diff --git a/class_generator/schema/__cluster_version__.txt b/class_generator/schema/__cluster_version__.txt index 64f3729c20..a8c6550911 100644 --- a/class_generator/schema/__cluster_version__.txt +++ b/class_generator/schema/__cluster_version__.txt @@ -1 +1 @@ -v1.34.2 +v1.34.4 diff --git a/class_generator/schema/__resources-mappings.json.gz b/class_generator/schema/__resources-mappings.json.gz index 7efbe7f26c..92a3a13836 100644 Binary files a/class_generator/schema/__resources-mappings.json.gz and b/class_generator/schema/__resources-mappings.json.gz differ diff --git a/class_generator/schema/_definitions.json b/class_generator/schema/_definitions.json index abe396a219..f88552de6d 100644 --- a/class_generator/schema/_definitions.json +++ b/class_generator/schema/_definitions.json @@ -1,8 +1,8 @@ { "definitions": { - "cert-manager.io/v1/Certificate": { - "description": "A Certificate resource should be created to ensure an up to date and signed\nX.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.\n\nThe stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).", - "namespaced": true, + "aaq.kubevirt.io/v1alpha1/AAQ": { + "description": "AAQ is the AAQ Operator CRD", + "namespaced": false, "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -21,249 +21,1400 @@ "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, "spec": { - "description": "Specification of the desired state of the Certificate resource.\nhttps://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "AAQSpec defines our specification for the AAQ installation", "properties": { - "additionalOutputFormats": { - "description": "Defines extra output formats of the private key and signed certificate chain\nto be written to this Certificate's target Secret.", - "items": { - "description": "CertificateAdditionalOutputFormat defines an additional output format of a\nCertificate resource. These contain supplementary data formats of the signed\ncertificate chain and paired private key.", - "properties": { - "type": { - "description": "Type is the name of the format type that should be written to the\nCertificate's target Secret.", - "enum": [ - "DER", - "CombinedPEM" - ], - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "type": "array" - }, - "commonName": { - "description": "Requested common name X509 certificate subject attribute.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\nNOTE: TLS clients will ignore this value when any subject alternative name is\nset (see https://tools.ietf.org/html/rfc6125#section-6.4.4).\n\nShould have a length of 64 characters or fewer to avoid generating invalid CSRs.\nCannot be set if the `literalSubject` field is set.", - "type": "string" - }, - "dnsNames": { - "description": "Requested DNS subject alternative names.", - "items": { - "type": "string" - }, - "type": "array" - }, - "duration": { - "description": "Requested 'duration' (i.e. lifetime) of the Certificate. Note that the\nissuer may choose to ignore the requested duration, just like any other\nrequested attribute.\n\nIf unset, this defaults to 90 days.\nMinimum accepted duration is 1 hour.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.", - "type": "string" - }, - "emailAddresses": { - "description": "Requested email subject alternative names.", - "items": { - "type": "string" - }, - "type": "array" - }, - "encodeUsagesInRequest": { - "description": "Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR.\n\nThis option defaults to true, and should only be disabled if the target\nissuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions.", - "type": "boolean" - }, - "ipAddresses": { - "description": "Requested IP address subject alternative names.", - "items": { - "type": "string" - }, - "type": "array" - }, - "isCA": { - "description": "Requested basic constraints isCA value.\nThe isCA value is used to set the `isCA` field on the created CertificateRequest\nresources. Note that the issuer may choose to ignore the requested isCA value, just\nlike any other requested attribute.\n\nIf true, this will automatically add the `cert sign` usage to the list\nof requested `usages`.", - "type": "boolean" - }, - "issuerRef": { - "description": "Reference to the issuer responsible for issuing the certificate.\nIf the issuer is namespace-scoped, it must be in the same namespace\nas the Certificate. If the issuer is cluster-scoped, it can be used\nfrom any namespace.\n\nThe `name` field of the reference must always be specified.", - "properties": { - "group": { - "description": "Group of the resource being referred to.", - "type": "string" - }, - "kind": { - "description": "Kind of the resource being referred to.", - "type": "string" - }, - "name": { - "description": "Name of the resource being referred to.", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "keystores": { - "description": "Additional keystore output formats to be stored in the Certificate's Secret.", + "certConfig": { + "description": "certificate configuration", "properties": { - "jks": { - "description": "JKS configures options for storing a JKS keystore in the\n`spec.secretName` Secret resource.", + "ca": { + "description": "CA configuration\nCA certs are kept in the CA bundle as long as they are valid", "properties": { - "alias": { - "description": "Alias specifies the alias of the key in the keystore, required by the JKS format.\nIf not provided, the default alias `certificate` will be used.", + "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.", "type": "string" }, - "create": { - "description": "Create enables JKS keystore creation for the Certificate.\nIf true, a file named `keystore.jks` will be created in the target\nSecret resource, encrypted using the password stored in\n`passwordSecretRef` or `password`.\nThe keystore file will be updated immediately.\nIf the issuer provided a CA certificate, a file named `truststore.jks`\nwill also be created in the target Secret resource, encrypted using the\npassword stored in `passwordSecretRef`\ncontaining the issuing Certificate Authority", - "type": "boolean" - }, - "password": { - "description": "Password provides a literal password used to encrypt the JKS keystore.\nMutually exclusive with passwordSecretRef.\nOne of password or passwordSecretRef must provide a password with a non-zero length.", + "renewBefore": { + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.", "type": "string" - }, - "passwordSecretRef": { - "description": "PasswordSecretRef is a reference to a non-empty key in a Secret resource\ncontaining the password used to encrypt the JKS keystore.\nMutually exclusive with password.\nOne of password or passwordSecretRef must provide a password with a non-zero length.", - "properties": { - "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used.\nSome instances of this field may be defaulted, in others it may be\nrequired.", - "type": "string" - }, - "name": { - "description": "Name of the resource being referred to.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" } }, - "required": [ - "create" - ], "type": "object" }, - "pkcs12": { - "description": "PKCS12 configures options for storing a PKCS12 keystore in the\n`spec.secretName` Secret resource.", + "server": { + "description": "Server configuration\nCerts are rotated and discarded", "properties": { - "create": { - "description": "Create enables PKCS12 keystore creation for the Certificate.\nIf true, a file named `keystore.p12` will be created in the target\nSecret resource, encrypted using the password stored in\n`passwordSecretRef` or in `password`.\nThe keystore file will be updated immediately.\nIf the issuer provided a CA certificate, a file named `truststore.p12` will\nalso be created in the target Secret resource, encrypted using the\npassword stored in `passwordSecretRef` containing the issuing Certificate\nAuthority", - "type": "boolean" - }, - "password": { - "description": "Password provides a literal password used to encrypt the PKCS#12 keystore.\nMutually exclusive with passwordSecretRef.\nOne of password or passwordSecretRef must provide a password with a non-zero length.", + "duration": { + "description": "The requested 'duration' (i.e. lifetime) of the Certificate.", "type": "string" }, - "passwordSecretRef": { - "description": "PasswordSecretRef is a reference to a non-empty key in a Secret resource\ncontaining the password used to encrypt the PKCS#12 keystore.\nMutually exclusive with password.\nOne of password or passwordSecretRef must provide a password with a non-zero length.", - "properties": { - "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used.\nSome instances of this field may be defaulted, in others it may be\nrequired.", - "type": "string" - }, - "name": { - "description": "Name of the resource being referred to.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "profile": { - "description": "Profile specifies the key and certificate encryption algorithms and the HMAC algorithm\nused to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility.\n\nIf provided, allowed values are:\n`LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.\n`LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.\n`Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms\n(e.g., because of company policy). Please note that the security of the algorithm is not that important\nin reality, because the unencrypted certificate and private key are also stored in the Secret.", - "enum": [ - "LegacyRC2", - "LegacyDES", - "Modern2023" - ], + "renewBefore": { + "description": "The amount of time before the currently issued certificate's `notAfter`\ntime that we will begin to attempt to renew the certificate.", "type": "string" } }, - "required": [ - "create" - ], "type": "object" } }, "type": "object" }, - "literalSubject": { - "description": "Requested X.509 certificate subject, represented using the LDAP \"String\nRepresentation of a Distinguished Name\" [1].\nImportant: the LDAP string format also specifies the order of the attributes\nin the subject, this is important when issuing certs for LDAP authentication.\nExample: `CN=foo,DC=corp,DC=example,DC=com`\nMore info [1]: https://datatracker.ietf.org/doc/html/rfc4514\nMore info: https://github.com/cert-manager/cert-manager/issues/3203\nMore info: https://github.com/cert-manager/cert-manager/issues/4424\n\nCannot be set if the `subject` or `commonName` field is set.", - "type": "string" - }, - "nameConstraints": { - "description": "x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate.\nMore Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10\n\nThis is an Alpha Feature and is only enabled with the\n`--feature-gates=NameConstraints=true` option set on both\nthe controller and webhook components.", + "configuration": { + "description": "holds aaq configurations.", "properties": { - "critical": { - "description": "if true then the name constraints are marked critical.", + "allowApplicationAwareClusterResourceQuota": { + "description": "AllowApplicationAwareClusterResourceQuota can be set to true to allow creation and management\nof ApplicationAwareClusterResourceQuota. Defaults to false", "type": "boolean" }, - "excluded": { - "description": "Excluded contains the constraints which must be disallowed. Any name matching a\nrestriction in the excluded field is invalid regardless\nof information appearing in the permitted", - "properties": { - "dnsDomains": { - "description": "DNSDomains is a list of DNS domains that are permitted or excluded.", - "items": { - "type": "string" + "sidecarEvaluators": { + "description": "SidecarEvaluators allow custom quota counting for external operator", + "items": { + "description": "A single application container that you want to run within a pod.", + "properties": { + "args": { + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array" - }, - "emailAddresses": { - "description": "EmailAddresses is a list of Email Addresses that are permitted or excluded.", - "items": { - "type": "string" + "command": { + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "type": "array" - }, - "ipRanges": { - "description": "IPRanges is a list of IP Ranges that are permitted or excluded.