username+":"+#Password) - - apiVersion: "v1" - kind: "Secret" - type: "kubernetes.io/dockerconfigjson" - metadata: { - name: #Meta.name + #Suffix - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - stringData: { - ".dockerconfigjson": """ - {"auths": {"\(#Registry)": {"username": "\(#Username)","password": "\(#Password)","auth": "\(auth)"}}} - """ - } -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue deleted file mode 100644 index 7b31c23e..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright 2024 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "encoding/json" - "strings" - "uuid" -) - -#ConfigMapKind: "ConfigMap" -#SecretKind: "Secret" - -// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. -// The metadata.name of the generated object is suffixed with the hash of the input data. -#ImmutableConfig: { - // Kind of the generated object. - #Kind: *#ConfigMapKind | #SecretKind - - // Metadata of the generated object. - #Meta: #Metadata - - // Optional suffix appended to the generate name. - #Suffix: *"" | string - - // Data of the generated object. - #Data: {[string]: string} - - let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] - - apiVersion: "v1" - kind: #Kind - metadata: { - name: #Meta.name + #Suffix + "-" + hash - namespace: #Meta.namespace - labels: #Meta.labels - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - } - immutable: true - if kind == #ConfigMapKind { - data: #Data - } - if kind == #SecretKind { - stringData: #Data - } -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue deleted file mode 100644 index ad96b062..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// InstanceName defines the schema for the name of a Timoni instance. -// The instance name is used as a Kubernetes label value and must be 63 characters or less. -#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceNamespace defines the schema for the namespace of a Timoni instance. -// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. -#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) - -// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. -#InstanceOwnerReference: { - #Name: "instance.timoni.sh/name" - #Namespace: "instance.timoni.sh/namespace" -} - -// InstanceModule defines the schema for the Module of a Timoni instance. -#InstanceModule: { - url: string & =~"^((oci|file)://.*)$" - version: *"latest" | string - digest?: string -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue deleted file mode 100644 index 188ff505..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue +++ /dev/null @@ -1,120 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// Annotations defines the schema for Kubernetes object metadata annotations. -#Annotations: {[string & strings.MaxRunes(253)]: string} - -// Labels defines the schema for Kubernetes object metadata labels. -#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} - -#StdLabelName: "app.kubernetes.io/name" -#StdLabelVersion: "app.kubernetes.io/version" -#StdLabelPartOf: "app.kubernetes.io/part-of" -#StdLabelManagedBy: "app.kubernetes.io/managed-by" -#StdLabelComponent: "app.kubernetes.io/component" -#StdLabelInstance: "app.kubernetes.io/instance" - -// Metadata defines the schema for Kubernetes object metadata. -#Metadata: { - // Version should be in the strict semver format. Is required when creating resources. - #Version!: string & strings.MaxRunes(63) - - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - name!: #InstanceName - - // Namespace defines the space within which each name must be unique. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces - namespace!: #InstanceNamespace - - // Annotations is an unstructured key value map stored with a resource that may be - // set to store and retrieve arbitrary metadata. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations - annotations?: #Annotations - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes labels: app name, version and managed-by. - labels: { - (#StdLabelName): name - (#StdLabelVersion): #Version - (#StdLabelManagedBy): "timoni" - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name label. - #LabelSelector: #Labels & { - (#StdLabelName): name - } - - // Finalizers are namespaced keys that tell Kubernetes to wait until specific conditions - // are met before it fully deletes resources marked for deletion. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/ - finalizers?: [...string] -} - -// MetaComponent generates the Kubernetes object metadata for a module namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - namespace: #Meta.namespace - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} - -// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. -// The metadata.name is composed of the instance name and the component name. -// The metadata.namespace is unset. -// The metadata.labels contain the app.kubernetes.io/component label. -#MetaClusterComponent: { - // Meta is the Kubernetes object's metadata generated by Timoni. - #Meta!: #Metadata - - // Component is the name of the component used - // as a suffix for the generate object name. - #Component!: string & strings.MaxRunes(30) - - name: #Meta.name + "-" + #Component - - labels: #Meta.labels - labels: (#StdLabelComponent): #Component - - annotations?: #Annotations - if #Meta.annotations != _|_ { - annotations: #Meta.annotations - } - - // LabelSelector selects Pods based on the app.kubernetes.io/name - // and app.kubernetes.io/component labels. - #LabelSelector: #Labels & { - (#StdLabelComponent): #Component - (#StdLabelName): #Meta.name - } -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue deleted file mode 100644 index 1dcdb699..