\nThis should be a valid CIDR notation.", - "items": { + "env": { + "description": "List of environment variables to set in the container.\nCannot be updated.", + "items": { + "description": "EnvVar represents an environment variable present in a Container.", + "properties": { + "name": { + "description": "Name of the environment variable.\nMay consist of any printable ASCII characters except '='.", + "type": "string" + }, + "value": { + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", + "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fileKeyRef": { + "description": "FileKeyRef selects a key of the env file.\nRequires the EnvFiles feature gate to be enabled.", + "properties": { + "key": { + "description": "The key within the env file. An invalid key will prevent the pod from starting.\nThe keys defined within a source may consist of any printable ASCII characters except '='.\nDuring Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", + "type": "string" + }, + "optional": { + "default": false, + "description": "Specify whether the file or its key must be defined. If the file or key\ndoes not exist, then the env var is not published.\nIf optional is set to true and the specified key does not exist,\nthe environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist,\nan error will be returned during Pod creation.", + "type": "boolean" + }, + "path": { + "description": "The path within the volume from which to select the file.\nMust be relative and may not contain the '..' path or start with '..'.", + "type": "string" + }, + "volumeName": { + "description": "The name of the volume mount containing the env file.", + "type": "string" + } + }, + "required": [ + "key", + "path", + "volumeName" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "description": "Required: resource to select", + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source may consist of any printable ASCII characters except '='.\nWhen a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", + "items": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "description": "Optional text to prepend to the name of each environment variable.\nMay consist of any printable ASCII characters except '='.", + "type": "string" + }, + "secretRef": { + "description": "The Secret to select from", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, - "type": "array" - }, - "uriDomains": { - "description": "URIDomains is a list of URI domains that are permitted or excluded.", - "items": { + "imagePullPolicy": { + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, - "type": "array" - } - }, - "type": "object" - }, - "permitted": { - "description": "Permitted contains the constraints in which the names must be located.", - "properties": { - "dnsDomains": { - "description": "DNSDomains is a list of DNS domains that are permitted or excluded.", - "items": { + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", + "properties": { + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped.\nIf not specified, the default is defined by the container runtime in use.\nStopSignal can only be set for Pods with a non-empty .spec.os.name", + "type": "string" + } + }, + "type": "object" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, - "type": "array" - }, - "emailAddresses": { - "description": "EmailAddresses is a list of Email Addresses that are permitted or excluded.", - "items": { + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", + "items": { + "description": "ContainerPort represents a network port in a single container.", + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", + "format": "int32", + "type": "integer" + }, + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", + "format": "int32", + "type": "integer" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", + "type": "string" + }, + "protocol": { + "default": "TCP", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis field depends on the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis overrides the pod-level restart policy. When this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nAdditionally, setting the RestartPolicy as \"Always\" for the init container will\nhave the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", "type": "string" }, - "type": "array" - }, - "ipRanges": { - "description": "IPRanges is a list of IP Ranges that are permitted or excluded.\nThis should be a valid CIDR notation.", - "items": { + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the\ncontainer should be restarted on exit. The rules are evaluated in\norder. Once a rule matches a container exit condition, the remaining\nrules are ignored. If no rule matches the container exit condition,\nthe Container-level restart policy determines the whether the container\nis restarted or not. Constraints on the rules:\n- At most 20 rules are allowed.\n- Rules can have the same action.\n- Identical rules are not forbidden in validations.\nWhen rules are specified, container MUST set RestartPolicy explicitly\neven it if matches the Pod's RestartPolicy.", + "items": { + "description": "ContainerRestartRule describes how a container exit is handled.", + "properties": { + "action": { + "description": "Specifies the action taken on a container exit if the requirements\nare satisfied. The only possible value is \"Restart\" to restart the\ncontainer.", + "type": "string" + }, + "exitCodes": { + "description": "Represents the exit codes to check on container exits.", + "properties": { + "operator": { + "description": "Represents the relationship between the container exit code(s) and the\nspecified values. Possible values are:\n- In: the requirement is satisfied if the container exit code is in the\n set of specified values.\n- NotIn: the requirement is satisfied if the container exit code is\n not in the set of specified values.", + "type": "string" + }, + "values": { + "description": "Specifies the set of values to check for container exit codes.\nAt most 255 elements are allowed.", + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator" + ], + "type": "object" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "add": { + "description": "Added capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "description": "Removed capabilities", + "items": { + "description": "Capability represent POSIX capabilities type", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "properties": { + "exec": { + "description": "Exec specifies a command to execute in the container.", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "properties": { + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "properties": { + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", + "type": "string" + }, + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "properties": { + "name": { + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string" + }, + "value": { + "description": "The header field value", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + }, + "scheme": { + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "properties": { + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, - "type": "array" - }, - "uriDomains": { - "description": "URIDomains is a list of URI domains that are permitted or excluded.", - "items": { + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" }, - "type": "array" + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "items": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", + "properties": { + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", + "items": { + "description": "VolumeMount describes a mounting of a Volume within a container.", + "properties": { + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", + "type": "string" + }, + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", + "type": "string" + }, + "name": { + "description": "This must match the Name of a Volume.", + "type": "string" + }, + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "vmiCalculatorConfiguration": { + "description": "VmiCalculatorConfiguration determine how resource allocation will be done with ApplicationAwareResourceQuota", + "properties": { + "configName": { + "default": "DedicatedVirtualResources", + "description": "ConfigName determine how resource allocation will be done with ApplicationAwareResourceQuota.\nallowed values are: VmiPodUsage, VirtualResources, DedicatedVirtualResources or IgnoreVmiCalculator", + "enum": [ + "VmiPodUsage", + "VirtualResources", + "DedicatedVirtualResources", + "IgnoreVmiCalculator" + ], + "type": "string" } }, "type": "object" @@ -271,252 +1422,1692 @@ }, "type": "object" }, - "otherNames": { - "description": "`otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37\nAny UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`.\nMost commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3\nYou should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.", - "items": { - "properties": { - "oid": { - "description": "OID is the object identifier for the otherName SAN.\nThe object identifier must be expressed as a dotted string, for\nexample, \"1.2.840.113556.1.4.221\".", - "type": "string" - }, - "utf8Value": { - "description": "utf8Value is the string value of the otherName SAN.\nThe utf8Value accepts any valid UTF8 string to set as value for the otherName SAN.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "privateKey": { - "description": "Private key options. These include the key algorithm and size, the used\nencoding and the rotation policy.", - "properties": { - "algorithm": { - "description": "Algorithm is the private key algorithm of the corresponding private key\nfor this certificate.\n\nIf provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`.\nIf `algorithm` is specified and `size` is not provided,\nkey size of 2048 will be used for `RSA` key algorithm and\nkey size of 256 will be used for `ECDSA` key algorithm.\nkey size is ignored when using the `Ed25519` key algorithm.", - "enum": [ - "RSA", - "ECDSA", - "Ed25519" - ], - "type": "string" - }, - "encoding": { - "description": "The private key cryptography standards (PKCS) encoding for this\ncertificate's private key to be encoded in.\n\nIf provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1\nand PKCS#8, respectively.\nDefaults to `PKCS1` if not specified.", - "enum": [ - "PKCS1", - "PKCS8" - ], - "type": "string" - }, - "rotationPolicy": { - "description": "RotationPolicy controls how private keys should be regenerated when a\nre-issuance is being processed.\n\nIf set to `Never`, a private key will only be generated if one does not\nalready exist in the target `spec.secretName`. If one does exist but it\ndoes not have the correct algorithm or size, a warning will be raised\nto await user intervention.\nIf set to `Always`, a private key matching the specified requirements\nwill be generated whenever a re-issuance occurs.\nDefault is `Always`.\nThe default was changed from `Never` to `Always` in cert-manager >=v1.18.0.\nThe new default can be disabled by setting the\n`--feature-gates=DefaultPrivateKeyRotationPolicyAlways=false` option on\nthe controller component.", - "enum": [ - "Never", - "Always" - ], - "type": "string" - }, - "size": { - "description": "Size is the key bit size of the corresponding private key for this certificate.\n\nIf `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`,\nand will default to `2048` if not specified.\nIf `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`,\nand will default to `256` if not specified.\nIf `algorithm` is set to `Ed25519`, Size is ignored.\nNo other values are allowed.", - "type": "integer" - } - }, - "type": "object" - }, - "renewBefore": { - "description": "How long before the currently issued certificate's expiry cert-manager should\nrenew the certificate. For example, if a certificate is valid for 60 minutes,\nand `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate\n50 minutes after it was issued (i.e. when there are 10 minutes remaining until\nthe certificate is no longer valid).