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import "strings" - -// ObjectReference is a reference to a Kubernetes object. -#ObjectReference: { - // Name of the referent. - name!: string & strings.MaxRunes(256) - - // Namespace of the referent. - namespace?: string & strings.MaxRunes(256) - - // API version of the referent. - apiVersion?: string & strings.MaxRunes(256) - - // Kind of the referent. - kind?: string & strings.MaxRunes(256) -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue deleted file mode 100644 index d3b5573a..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. -#CPUQuantity: string & =~"^[1-9]\\d*m$" - -// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. -#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" - -// ResourceRequirement defines the schema for the CPU and Memory resource requirements. -#ResourceRequirement: { - cpu?: #CPUQuantity - memory?: #MemoryQuantity -} - -// ResourceRequirements defines the schema for the compute resource requirements of a container. -// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. -#ResourceRequirements: { - // Limits describes the maximum amount of compute resources allowed. - limits?: #ResourceRequirement - - // Requests describes the minimum amount of compute resources required. - // Requests cannot exceed Limits. - requests?: #ResourceRequirement & { - if limits != _|_ { - if limits.cpu != _|_ { - _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) - _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) - #cpu: int & >=_rc & _lc - } - } - } -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue deleted file mode 100644 index 9c4f2384..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. -#Selector: { - // Name must be unique within a namespace. Is required when creating resources. - // Name is primarily intended for creation idempotence and configuration definition. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names - #Name!: #InstanceName - - // Map of string keys and values that can be used to organize and categorize (scope and select) objects. - // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels - labels: #Labels - - // Standard Kubernetes label: app name. - labels: (#StdLabelName): #Name -} diff --git a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue deleted file mode 100644 index ecd1e397..00000000 --- a/test/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2023 Stefan Prodan -// SPDX-License-Identifier: Apache-2.0 - -package v1alpha1 - -import ( - "strconv" - "strings" -) - -// SemVer validates the input version string and extracts the major and minor version numbers. -// When Minimum is set, the major and minor parts must be greater or equal to the minimum -// or a validation error is returned. -#SemVer: { - // Input version string in strict semver format. - #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - // Minimum is the minimum allowed MAJOR.MINOR version. - #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" - - let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) - let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) - - major: int & >=minMajor - major: strconv.Atoi(strings.Split(#Version, ".")[0]) - - minor: int & >=minMinor - minor: strconv.Atoi(strings.Split(#Version, ".")[1]) -} diff --git a/test/debug_tool.cue b/test/debug_tool.cue deleted file mode 100644 index cf9c1472..00000000 --- a/test/debug_tool.cue +++ /dev/null @@ -1,35 +0,0 @@ -package main - -import ( - "tool/cli" - "encoding/yaml" - "text/tabwriter" -) - -_resources: timoni.apply.app + timoni.apply.test - -// The build command generates the Kubernetes manifests and prints the multi-docs YAML to stdout. -// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. -command: build: { - task: print: cli.Print & { - text: yaml.MarshalStream(_resources) - } -} - -// The ls command prints a table with the Kubernetes resources kind, namespace, name and version. -// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 ls'. -command: ls: { - task: print: cli.Print & { - text: tabwriter.Write([ - "RESOURCE \tAPI VERSION", - for r in _resources { - if r.metadata.namespace == _|_ { - "\(r.kind)/\(r.metadata.name) \t\(r.apiVersion)" - } - if r.metadata.namespace != _|_ { - "\(r.kind)/\(r.metadata.namespace)/\(r.metadata.name) \t\(r.apiVersion)" - } - }, - ]) - } -} diff --git a/test/debug_values.cue b/test/debug_values.cue deleted file mode 100644 index d888c34f..00000000 --- a/test/debug_values.cue +++ /dev/null @@ -1,30 +0,0 @@ -@if(debug) - -package main - -// Values used by debug_tool.cue. -// Debug example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. -values: { - podAnnotations: "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" - message: "Hello Debug" - image: { - repository: "docker.io/nginx" - tag: "1-alpine" - digest: "" - } - test: { - enabled: true - image: { - repository: "docker.io/curlimages/curl" - tag: "latest" - digest: "" - } - } - affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [{ - matchExpressions: [{ - key: "kubernetes.io/os" - operator: "In" - values: ["linux"] - }] - }] -} diff --git a/test/templates/config.cue b/test/templates/config.cue deleted file mode 100644 index 5769b01f..00000000 --- a/test/templates/config.cue +++ /dev/null @@ -1,113 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -// Config defines the schema and defaults for the Instance values. -#Config: { - // The kubeVersion is a required field, set at apply-time - // via timoni.cue by querying the user's Kubernetes API. - kubeVersion!: string - // Using the kubeVersion you can enforce a minimum Kubernetes minor version. - // By default, the minimum Kubernetes version is set to 1.20. - clusterVersion: timoniv1.#SemVer & {#Version: kubeVersion, #Minimum: "1.20.0"} - - // The moduleVersion is set from the user-supplied module version. - // This field is used for the `app.kubernetes.io/version` label. - moduleVersion!: string - - // The Kubernetes metadata common to all resources. - // The `metadata.name` and `metadata.namespace` fields are - // set from the user-supplied instance name and namespace. - metadata: timoniv1.#Metadata & {#Version: moduleVersion} - - // The labels allows adding `metadata.labels` to all resources. - // The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels - // are automatically generated and can't be overwritten. - metadata: labels: timoniv1.#Labels - - // The annotations allows adding `metadata.annotations` to all resources. - metadata: annotations?: timoniv1.#Annotations - - // The selector allows adding label selectors to Deployments and Services. - // The `app.kubernetes.io/name` label selector is automatically generated - // from the instance name and can't be overwritten. - selector: timoniv1.#Selector & {#Name: metadata.name} - - // The image allows setting the container image repository, - // tag, digest and pull policy. - // The default image repository and tag is set in `values.cue`. - image!: timoniv1.#Image - - // The resources allows setting the container resource requirements. - // By default, the container requests 10m CPU and 32Mi memory. - resources: timoniv1.#ResourceRequirements & { - requests: { - cpu: *"10m" | timoniv1.#CPUQuantity - memory: *"32Mi" | timoniv1.#MemoryQuantity - } - } - - // The number of pods replicas. - // By default, the number of replicas is 1. - replicas: *1 | int & >0 - - // The securityContext allows setting the container security context. - // By default, the container is denined privilege escalation. - securityContext: corev1.#SecurityContext & { - allowPrivilegeEscalation: *false | true - privileged: *false | true - capabilities: - { - drop: *["ALL"] | [string] - add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] - } - } - - // The service allows setting the Kubernetes Service annotations and port. - // By default, the HTTP port is 80. - service: { - annotations?: timoniv1.#Annotations - - port: *80 | int & >0 & <=65535 - } - - // Pod optional settings. - podAnnotations?: {[string]: string} - podSecurityContext?: corev1.#PodSecurityContext - imagePullSecrets?: [...timoniv1.#ObjectReference] - tolerations?: [...corev1.#Toleration] - affinity?: corev1.#Affinity - topologySpreadConstraints?: [...corev1.#TopologySpreadConstraint] - - // Test Job disabled by default. - test: { - enabled: *false | bool - image!: timoniv1.#Image - } - - // App settings. - message!: string -} - -// Instance takes the config values and outputs the Kubernetes objects. -#Instance: { - config: #Config - - objects: { - sa: #ServiceAccount & {#config: config} - svc: #Service & {#config: config} - cm: #ConfigMap & {#config: config} - - deploy: #Deployment & { - #config: config - #cmName: objects.cm.metadata.name - } - } - - tests: { - "test-svc": #TestJob & {#config: config} - } -} diff --git a/test/templates/configmap.cue b/test/templates/configmap.cue deleted file mode 100644 index 7f591f15..00000000 --- a/test/templates/configmap.cue +++ /dev/null @@ -1,55 +0,0 @@ -package templates - -import ( - timoniv1 "timoni.sh/core/v1alpha1" -) - -#ConfigMap: timoniv1.#ImmutableConfig & { - #config: #Config - #Kind: timoniv1.#ConfigMapKind - #Meta: #config.metadata - #Data: { - "nginx.default.conf": """ - server { - listen 8080; - server_name \(#config.metadata.name); - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - location /healthz { - access_log off; - default_type text/plain; - return 200 "OK"; - } - - error_page 404 /404.html; - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - } - """ - "index.html": """ - - - - - - \(#config.metadata.name) - - - -

\(#config.message) from \(#config.metadata.name)!