\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\nIf unset, this defaults to 1/3 of the issued certificate's lifetime.\nMinimum accepted value is 5 minutes.\nValue must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration.\nCannot be set if the `renewBeforePercentage` field is set.", - "type": "string" - }, - "renewBeforePercentage": { - "description": "`renewBeforePercentage` is like `renewBefore`, except it is a relative percentage\nrather than an absolute duration. For example, if a certificate is valid for 60\nminutes, and `renewBeforePercentage=25`, cert-manager will begin to attempt to\nrenew the certificate 45 minutes after it was issued (i.e. when there are 15\nminutes (25%) remaining until the certificate is no longer valid).\n\nNOTE: The actual lifetime of the issued certificate is used to determine the\nrenewal time. If an issuer returns a certificate with a different lifetime than\nthe one requested, cert-manager will use the lifetime of the issued certificate.\n\nValue must be an integer in the range (0,100). The minimum effective\n`renewBefore` derived from the `renewBeforePercentage` and `duration` fields is 5\nminutes.\nCannot be set if the `renewBefore` field is set.", - "format": "int32", - "type": "integer" - }, - "revisionHistoryLimit": { - "description": "The maximum number of CertificateRequest revisions that are maintained in\nthe Certificate's history. Each revision represents a single `CertificateRequest`\ncreated by this Certificate, either when it was created, renewed, or Spec\nwas changed. Revisions will be removed by oldest first if the number of\nrevisions exceeds this number.\n\nIf set, revisionHistoryLimit must be a value of `1` or greater.\nDefault value is `1`.", - "format": "int32", - "type": "integer" - }, - "secretName": { - "description": "Name of the Secret resource that will be automatically created and\nmanaged by this Certificate resource. It will be populated with a\nprivate key and certificate, signed by the denoted issuer. The Secret\nresource lives in the same namespace as the Certificate resource.", + "imagePullPolicy": { + "description": "PullPolicy describes a policy for if/when to pull a container image", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], "type": "string" }, - "secretTemplate": { - "description": "Defines annotations and labels to be copied to the Certificate's Secret.\nLabels and annotations on the Secret will be changed as they appear on the\nSecretTemplate when added or removed. SecretTemplate annotations are added\nin conjunction with, and cannot overwrite, the base set of annotations\ncert-manager sets on the Certificate's Secret.", + "infra": { + "description": "Rules on which nodes AAQ infrastructure pods will be scheduled", "properties": { - "annotations": { - "additionalProperties": { - "type": "string" + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and subtracting\n\"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } }, - "description": "Annotations is a key value map to be copied to the target Kubernetes Secret.", "type": "object" }, - "labels": { + "nodeSelector": { "additionalProperties": { "type": "string" }, - "description": "Labels is a key value map to be copied to the target Kubernetes Secret.", + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", "type": "object" + }, + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", + "items": { + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, - "signatureAlgorithm": { - "description": "Signature algorithm to use.\nAllowed values for RSA keys: SHA256WithRSA, SHA384WithRSA, SHA512WithRSA.\nAllowed values for ECDSA keys: ECDSAWithSHA256, ECDSAWithSHA384, ECDSAWithSHA512.\nAllowed values for Ed25519 keys: PureEd25519.", - "enum": [ - "SHA256WithRSA", - "SHA384WithRSA", - "SHA512WithRSA", - "ECDSAWithSHA256", - "ECDSAWithSHA384", - "ECDSAWithSHA512", - "PureEd25519" - ], - "type": "string" - }, - "subject": { - "description": "Requested set of X509 certificate subject attributes.\nMore info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6\n\nThe common name attribute is specified separately in the `commonName` field.\nCannot be set if the `literalSubject` field is set.", + "namespaceSelector": { + "description": "namespaces where pods should be gated before scheduling\nDefaults to targeting namespaces with an \"application-aware-quota/enable-gating\" label key.", "properties": { - "countries": { - "description": "Countries to be used on the Certificate.", - "items": { - "type": "string" - }, - "type": "array" - }, - "localities": { - "description": "Cities to be used on the Certificate.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "type": "string" - }, - "type": "array" - }, - "organizationalUnits": { - "description": "Organizational Units to be used on the Certificate.", - "items": { - "type": "string" + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "organizations": { - "description": "Organizations to be used on the Certificate.", - "items": { + "matchLabels": { + "additionalProperties": { "type": "string" }, - "type": "array" - }, - "postalCodes": { - "description": "Postal codes to be used on the Certificate.", - "items": { - "type": "string" + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "priorityClass": { + "description": "PriorityClass of the AAQ control plane", + "type": "string" + }, + "workload": { + "description": "Restrict on which nodes AAQ workload pods will be scheduled", + "properties": { + "affinity": { + "description": "affinity enables pod affinity/anti-affinity placement expanding the types of constraints\nthat can be expressed with nodeSelector.\naffinity is going to be applied to the relevant kind of pods in parallel with nodeSelector\nSee https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "properties": { + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", + "items": { + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "properties": { + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "items": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "type": "string" + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and subtracting\n\"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", + "items": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "properties": { + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", + "properties": { + "labelSelector": { + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } }, - "type": "array" + "type": "object" }, - "provinces": { - "description": "State/Provinces to be used on the Certificate.", - "items": { + "nodeSelector": { + "additionalProperties": { "type": "string" }, - "type": "array" - }, - "serialNumber": { - "description": "Serial number to be used on the Certificate.", - "type": "string" + "description": "nodeSelector is the node selector applied to the relevant kind of pods\nIt specifies a map of key-value pairs: for the pod to be eligible to run on a node,\nthe node must have each of the indicated key-value pairs as labels\n(it can have additional labels as well).\nSee https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector", + "type": "object" }, - "streetAddresses": { - "description": "Street addresses to be used on the Certificate.", + "tolerations": { + "description": "tolerations is a list of tolerations applied to the relevant kind of pods\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.\nThese are additional tolerations other than default ones.", "items": { - "type": "string" + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + }, + "type": "object" }, "type": "array" } }, "type": "object" - }, - "uris": { - "description": "Requested URI subject alternative names.", - "items": { - "type": "string" - }, - "type": "array" - }, - "usages": { - "description": "Requested key usages and extended key usages.\nThese usages are used to set the `usages` field on the created CertificateRequest\nresources. If `encodeUsagesInRequest` is unset or set to `true`, the usages\nwill additionally be encoded in the `request` field which contains the CSR blob.\n\nIf unset, defaults to `digital signature` and `key encipherment`.", - "items": { - "description": "KeyUsage specifies valid usage contexts for keys.\nSee:\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.3\nhttps://tools.ietf.org/html/rfc5280#section-4.2.1.12\n\nValid KeyUsage values are as follows:\n\"signing\",\n\"digital signature\",\n\"content commitment\",\n\"key encipherment\",\n\"key agreement\",\n\"data encipherment\",\n\"cert sign\",\n\"crl sign\",\n\"encipher only\",\n\"decipher only\",\n\"any\",\n\"server auth\",\n\"client auth\",\n\"code signing\",\n\"email protection\",\n\"s/mime\",\n\"ipsec end system\",\n\"ipsec tunnel\",\n\"ipsec user\",\n\"timestamping\",\n\"ocsp signing\",\n\"microsoft sgc\",\n\"netscape sgc\"", - "enum": [ - "signing", - "digital signature", - "content commitment", - "key encipherment", - "key agreement", - "data encipherment", - "cert sign", - "crl sign", - "encipher only", - "decipher only", - "any", - "server auth", - "client auth", - "code signing", - "email protection", - "s/mime", - "ipsec end system", - "ipsec tunnel", - "ipsec user", - "timestamping", - "ocsp signing", - "microsoft sgc", - "netscape sgc" - ], - "type": "string" - }, - "type": "array" } }, - "required": [ - "issuerRef", - "secretName" - ], "type": "object" }, "status": { - "description": "Status of the Certificate.\nThis is set and managed automatically.\nRead-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "AAQStatus defines the status of the installation", "properties": { "conditions": { - "description": "List of status conditions to indicate the status of certificates.\nKnown condition types are `Ready` and `Issuing`.", + "description": "A list of current conditions of the resource", "items": { - "description": "CertificateCondition contains condition information for a Certificate.", + "description": "Condition represents the state of the operator's\nreconciliation functionality.", "properties": { + "lastHeartbeatTime": { + "format": "date-time", + "type": "string" + }, "lastTransitionTime": { - "description": "LastTransitionTime is the timestamp corresponding to the last status\nchange of this condition.", "format": "date-time", "type": "string" }, "message": { - "description": "Message is a human readable description of the details of the last\ntransition, complementing reason.", "type": "string" }, - "observedGeneration": { - "description": "If set, this represents the .metadata.generation that the condition was\nset based upon.\nFor instance, if .metadata.generation is currently 12, but the\n.status.condition[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the Certificate.", - "format": "int64", - "type": "integer" - }, "reason": { - "description": "Reason is a brief machine readable explanation for the condition's last\ntransition.", "type": "string" }, "status": { - "description": "Status of the condition, one of (`True`, `False`, `Unknown`).", - "enum": [ - "True", - "False", - "Unknown" - ], "type": "string" }, "type": { - "description": "Type of the condition, known values are (`Ready`, `Issuing`).", + "description": "ConditionType is the state of the operator's reconciliation functionality.", "type": "string" } }, @@ -526,2477 +3117,2205 @@ ], "type": "object" }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "failedIssuanceAttempts": { - "description": "The number of continuous failed issuance attempts up till now. This\nfield gets removed (if set) on a successful issuance and gets set to\n1 if unset and an issuance has failed. If an issuance has failed, the\ndelay till the next issuance will be calculated using formula\ntime.Hour * 2 ^ (failedIssuanceAttempts - 1).", - "type": "integer" - }, - "lastFailureTime": { - "description": "LastFailureTime is set only if the latest issuance for this\nCertificate failed and contains the time of the failure. If an\nissuance has failed, the delay till the next issuance will be\ncalculated using formula time.Hour * 2 ^ (failedIssuanceAttempts -\n1). If the latest issuance has succeeded this field will be unset.", - "format": "date-time", - "type": "string" + "type": "array" }, - "nextPrivateKeySecretName": { - "description": "The name of the Secret resource containing the private key to be used\nfor the next certificate iteration.