-

If you see this page, the \(#config.metadata.name) instance is successfully deployed in the \(#config.metadata.namespace) namespace by Timoni.

- - - """ - } -} diff --git a/test/templates/deployment.cue b/test/templates/deployment.cue deleted file mode 100644 index e73b35eb..00000000 --- a/test/templates/deployment.cue +++ /dev/null @@ -1,104 +0,0 @@ -package templates - -import ( - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" -) - -#Deployment: appsv1.#Deployment & { - #config: #Config - #cmName: string - apiVersion: "apps/v1" - kind: "Deployment" - metadata: #config.metadata - spec: appsv1.#DeploymentSpec & { - replicas: #config.replicas - selector: matchLabels: #config.selector.labels - template: { - metadata: { - labels: #config.selector.labels - if #config.podAnnotations != _|_ { - annotations: #config.podAnnotations - } - } - spec: corev1.#PodSpec & { - serviceAccountName: #config.metadata.name - containers: [ - { - name: #config.metadata.name - image: #config.image.reference - imagePullPolicy: #config.image.pullPolicy - ports: [ - { - name: "http" - containerPort: 8080 - protocol: "TCP" - }, - ] - livenessProbe: { - httpGet: { - path: "/healthz" - port: "http" - } - } - readinessProbe: { - httpGet: { - path: "/healthz" - port: "http" - } - } - volumeMounts: [ - { - mountPath: "/etc/nginx/conf.d" - name: "config" - }, - { - mountPath: "/usr/share/nginx/html" - name: "html" - }, - ] - resources: #config.resources - securityContext: #config.securityContext - }, - ] - volumes: [ - { - name: "config" - configMap: { - name: #cmName - items: [{ - key: "nginx.default.conf" - path: key - }] - } - }, - { - name: "html" - configMap: { - name: #cmName - items: [{ - key: "index.html" - path: key - }] - } - }, - ] - if #config.podSecurityContext != _|_ { - securityContext: #config.podSecurityContext - } - if #config.topologySpreadConstraints != _|_ { - topologySpreadConstraints: #config.topologySpreadConstraints - } - if #config.affinity != _|_ { - affinity: #config.affinity - } - if #config.tolerations != _|_ { - tolerations: #config.tolerations - } - if #config.imagePullSecrets != _|_ { - imagePullSecrets: #config.imagePullSecrets - } - } - } - } -} diff --git a/test/templates/job.cue b/test/templates/job.cue deleted file mode 100644 index 80b9bdf8..00000000 --- a/test/templates/job.cue +++ /dev/null @@ -1,58 +0,0 @@ -package templates - -import ( - "encoding/yaml" - "uuid" - - corev1 "k8s.io/api/core/v1" - batchv1 "k8s.io/api/batch/v1" - timoniv1 "timoni.sh/core/v1alpha1" -) - -#TestJob: batchv1.#Job & { - #config: #Config - apiVersion: "batch/v1" - kind: "Job" - metadata: timoniv1.#MetaComponent & { - #Meta: #config.metadata - #Component: "test" - } - metadata: annotations: timoniv1.Action.Force - spec: batchv1.#JobSpec & { - template: corev1.#PodTemplateSpec & { - let _checksum = uuid.SHA1(uuid.ns.DNS, yaml.Marshal(#config)) - metadata: annotations: "timoni.sh/checksum": "\(_checksum)" - spec: { - containers: [{ - name: "curl" - image: #config.test.image.reference - imagePullPolicy: #config.test.image.pullPolicy - command: [ - "curl", - "-v", - "-m", - "5", - "\(#config.metadata.name):\(#config.service.port)", - ] - }] - restartPolicy: "Never" - if #config.podSecurityContext != _|_ { - securityContext: #config.podSecurityContext - } - if #config.topologySpreadConstraints != _|_ { - topologySpreadConstraints: #config.topologySpreadConstraints - } - if #config.affinity != _|_ { - affinity: #config.affinity - } - if #config.tolerations != _|_ { - tolerations: #config.tolerations - } - if #config.imagePullSecrets != _|_ { - imagePullSecrets: #config.imagePullSecrets - } - } - } - backoffLimit: 1 - } -} diff --git a/test/templates/service.cue b/test/templates/service.cue deleted file mode 100644 index e6dbe5cf..00000000 --- a/test/templates/service.cue +++ /dev/null @@ -1,27 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#Service: corev1.#Service & { - #config: #Config - apiVersion: "v1" - kind: "Service" - metadata: #config.metadata - if #config.service.annotations != _|_ { - metadata: annotations: #config.service.annotations - } - spec: corev1.#ServiceSpec & { - type: corev1.#ServiceTypeClusterIP - selector: #config.selector.labels - ports: [ - { - port: #config.service.port - protocol: "TCP" - name: "http" - targetPort: name - }, - ] - } -} diff --git a/test/templates/serviceaccount.cue b/test/templates/serviceaccount.cue deleted file mode 100644 index f07f5748..00000000 --- a/test/templates/serviceaccount.cue +++ /dev/null @@ -1,12 +0,0 @@ -package templates - -import ( - corev1 "k8s.io/api/core/v1" -) - -#ServiceAccount: corev1.