\nThe keymanager controller will automatically set this field if the\n`Issuing` condition is set to `True`.\nIt will automatically unset this field when the Issuing condition is\nnot set or False.", + "observedVersion": { + "description": "The observed version of the resource", "type": "string" }, - "notAfter": { - "description": "The expiration time of the certificate stored in the secret named\nby this resource in `spec.secretName`.", - "format": "date-time", + "operatorVersion": { + "description": "The version of the resource as defined by the operator", "type": "string" }, - "notBefore": { - "description": "The time after which the certificate stored in the secret named\nby this resource in `spec.secretName` is valid.", - "format": "date-time", + "phase": { + "description": "Phase is the current phase of the deployment", "type": "string" }, - "renewalTime": { - "description": "RenewalTime is the time at which the certificate will be next\nrenewed.\nIf not set, no upcoming renewal is scheduled.", - "format": "date-time", + "targetVersion": { + "description": "The desired version of the resource", "type": "string" - }, - "revision": { - "description": "The current 'revision' of the certificate as issued.\n\nWhen a CertificateRequest resource is created, it will have the\n`cert-manager.io/certificate-revision` set to one greater than the\ncurrent value of this field.\n\nUpon issuance, this field will be set to the value of the annotation\non the CertificateRequest resource used to issue the certificate.\n\nPersisting the value on the CertificateRequest resource allows the\ncertificates controller to know whether a request is part of an old\nissuance or if it is part of the ongoing revision's issuance by\nchecking if the revision value in the annotation is greater than this\nfield.", - "type": "integer" } }, "type": "object" } }, - "required": [], + "required": [ + "spec" + ], "type": "object", "x-kubernetes-group-version-kind": [ { - "group": "cert-manager.io", - "kind": "Certificate", - "version": "v1" + "group": "aaq.kubevirt.io", + "kind": "AAQ", + "version": "v1alpha1" } ] }, - "com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams": { - "description": "CustomDeploymentStrategyParams are the input to the Custom deployment strategy.", + "aaq.kubevirt.io/v1alpha1/AAQList": { + "description": "AAQList is a list of AAQ", + "namespaced": true, "properties": { - "command": { - "description": "Command is optional and overrides CMD in the container Image.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "environment": { - "description": "Environment holds the environment which will be given to the container for Image.", + "items": { + "description": "List of aaqs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" - } - ], - "default": {} + "$ref": "#/components/schemas/io.kubevirt.aaq.v1alpha1.AAQ" }, "type": "array" }, - "image": { - "description": "Image specifies a container image which can carry out a deployment.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.apps.v1.DeploymentCause": { - "description": "DeploymentCause captures information about a particular cause of a deployment.", - "properties": { - "imageTrigger": { + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "ImageTrigger contains the image trigger details, if this trigger was fired based on an image change" - }, - "type": { - "default": "", - "description": "Type of the trigger that resulted in the creation of a new deployment", - "type": "string" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ - "type" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "aaq.kubevirt.io", + "kind": "AAQList", + "version": "v1alpha1" + } + ] }, - "com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger": { - "description": "DeploymentCauseImageTrigger represents details about the cause of a deployment originating from an image change trigger", + "admission.k8s.io/v1/DeleteOptions": { + "description": "DeleteOptions may be provided when deleting an API object.", + "namespaced": true, "properties": { - "from": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "items": { + "default": "", + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "gracePeriodSeconds": { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "format": "int64", + "type": "integer" + }, + "ignoreStoreReadErrorWithClusterBreakingPotential": { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "orphanDependents": { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "type": "boolean" + }, + "preconditions": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions" } ], - "default": {}, - "description": "From is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage." + "description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned." + }, + "propagationPolicy": { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "type": "string" } }, - "required": [ - "from" - ], - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admission.k8s.io", + "kind": "DeleteOptions", + "version": "v1" + } + ] }, - "com.github.openshift.api.apps.v1.DeploymentCondition": { - "description": "DeploymentCondition describes the state of a deployment config at a certain point.", + "admission.k8s.io/v1/WatchEvent": { + "description": "Event represents a single event to a watched resource.", + "namespaced": true, "properties": { - "lastTransitionTime": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "The last time the condition transitioned from one status to another." - }, - "lastUpdateTime": { + "object": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" } ], - "description": "The last time this condition was updated." - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "default": "", - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string" + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context." }, "type": { "default": "", - "description": "Type of deployment condition.", "type": "string" } }, "required": [ "type", - "status" + "object" ], - "type": "object" - }, - "com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec": { - "description": "DeploymentConfigRollbackSpec represents the options for rollback generation.", - "properties": { - "from": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "default": {}, - "description": "From points to a ReplicationController which is a deployment." - }, - "includeReplicationMeta": { - "default": false, - "description": "IncludeReplicationMeta specifies whether to include the replica count and selector.", - "type": "boolean" - }, - "includeStrategy": { - "default": false, - "description": "IncludeStrategy specifies whether to include the deployment Strategy.", - "type": "boolean" - }, - "includeTemplate": { - "default": false, - "description": "IncludeTemplate specifies whether to include the PodTemplateSpec.", - "type": "boolean" - }, - "includeTriggers": { - "default": false, - "description": "IncludeTriggers specifies whether to include config Triggers.", - "type": "boolean" - }, - "revision": { - "description": "Revision to rollback to. If set to 0, rollback to the last revision.", - "format": "int64", - "type": "integer" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admission.k8s.io", + "kind": "WatchEvent", + "version": "v1" } - }, - "required": [ - "from", - "includeTriggers", - "includeTemplate", - "includeReplicationMeta", - "includeStrategy" - ], - "type": "object" + ] }, - "com.github.openshift.api.apps.v1.DeploymentConfigSpec": { - "description": "DeploymentConfigSpec represents the desired state of the deployment.", + "admissionregistration.k8s.io/v1/MutatingWebhookConfiguration": { + "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", + "namespaced": false, "properties": { - "minReadySeconds": { - "description": "MinReadySeconds is the minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", - "format": "int32", - "type": "integer" - }, - "paused": { - "description": "Paused indicates that the deployment config is paused resulting in no new deployments on template changes or changes in the template caused by other triggers.", - "type": "boolean" - }, - "replicas": { - "default": 0, - "description": "Replicas is the number of desired replicas.", - "format": "int32", - "type": "integer" - }, - "revisionHistoryLimit": { - "description": "RevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)", - "format": "int32", - "type": "integer" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "selector": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "Selector is a label query over pods that should match the Replicas count.", - "type": "object" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "strategy": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentStrategy" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "Strategy describes how a deployment is executed." - }, - "template": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" - } - ], - "description": "Template is the object that describes the pod that will be created if insufficient replicas are detected." - }, - "test": { - "default": false, - "description": "Test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.", - "type": "boolean" + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata." }, - "triggers": { - "description": "Triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers are defined, a new deployment can only occur as a result of an explicit client update to the DeploymentConfig with a new LatestVersion. If null, defaults to having a config change trigger.", + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentTriggerPolicy" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhook" } ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "MutatingWebhookConfiguration", + "version": "v1" + } + ] }, - "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { - "description": "DeploymentConfigStatus represents the current deployment state.", + "admissionregistration.k8s.io/v1/MutatingWebhookConfigurationList": { + "description": "MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.", + "namespaced": true, "properties": { - "availableReplicas": { - "default": 0, - "description": "AvailableReplicas is the total number of available pods targeted by this deployment config.", - "format": "int32", - "type": "integer" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "conditions": { - "description": "Conditions represents the latest available observations of a deployment config's current state.", + "items": { + "description": "List of MutatingWebhookConfiguration.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentCondition" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" } ], "default": {} }, - "type": "array", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "type": "array" }, - "details": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentDetails" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "Details are the reasons for the update to this deployment config. This could be based on a change made by the user or caused by an automatic trigger" - }, - "latestVersion": { - "default": 0, - "description": "LatestVersion is used to determine whether the current deployment associated with a deployment config is out of sync.", - "format": "int64", - "type": "integer" - }, - "observedGeneration": { - "default": 0, - "description": "ObservedGeneration is the most recent generation observed by the deployment config controller.", - "format": "int64", - "type": "integer" - }, - "readyReplicas": { - "description": "Total number of ready pods targeted by this deployment.", - "format": "int32", - "type": "integer" - }, - "replicas": { - "default": 0, - "description": "Replicas is the total number of pods targeted by this deployment config.", - "format": "int32", - "type": "integer" - }, - "unavailableReplicas": { - "default": 0, - "description": "UnavailableReplicas is the total number of unavailable pods targeted by this deployment config.", - "format": "int32", - "type": "integer" - }, - "updatedReplicas": { - "default": 0, - "description": "UpdatedReplicas is the total number of non-terminated pods targeted by this deployment config that have the desired template spec.", - "format": "int32", - "type": "integer" + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ - "latestVersion", - "observedGeneration", - "replicas", - "updatedReplicas", - "availableReplicas", - "unavailableReplicas" + "items" ], - "type": "object" - }, - "com.github.openshift.api.apps.v1.DeploymentDetails": { - "description": "DeploymentDetails captures information about the causes of a deployment.", - "properties": { - "causes": { - "description": "Causes are extended data associated with all the causes for creating a new deployment", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentCause" - } - ], - "default": {} - }, - "type": "array" - }, - "message": { - "description": "Message is the user specified change message, if this deployment was triggered manually by the user", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "MutatingWebhookConfigurationList", + "version": "v1" } - }, - "required": [ - "causes" - ], - "type": "object" + ] }, - "com.github.openshift.api.apps.v1.DeploymentStrategy": { - "description": "DeploymentStrategy describes how to perform a deployment.", + "admissionregistration.k8s.io/v1/ValidatingAdmissionPolicy": { + "description": "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.", + "namespaced": false, "properties": { - "activeDeadlineSeconds": { - "description": "ActiveDeadlineSeconds is the duration in seconds that the deployer pods for this deployment config may be active on a node before the system actively tries to terminate them.", - "format": "int64", - "type": "integer" - }, - "annotations": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "Annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", - "type": "object" - }, - "customParams": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams" - } - ], - "description": "CustomParams are the input to the Custom deployment strategy, and may also be specified for the Recreate and Rolling strategies to customize the execution process that runs the deployment." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "labels": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "Labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", - "type": "object" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "recreateParams": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "RecreateParams are the input to the Recreate deployment strategy." + "default": {}, + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata." }, - "resources": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec" } ], "default": {}, - "description": "Resources contains resource requirements to execute the deployment and any hooks." + "description": "Specification of the desired behavior of the ValidatingAdmissionPolicy." }, - "rollingParams": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus" } ], - "description": "RollingParams are the input to the Rolling deployment strategy." - }, - "type": { - "description": "Type is the name of a deployment strategy.", - "type": "string" + "default": {}, + "description": "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only." } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingAdmissionPolicy", + "version": "v1" + } + ] }, - "com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams": { - "description": "DeploymentTriggerImageChangeParams represents the parameters to the ImageChange trigger.", + "admissionregistration.k8s.io/v1/ValidatingAdmissionPolicyBinding": { + "description": "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.", + "namespaced": false, "properties": { - "automatic": { - "description": "Automatic means that the detection of a new tag value should result in an image update inside the pod template.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "containerNames": { - "description": "ContainerNames is used to restrict tag updates to the specified set of container names in a pod. If multiple triggers point to the same containers, the resulting behavior is undefined. Future API versions will make this a validation error. If ContainerNames does not point to a valid container, the trigger will be ignored. Future API versions will make this a validation error.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "from": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "From is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used." + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata." }, - "lastTriggeredImage": { - "description": "LastTriggeredImage is the last image to be triggered.", - "type": "string" - } - }, - "required": [ - "from" - ], - "type": "object" - }, - "com.github.openshift.api.apps.v1.DeploymentTriggerPolicy": { - "description": "DeploymentTriggerPolicy describes a policy for a single trigger that results in a new deployment.", - "properties": { - "imageChangeParams": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec" } ], - "description": "ImageChangeParams represents the parameters for the ImageChange trigger." - }, - "type": { - "description": "Type of the trigger", - "type": "string" + "default": {}, + "description": "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding." } }, - "type": "object" - }, - "com.github.openshift.api.apps.v1.ExecNewPodHook": { - "description": "ExecNewPodHook is a hook implementation which runs a command in a new pod based on the specified container which is assumed to be part of the deployment template.", - "properties": { - "command": { - "description": "Command is the action command and its arguments.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "containerName": { - "default": "", - "description": "ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container.", + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingAdmissionPolicyBinding", + "version": "v1" + } + ] + }, + "admissionregistration.k8s.io/v1/ValidatingAdmissionPolicyBindingList": { + "description": "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "env": { - "description": "Env is a set of environment variables to supply to the hook pod's container.", + "items": { + "description": "List of PolicyBinding.", "items": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding" } ], "default": {} }, "type": "array" }, - "volumes": { - "description": "Volumes is a list of named volumes from the pod template which should be copied to the hook pod. Volumes names not found in pod spec are ignored. An empty list means no volumes will be copied.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ - "command", - "containerName" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingAdmissionPolicyBindingList", + "version": "v1" + } + ] }, - "com.github.openshift.api.apps.v1.LifecycleHook": { - "description": "LifecycleHook defines a specific deployment lifecycle action. Only one type of action may be specified at any time.", + "admissionregistration.k8s.io/v1/ValidatingAdmissionPolicyList": { + "description": "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.", + "namespaced": true, "properties": { - "execNewPod": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.ExecNewPodHook" - } - ], - "description": "ExecNewPod specifies the options for a lifecycle hook backed by a pod." - }, - "failurePolicy": { - "default": "", - "description": "FailurePolicy specifies what action to take if the hook fails.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "tagImages": { - "description": "TagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.", + "items": { + "description": "List of ValidatingAdmissionPolicy.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.TagImageHook" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy" } ], "default": {} }, "type": "array" - } - }, - "required": [ - "failurePolicy" - ], - "type": "object" - }, - "com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams": { - "description": "RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.", - "properties": { - "mid": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.LifecycleHook" - } - ], - "description": "Mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new pod is created. All LifecycleHookFailurePolicy values are supported." }, - "post": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.LifecycleHook" - } - ], - "description": "Post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported." + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "pre": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.LifecycleHook" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "Pre is a lifecycle hook which is executed before the strategy manipulates the deployment. All LifecycleHookFailurePolicy values are supported." - }, - "timeoutSeconds": { - "description": "TimeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", - "format": "int64", - "type": "integer" + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, - "type": "object" - }, - "com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams": { - "description": "RollingDeploymentStrategyParams are the input to the Rolling deployment strategy.", - "properties": { - "intervalSeconds": { - "description": "IntervalSeconds is the time to wait between polling deployment status after update. If the value is nil, a default will be used.", - "format": "int64", - "type": "integer" - }, - "maxSurge": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.util.intstr.IntOrString" - } - ], - "description": "MaxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods." - }, - "maxUnavailable": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.util.intstr.IntOrString" - } - ], - "description": "MaxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update." - }, - "post": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.LifecycleHook" - } - ], - "description": "Post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported." - }, - "pre": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.LifecycleHook" - } - ], - "description": "Pre is a lifecycle hook which is executed before the deployment process begins. All LifecycleHookFailurePolicy values are supported." - }, - "timeoutSeconds": { - "description": "TimeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", - "format": "int64", - "type": "integer" - }, - "updatePeriodSeconds": { - "description": "UpdatePeriodSeconds is the time to wait between individual pod updates. If the value is nil, a default will be used.", - "format": "int64", - "type": "integer" + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingAdmissionPolicyList", + "version": "v1" } - }, - "type": "object" + ] }, - "com.github.openshift.api.apps.v1.TagImageHook": { - "description": "TagImageHook is a request to tag the image in a particular container onto an ImageStreamTag.", + "admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration": { + "description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.", + "namespaced": false, "properties": { - "containerName": { - "default": "", - "description": "ContainerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single container this value will be defaulted to the name of that container.