#ServiceAccount & { - #config: #Config - apiVersion: "v1" - kind: "ServiceAccount" - metadata: #config.metadata -} diff --git a/test/timoni.cue b/test/timoni.cue deleted file mode 100644 index 7a0f360c..00000000 --- a/test/timoni.cue +++ /dev/null @@ -1,47 +0,0 @@ -// Code generated by timoni. -// Note that this file is required and should contain -// the values schema and the timoni workflow. - -package main - -import ( - templates "timoni.sh/test/templates" -) - -// Define the schema for the user-supplied values. -// At runtime, Timoni injects the supplied values -// and validates them according to the Config schema. -values: templates.#Config - -// Define how Timoni should build, validate and -// apply the Kubernetes resources. -timoni: { - apiVersion: "v1alpha1" - - // Define the instance that outputs the Kubernetes resources. - // At runtime, Timoni builds the instance and validates - // the resulting resources according to their Kubernetes schema. - instance: templates.#Instance & { - // The user-supplied values are merged with the - // default values at runtime by Timoni. - config: values - // These values are injected at runtime by Timoni. - config: { - metadata: { - name: string @tag(name) - namespace: string @tag(namespace) - } - moduleVersion: string @tag(mv, var=moduleVersion) - kubeVersion: string @tag(kv, var=kubeVersion) - } - } - - // Pass Kubernetes resources outputted by the instance - // to Timoni's multi-step apply. - apply: app: [for obj in instance.objects {obj}] - - // Conditionally run tests after an install or upgrade. - if instance.config.test.enabled { - apply: test: [for obj in instance.tests {obj}] - } -} diff --git a/test/timoni.ignore b/test/timoni.ignore deleted file mode 100644 index 0722c348..00000000 --- a/test/timoni.ignore +++ /dev/null @@ -1,14 +0,0 @@ -# VCS -.git/ -.gitignore -.gitmodules -.gitattributes - -# Go -vendor/ -go.mod -go.sum - -# CUE -*_tool.cue -debug_values.cue diff --git a/test/values.cue b/test/values.cue deleted file mode 100644 index 140dcda8..00000000 --- a/test/values.cue +++ /dev/null @@ -1,21 +0,0 @@ -// Code generated by timoni. -// Note that this file must have no imports and all values must be concrete. - -@if(!debug) - -package main - -// Defaults -values: { - message: "Hello World" - image: { - repository: "cgr.dev/chainguard/nginx" - digest: "sha256:3dd8fa303f77d7eb6ce541cb05009a5e8723bd7e3778b95131ab4a2d12fadb8f" - tag: "1.25.3" - } - test: image: { - repository: "cgr.dev/chainguard/curl" - digest: "" - tag: "latest" - } -} From 0951feb245280801327dd8bcac8bcb027a6140a1 Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 14:36:38 -0800 Subject: [PATCH 16/17] wip: cleanup --- blueprint.cue | 5 ----- 1 file changed, 5 deletions(-) diff --git a/blueprint.cue b/blueprint.cue index a51439d2..4704ccfc 100644 --- a/blueprint.cue +++ b/blueprint.cue @@ -44,11 +44,6 @@ global: { } registry: "ghcr.io" } - timoni: { - registries: [ - aws.registry, - ] - } } secrets: [ { From 1e207bb4c0986ef449ab37eb2a1e58db5c1d84ad Mon Sep 17 00:00:00 2001 From: Joshua Gilman Date: Tue, 26 Nov 2024 14:42:09 -0800 Subject: [PATCH 17/17] wip: cleanup --- .github/workflows/ci.yml | 155 +++++++++++++++++----------------- .github/workflows/deploy.yml | 8 +- .github/workflows/docs.yml | 8 +- .github/workflows/release.yml | 8 +- .github/workflows/run.yml | 8 +- 5 files changed, 93 insertions(+), 94 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index aa94053c..524f5180 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,12 +41,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install@master if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install-local@master if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -61,14 +61,14 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/setup@master with: skip_docker: 'true' skip_github: 'true' skip_earthly: ${{ steps.local.outputs.skip }} - name: Discovery id: discovery - uses: input-output-hk/catalyst-forge/actions/discovery@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/discovery@master with: filters: | ${{ env.FORGE_REGEX_CHECK }} @@ -79,68 +79,67 @@ jobs: ${{ env.FORGE_REGEX_RELEASE }} ${{ env.FORGE_REGEX_PUBLISH }} - # check: - # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - # needs: [discover] - # if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled() - # with: - # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$']) }} - # forge_version: ${{ inputs.forge_version }} - # local: ${{ inputs.local }} - # verbosity: ${{ inputs.verbosity }} - # secrets: - # earthly_token: ${{ secrets.earthly_token }} + check: + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + needs: [discover] + if: (fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$'] != null) && !failure() && !cancelled() + with: + earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^check(-.