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "to": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "To is the target ImageStreamTag to set the container's image onto." - } - }, - "required": [ - "containerName", - "to" - ], - "type": "object" - }, - "com.github.openshift.api.authorization.v1.GroupRestriction": { - "description": "GroupRestriction matches a group either by a string match on the group name or a label selector applied to group labels.", - "properties": { - "groups": { - "description": "Groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata." }, - "labels": { - "description": "Selectors specifies a list of label selectors over group labels.", + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", "items": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhook" } ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } }, - "required": [ - "groups", - "labels" - ], - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingWebhookConfiguration", + "version": "v1" + } + ] }, - "com.github.openshift.api.authorization.v1.PolicyRule": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", + "admissionregistration.k8s.io/v1/ValidatingWebhookConfigurationList": { + "description": "ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.", + "namespaced": true, "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ValidatingWebhookConfiguration.", "items": { - "default": "", - "type": "string" + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" + } + ], + "default": {} }, "type": "array" }, - "attributeRestrictions": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error." - }, - "nonResourceURLs": { - "description": "NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "resources": { - "description": "Resources is a list of resources this rule applies to. ResourceAll represents all resources.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "verbs": { - "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ - "verbs", - "resources" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "admissionregistration.k8s.io", + "kind": "ValidatingWebhookConfigurationList", + "version": "v1" + } + ] }, - "com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec": { - "description": "RoleBindingRestrictionSpec defines a rolebinding restriction. Exactly one field must be non-nil.", + "apiextensions.k8s.io/v1/CustomResourceDefinition": { + "description": "CustomResourceDefinition represents a resource that should be exposed on the API server. Its name MUST be in the format <.spec.name>.<.spec.group>.", + "namespaced": false, "properties": { - "grouprestriction": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.GroupRestriction" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "GroupRestriction matches against group subjects." + "default": {}, + "description": "Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "serviceaccountrestriction": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.ServiceAccountRestriction" + "$ref": "#/components/schemas/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionSpec" } ], - "description": "ServiceAccountRestriction matches against service-account subjects." + "default": {}, + "description": "spec describes how the user wants the resources to appear" }, - "userrestriction": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.UserRestriction" + "$ref": "#/components/schemas/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinitionStatus" } ], - "description": "UserRestriction matches against user subjects." - } - }, - "required": [ - "userrestriction", - "grouprestriction", - "serviceaccountrestriction" - ], - "type": "object" - }, - "com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec": { - "description": "SelfSubjectRulesReviewSpec adds information about how to conduct the check", - "properties": { - "scopes": { - "description": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil means \"use the scopes on this request\".", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "scopes" - ], - "type": "object" - }, - "com.github.openshift.api.authorization.v1.ServiceAccountReference": { - "description": "ServiceAccountReference specifies a service account and namespace by their names.", - "properties": { - "name": { - "default": "", - "description": "Name is the name of the service account.", - "type": "string" - }, - "namespace": { - "default": "", - "description": "Namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used.", - "type": "string" - } - }, - "required": [ - "name", - "namespace" - ], - "type": "object" - }, - "com.github.openshift.api.authorization.v1.ServiceAccountRestriction": { - "description": "ServiceAccountRestriction matches a service account by a string match on either the service-account name or the name of the service account's namespace.", - "properties": { - "namespaces": { - "description": "Namespaces specifies a list of literal namespace names.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "serviceaccounts": { - "description": "ServiceAccounts specifies a list of literal service-account names.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.ServiceAccountReference" - } - ], - "default": {} - }, - "type": "array" + "default": {}, + "description": "status indicates the actual state of the CustomResourceDefinition" } }, "required": [ - "serviceaccounts", - "namespaces" + "spec" ], - "type": "object" - }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec": { - "description": "SubjectRulesReviewSpec adds information about how to conduct the check", - "properties": { - "groups": { - "description": "Groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "scopes": { - "description": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\".", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "user": { - "default": "", - "description": "User is optional. At least one of User and Groups must be specified.", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiextensions.k8s.io", + "kind": "CustomResourceDefinition", + "version": "v1" } - }, - "required": [ - "user", - "groups", - "scopes" - ], - "type": "object" + ] }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { - "description": "SubjectRulesReviewStatus is contains the result of a rules check", + "apiextensions.k8s.io/v1/CustomResourceDefinitionList": { + "description": "CustomResourceDefinitionList is a list of CustomResourceDefinition objects.", + "namespaced": true, "properties": { - "evaluationError": { - "description": "EvaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "rules": { - "description": "Rules is the list of rules (no particular sort) that are allowed for the subject", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.PolicyRule" - } - ], - "default": {} - }, - "type": "array" - } - }, - "required": [ - "rules" - ], - "type": "object" - }, - "com.github.openshift.api.authorization.v1.UserRestriction": { - "description": "UserRestriction matches a user either by a string match on the user name, a string match on the name of a group to which the user belongs, or a label selector applied to the user labels.", - "properties": { - "groups": { - "description": "Groups specifies a list of literal group names.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - }, - "labels": { - "description": "Selectors specifies a list of label selectors over user labels.", + "items": { + "description": "items list individual CustomResourceDefinition objects", "items": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "$ref": "#/components/schemas/io.k8s.apiextensions-apiserver.pkg.apis.apiextensions.v1.CustomResourceDefinition" } ], "default": {} }, "type": "array" }, - "users": { - "description": "Users specifies a list of literal user names.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "users", - "groups", - "labels" - ], - "type": "object" - }, - "com.github.openshift.api.build.v1.BinaryBuildSource": { - "description": "BinaryBuildSource describes a binary file to be used for the Docker and Source build strategies, where the file will be extracted and used as the build source.", - "properties": { - "asFile": { - "description": "asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying \"webapp.war\" would place the provided binary as `/webapp.war` for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.", - "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.BitbucketWebHookCause": { - "description": "BitbucketWebHookCause has information about a Bitbucket webhook that triggered a build.", - "properties": { - "revision": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceRevision" - } - ], - "description": "Revision is the git source revision information of the trigger." - }, - "secret": { - "description": "Secret is the obfuscated webhook secret that triggered a build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildCondition": { - "description": "BuildCondition describes the state of a build at a certain point.", - "properties": { - "lastTransitionTime": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "The last time the condition transitioned from one status to another." }, - "lastUpdateTime": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "The last time this condition was updated." - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "default": "", - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string" - }, - "type": { - "default": "", - "description": "Type of build condition.", - "type": "string" + "default": {}, + "description": "Standard object's metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "type", - "status" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiextensions.k8s.io", + "kind": "CustomResourceDefinitionList", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildConfigSpec": { - "description": "BuildConfigSpec describes when and how builds are created", + "apiregistration.k8s.io/v1/APIService": { + "description": "APIService represents a server for a particular GroupVersion. Name must be \"version.group\".", + "namespaced": false, "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "format": "int64", - "type": "integer" - }, - "failedBuildsHistoryLimit": { - "description": "failedBuildsHistoryLimit is the number of old failed builds to retain. When a BuildConfig is created, the 5 most recent failed builds are retained unless this value is set. If removed after the BuildConfig has been created, all failed builds are retained.", - "format": "int32", - "type": "integer" - }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "nodeSelector": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "output": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildOutput" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "output describes the container image the Strategy should produce." + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "postCommit": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildPostCommitSpec" + "$ref": "#/components/schemas/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceSpec" } ], "default": {}, - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry." + "description": "Spec contains information for locating and communicating with a server" }, - "resources": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/components/schemas/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIServiceStatus" } ], "default": {}, - "description": "resources computes resource requirements to execute the build." - }, - "revision": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceRevision" - } - ], - "description": "revision is the information from the source for a specific repo snapshot. This is optional." - }, - "runPolicy": { - "description": "RunPolicy describes how the new build created from this build configuration will be scheduled for execution. This is optional, if not specified we default to \"Serial\".", - "type": "string" - }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", + "description": "Status contains derived information about an API server" + } + }, + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiregistration.k8s.io", + "kind": "APIService", + "version": "v1" + } + ] + }, + "apiregistration.k8s.io/v1/APIServiceList": { + "description": "APIServiceList is a list of APIService objects.