*)?$']) }} + forge_version: ${{ inputs.forge_version }} + local: ${{ inputs.local }} + verbosity: ${{ inputs.verbosity }} + secrets: + earthly_token: ${{ secrets.earthly_token }} - # build: - # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - # needs: [discover, check] - # if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled() - # with: - # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$']) }} - # forge_version: ${{ inputs.forge_version }} - # local: ${{ inputs.local }} - # verbosity: ${{ inputs.verbosity }} - # secrets: - # earthly_token: ${{ secrets.earthly_token }} + build: + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + needs: [discover, check] + if: (fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$'] != null) && !failure() && !cancelled() + with: + earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^build(-.*)?$']) }} + forge_version: ${{ inputs.forge_version }} + local: ${{ inputs.local }} + verbosity: ${{ inputs.verbosity }} + secrets: + earthly_token: ${{ secrets.earthly_token }} - # package: - # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - # needs: [discover, check, build] - # if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled() - # with: - # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$']) }} - # forge_version: ${{ inputs.forge_version }} - # local: ${{ inputs.local }} - # verbosity: ${{ inputs.verbosity }} - # secrets: - # earthly_token: ${{ secrets.earthly_token }} + package: + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + needs: [discover, check, build] + if: (fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$'] != null) && !failure() && !cancelled() + with: + earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^package(-.*)?$']) }} + forge_version: ${{ inputs.forge_version }} + local: ${{ inputs.local }} + verbosity: ${{ inputs.verbosity }} + secrets: + earthly_token: ${{ secrets.earthly_token }} - # test: - # uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@adds-timoni-release - # needs: [discover, check, build, package] - # if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled() - # with: - # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$']) }} - # forge_version: ${{ inputs.forge_version }} - # local: ${{ inputs.local }} - # verbosity: ${{ inputs.verbosity }} - # secrets: - # earthly_token: ${{ secrets.earthly_token }} + test: + uses: input-output-hk/catalyst-forge/.github/workflows/run.yml@master + needs: [discover, check, build, package] + if: (fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$'] != null) && !failure() && !cancelled() + with: + earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^test(-.*)?$']) }} + forge_version: ${{ inputs.forge_version }} + local: ${{ inputs.local }} + verbosity: ${{ inputs.verbosity }} + secrets: + earthly_token: ${{ secrets.earthly_token }} - # docs: - # uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@adds-timoni-release - # needs: [discover, check, build, test] - # if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled() - # with: - # earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$']) }} - # forge_version: ${{ inputs.forge_version }} - # secrets: - # earthly_token: ${{ secrets.earthly_token }} + docs: + uses: input-output-hk/catalyst-forge/.github/workflows/docs.yml@master + needs: [discover, check, build, test] + if: (fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$'] != null) && !failure() && !cancelled() + with: + earthfiles: ${{ toJson(fromJson(needs.discover.outputs.earthfiles)['^docs(-.*)?$']) }} + forge_version: ${{ inputs.forge_version }} + secrets: + earthly_token: ${{ secrets.earthly_token }} release: - uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@adds-timoni-release - #needs: [discover, check, build, test] - needs: [discover] + uses: input-output-hk/catalyst-forge/.github/workflows/release.yml@master + needs: [discover, check, build, test] if: (fromJson(needs.discover.outputs.releases)[0] != null) && !failure() && !cancelled() with: releases: ${{ needs.discover.outputs.releases }} @@ -150,22 +149,22 @@ jobs: secrets: earthly_token: ${{ secrets.earthly_token }} - # deploy: - # uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@adds-timoni-release - # needs: [discover, check, build, test, release] - # if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled() - # with: - # deployments: ${{ needs.discover.outputs.deployments }} - # forge_version: ${{ inputs.forge_version }} - # local: ${{ inputs.local }} - # verbosity: ${{ inputs.verbosity }} - # secrets: - # earthly_token: ${{ secrets.earthly_token }} + deploy: + uses: input-output-hk/catalyst-forge/.github/workflows/deploy.yml@master + needs: [discover, check, build, test, release] + if: (fromJson(needs.discover.outputs.deployments)[0] != null) && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && !failure() && !cancelled() + with: + deployments: ${{ needs.discover.outputs.deployments }} + forge_version: ${{ inputs.forge_version }} + local: ${{ inputs.local }} + verbosity: ${{ inputs.verbosity }} + secrets: + earthly_token: ${{ secrets.earthly_token }} - # final: - # needs: [check, build, package, test, release] - # if: (!failure() && !cancelled()) - # runs-on: ubuntu-latest - # steps: - # - name: Final - # run: echo "All done" \ No newline at end of file + final: + needs: [check, build, package, test, release] + if: (!failure() && !cancelled()) + runs-on: ubuntu-latest + steps: + - name: Final + run: echo "All done" \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 0977e054..026cd7a4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -41,12 +41,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install@master if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install-local@master if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -61,11 +61,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/setup@master with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Deploy - uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/run@master with: command: deploy push args: ${{ matrix.deployment }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 21fb4c0b..80361cee 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -44,12 +44,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install@master if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install-local@master if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -64,11 +64,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/setup@master with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Run - uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/run@master with: command: run args: --artifact ${{ env.OUTPUT }} ${{ matrix.earthfile }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 68bbff2f..68f50458 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -45,12 +45,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install@master if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install-local@master if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -65,11 +65,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/setup@master with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Release - uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/run@master with: command: release args: ${{ matrix.release.project }} ${{ matrix.release.name }} diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml index 9efb96f6..2556a60c 100644 --- a/.github/workflows/run.yml +++ b/.github/workflows/run.yml @@ -42,12 +42,12 @@ jobs: steps: - uses: actions/checkout@v4 - name: Install Forge - uses: input-output-hk/catalyst-forge/actions/install@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install@master if: ${{ inputs.forge_version != 'local' }} with: version: ${{ inputs.forge_version }} - name: Install Local Forge - uses: input-output-hk/catalyst-forge/actions/install-local@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/install-local@master if: ${{ inputs.forge_version == 'local' }} with: earthly_token: ${{ secrets.earthly_token }} @@ -62,11 +62,11 @@ jobs: echo "skip=false" >> $GITHUB_OUTPUT fi - name: Setup CI - uses: input-output-hk/catalyst-forge/actions/setup@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/setup@master with: skip_earthly: ${{ steps.local.outputs.skip }} - name: Run - uses: input-output-hk/catalyst-forge/actions/run@adds-timoni-release + uses: input-output-hk/catalyst-forge/actions/run@master with: command: run args: ${{ matrix.earthfile }}