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "source": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildSource" - } - ], - "default": {}, - "description": "source describes the SCM in use." - }, - "strategy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildStrategy" - } - ], - "default": {}, - "description": "strategy defines how to perform a build." - }, - "successfulBuildsHistoryLimit": { - "description": "successfulBuildsHistoryLimit is the number of old successful builds to retain. When a BuildConfig is created, the 5 most recent successful builds are retained unless this value is set. If removed after the BuildConfig has been created, all successful builds are retained.", - "format": "int32", - "type": "integer" - }, - "triggers": { - "description": "triggers determine how new Builds can be launched from a BuildConfig. If no triggers are defined, a new build can only occur as a result of an explicit client build creation.", + "items": { + "description": "Items is the list of APIService", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildTriggerPolicy" + "$ref": "#/components/schemas/io.k8s.kube-aggregator.pkg.apis.apiregistration.v1.APIService" } ], "default": {} }, "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "strategy" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiregistration.k8s.io", + "kind": "APIServiceList", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildConfigStatus": { - "description": "BuildConfigStatus contains current state of the build config object.", + "apiserver.openshift.io/v1/APIRequestCount": { + "description": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { - "imageChangeTriggers": { - "description": "ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageChangeTriggerStatus" - } - ], - "default": {} - }, - "type": "array" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "lastVersion": { - "default": 0, - "description": "lastVersion is used to inform about number of last triggered build.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "lastVersion" - ], - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildOutput": { - "description": "BuildOutput is input to a build strategy and describes the container image that the strategy should produce.", - "properties": { - "imageLabels": { - "description": "imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageLabel" - } - ], - "default": {} - }, - "type": "array" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "pushSecret": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "PushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub)." + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "to": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "spec": { + "description": "spec defines the characteristics of the resource.", + "properties": { + "numberOfUsersToReport": { + "default": 10, + "description": "numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change.", + "format": "int64", + "maximum": 100, + "minimum": 0, + "type": "integer" } - ], - "description": "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified." - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildPostCommitSpec": { - "description": "A BuildPostCommitSpec holds a build post commit hook specification. The hook executes a command in a temporary container running the build output image, immediately after the last layer of the image is committed and before the image is pushed to a registry. The command is executed with the current working directory ($PWD) set to the image's WORKDIR.\n\nThe build will be marked as failed if the hook execution fails. It will fail if the script or command return a non-zero exit code, or if there is any other error related to starting the temporary container.\n\nThere are five different ways to configure the hook. As an example, all forms below are equivalent and will execute `rake test --verbose`.\n\n1. Shell script:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test --verbose\",\n\t }\n\n\tThe above is a convenient form which is equivalent to:\n\n\t \"postCommit\": {\n\t \"command\": [\"/bin/sh\", \"-ic\"],\n\t \"args\": [\"rake test --verbose\"]\n\t }\n\n2. A command as the image entrypoint:\n\n\t \"postCommit\": {\n\t \"commit\": [\"rake\", \"test\", \"--verbose\"]\n\t }\n\n\tCommand overrides the image entrypoint in the exec form, as documented in\n\tDocker: https://docs.docker.com/engine/reference/builder/#entrypoint.\n\n3. Pass arguments to the default entrypoint:\n\n\t \"postCommit\": {\n\t\t\t \"args\": [\"rake\", \"test\", \"--verbose\"]\n\t\t }\n\n\t This form is only useful if the image entrypoint can handle arguments.\n\n4. Shell script with arguments:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test $1\",\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is useful if you need to pass arguments that would otherwise be\n\thard to quote properly in the shell script. In the script, $0 will be\n\t\"/bin/sh\" and $1, $2, etc, are the positional arguments from Args.\n\n5. Command with arguments:\n\n\t \"postCommit\": {\n\t \"command\": [\"rake\", \"test\"],\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is equivalent to appending the arguments to the Command slice.\n\nIt is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.", - "properties": { - "args": { - "description": "args is a list of arguments that are provided to either Command, Script or the container image's default entrypoint. The arguments are placed immediately after the command to be run.", - "items": { - "default": "", - "type": "string" }, - "type": "array" + "type": "object" }, - "command": { - "description": "command is the command to run. It may not be specified with Script. This might be needed if the image doesn't have `/bin/sh`, or if you do not want to use a shell. In all other cases, using Script might be more convenient.", - "items": { - "default": "", - "type": "string" + "status": { + "description": "status contains the observed state of the resource.", + "properties": { + "conditions": { + "description": "conditions contains details of the current status of this API Resource.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "currentHour": { + "description": "currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.", + "properties": { + "byNode": { + "description": "byNode contains logs of requests per node.", + "items": { + "description": "PerNodeAPIRequestLog contains logs of requests to a certain node.", + "properties": { + "byUser": { + "description": "byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.", + "items": { + "description": "PerUserAPIRequestCount contains logs of a user's requests.", + "properties": { + "byVerb": { + "description": "byVerb details by verb.", + "items": { + "description": "PerVerbAPIRequestCount requestCounts requests by API request verb.", + "properties": { + "requestCount": { + "description": "requestCount of requests for verb.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "verb": { + "description": "verb of API request (get, list, create, etc...)", + "maxLength": 20, + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 10, + "type": "array" + }, + "requestCount": { + "description": "requestCount of requests by the user across all verbs.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "userAgent": { + "description": "userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.", + "maxLength": 1024, + "type": "string" + }, + "username": { + "description": "userName that made the request.", + "maxLength": 512, + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 500, + "type": "array" + }, + "nodeName": { + "description": "nodeName where the request are being handled.", + "maxLength": 512, + "minLength": 1, + "type": "string" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.", + "format": "int64", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "maxItems": 512, + "type": "array" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across nodes.", + "format": "int64", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "last24h": { + "description": "last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field.", + "items": { + "description": "PerResourceAPIRequestLog logs request for various nodes.", + "properties": { + "byNode": { + "description": "byNode contains logs of requests per node.", + "items": { + "description": "PerNodeAPIRequestLog contains logs of requests to a certain node.", + "properties": { + "byUser": { + "description": "byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.", + "items": { + "description": "PerUserAPIRequestCount contains logs of a user's requests.", + "properties": { + "byVerb": { + "description": "byVerb details by verb.", + "items": { + "description": "PerVerbAPIRequestCount requestCounts requests by API request verb.", + "properties": { + "requestCount": { + "description": "requestCount of requests for verb.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "verb": { + "description": "verb of API request (get, list, create, etc...)", + "maxLength": 20, + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 10, + "type": "array" + }, + "requestCount": { + "description": "requestCount of requests by the user across all verbs.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "userAgent": { + "description": "userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.", + "maxLength": 1024, + "type": "string" + }, + "username": { + "description": "userName that made the request.", + "maxLength": 512, + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 500, + "type": "array" + }, + "nodeName": { + "description": "nodeName where the request are being handled.", + "maxLength": 512, + "minLength": 1, + "type": "string" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.", + "format": "int64", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "maxItems": 512, + "type": "array" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across nodes.", + "format": "int64", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "maxItems": 24, + "type": "array" + }, + "removedInRelease": { + "description": "removedInRelease is when the API will be removed.", + "maxLength": 64, + "minLength": 0, + "pattern": "^[0-9][0-9]*\\.[0-9][0-9]*$", + "type": "string" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all current hours, nodes, and users.", + "format": "int64", + "minimum": 0, + "type": "integer" + } }, - "type": "array" - }, - "script": { - "description": "script is a shell script to be run with `/bin/sh -ic`. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with `rake test`. If you need control over the image entrypoint, or if the image does not have `/bin/sh`, use Command and/or Args. The `-i` flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make `ruby`, `bundle` and other binaries available in the PATH.", - "type": "string" + "type": "object" } }, - "type": "object" + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiserver.openshift.io", + "kind": "APIRequestCount", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildSource": { - "description": "BuildSource is the SCM used for the build.", + "apiserver.openshift.io/v1/APIRequestCountList": { + "description": "APIRequestCountList is a list of APIRequestCount", + "namespaced": true, "properties": { - "binary": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BinaryBuildSource" - } - ], - "description": "binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN." - }, - "configMaps": { - "description": "configMaps represents a list of configMaps and their destinations that will be used for the build.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ConfigMapBuildSource" - } - ], - "default": {} - }, - "type": "array" - }, - "contextDir": { - "description": "contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.", - "type": "string" - }, - "dockerfile": { - "description": "dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "git": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.GitBuildSource" - } - ], - "description": "git contains optional information about git build source" - }, - "images": { - "description": "images describes a set of images to be used to provide source for the build", + "items": { + "description": "List of apirequestcounts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageSource" - } - ], - "default": {} + "$ref": "#/components/schemas/io.openshift.apiserver.v1.APIRequestCount" }, "type": "array" }, - "secrets": { - "description": "secrets represents a list of secrets and their destinations that will be used only for the build.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SecretBuildSource" - } - ], - "default": {} - }, - "type": "array" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "sourceSecret": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey." - }, - "type": { - "description": "type of build input to accept", - "type": "string" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, - "type": "object" + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apiserver.openshift.io", + "kind": "APIRequestCountList", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildSpec": { - "description": "BuildSpec has the information to represent a build and also additional information about a build", + "apps.openshift.io/v1/DeploymentConfig": { + "description": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.", + "namespaced": true, "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "format": "int64", - "type": "integer" - }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" - }, - "nodeSelector": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object" - }, - "output": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildOutput" - } - ], - "default": {}, - "description": "output describes the container image the Strategy should produce." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "postCommit": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildPostCommitSpec" - } - ], - "default": {}, - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry." + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "resources": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "resources computes resource requirements to execute the build." - }, - "revision": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceRevision" - } - ], - "description": "revision is the information from the source for a specific repo snapshot. This is optional." - }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", - "type": "string" + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "source": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildSource" + "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentConfigSpec" } ], "default": {}, - "description": "source describes the SCM in use." + "description": "Spec represents a desired deployment state and how to deploy to it." }, - "strategy": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildStrategy" + "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentConfigStatus" } ], "default": {}, - "description": "strategy defines how to perform a build." - }, - "triggeredBy": { - "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildTriggerCause" - } - ], - "default": {} - }, - "type": "array" + "description": "Status represents the current deployment state." } }, "required": [ - "strategy" + "spec" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps.openshift.io", + "kind": "DeploymentConfig", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildStatus": { - "description": "BuildStatus contains the status of a build", + "apps.openshift.io/v1/DeploymentConfigList": { + "description": "DeploymentConfigList is a collection of deployment configs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "cancelled": { - "description": "cancelled describes if a cancel event was triggered for the build.", - "type": "boolean" - }, - "completionTimestamp": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "conditions": { - "description": "Conditions represents the latest available observations of a build's current state.", + "items": { + "description": "Items is a list of deployment configs", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildCondition" + "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentConfig" } ], "default": {} }, - "type": "array", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "config": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "description": "config is an ObjectReference to the BuildConfig this Build is based on." - }, - "duration": { - "description": "duration contains time.Duration object describing build time.", - "format": "int64", - "type": "integer" - }, - "logSnippet": { - "description": "logSnippet is the last few lines of the build log. This value is only set for builds that failed.", - "type": "string" + "type": "array" }, - "message": { - "description": "message is a human-readable message indicating details about why the build has this status.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "output": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildStatusOutput" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], "default": {}, - "description": "output describes the container image the build has produced." - }, - "outputDockerImageReference": { - "description": "outputDockerImageReference contains a reference to the container image that will be built by this build. Its value is computed from Build.Spec.Output.To, and should include the registry address, so that it can be used to push and pull the image.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps.openshift.io", + "kind": "DeploymentConfigList", + "version": "v1" + } + ] + }, + "apps.openshift.io/v1/DeploymentConfigRollback": { + "description": "DeploymentConfigRollback provides the input to rollback generation.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "phase": { - "default": "", - "description": "phase is the point in the build lifecycle. Possible values are \"New\", \"Pending\", \"Running\", \"Complete\", \"Failed\", \"Error\", and \"Cancelled\".", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "reason": { - "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", + "name": { + "default": "", + "description": "Name of the deployment config that will be rolled back.", "type": "string" }, - "stages": { - "description": "stages contains details about each stage that occurs during the build including start time, duration (in milliseconds), and the steps that occured within each stage.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.StageInfo" - } - ], - "default": {} - }, - "type": "array" - }, - "startTimestamp": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec" } ], - "description": "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC." + "default": {}, + "description": "Spec defines the options to rollback generation." + }, + "updatedAnnotations": { + "additionalProperties": { + "default": "", + "type": "string" + }, + "description": "UpdatedAnnotations is a set of new annotations that will be added in the deployment config.", + "type": "object" } }, "required": [ - "phase" + "name", + "spec" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps.openshift.io", + "kind": "DeploymentConfigRollback", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildStatusOutput": { - "description": "BuildStatusOutput contains the status of the built image.", + "apps.openshift.io/v1/DeploymentLog": { + "description": "DeploymentLog represents the logs for a deployment\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "to": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildStatusOutputTo" - } - ], - "description": "to describes the status of the built image being pushed to a registry." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps.openshift.io", + "kind": "DeploymentLog", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildStatusOutputTo": { - "description": "BuildStatusOutputTo describes the status of the built image with regards to image registry to which it was supposed to be pushed.", + "apps.openshift.io/v1/DeploymentRequest": { + "description": "DeploymentRequest is a request to a deployment config for a new deployment.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "imageDigest": { - "description": "imageDigest is the digest of the built container image. The digest uniquely identifies the image in the registry to which it was pushed.\n\nPlease note that this field may not always be set even if the push completes successfully - e.g. when the registry returns no digest or returns it in a format that the builder doesn't understand.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "excludeTriggers": { + "description": "ExcludeTriggers instructs the instantiator to avoid processing the specified triggers. This field overrides the triggers from latest and allows clients to control specific logic. This field is ignored if not specified.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "force": { + "default": false, + "description": "Force will try to force a new deployment to run. If the deployment config is paused, then setting this to true will return an Invalid error.", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "latest": { + "default": false, + "description": "Latest will update the deployment config with the latest state from all triggers.", + "type": "boolean" + }, + "name": { + "default": "", + "description": "Name of the deployment config for requesting a new deployment.", "type": "string" } }, - "type": "object" + "required": [ + "name", + "latest", + "force" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps.openshift.io", + "kind": "DeploymentRequest", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildStrategy": { - "description": "BuildStrategy contains the details of how to perform a build.", + "apps.openshift.io/v1/Scale": { + "description": "represents a scaling request for a resource.", + "namespaced": true, "properties": { - "customStrategy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.CustomBuildStrategy" - } - ], - "description": "customStrategy holds the parameters to the Custom build strategy" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "dockerStrategy": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.DockerBuildStrategy" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "dockerStrategy holds the parameters to the container image build strategy." + "default": {}, + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata." }, - "jenkinsPipelineStrategy": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy" + "$ref": "#/components/schemas/io.k8s.api.extensions.v1beta1.ScaleSpec" } ], - "description": "JenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy. Deprecated: use OpenShift Pipelines" + "default": {}, + "description": "defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status." }, - "sourceStrategy": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceBuildStrategy" + "$ref": "#/components/schemas/io.k8s.api.extensions.v1beta1.ScaleStatus" } ], - "description": "sourceStrategy holds the parameters to the Source build strategy." - }, - "type": { - "description": "type is the kind of build strategy.", - "type": "string" + "default": {}, + "description": "current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only." } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps.openshift.io", + "kind": "Scale", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildTriggerCause": { - "description": "BuildTriggerCause holds information about a triggered build. It is used for displaying build trigger data for each build and build configuration in oc describe. It is also used to describe which triggers led to the most recent update in the build configuration.", + "apps/v1/ControllerRevision": { + "description": "ControllerRevision implements an immutable snapshot of state data. Clients are responsible for serializing and deserializing the objects that contain their internal state. Once a ControllerRevision has been successfully created, it can not be updated. The API Server will fail validation of all requests that attempt to mutate the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, it may be subject to name and representation changes in future releases, and clients should not depend on its stability. It is primarily for internal use by controllers.", + "namespaced": true, "properties": { - "bitbucketWebHook": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BitbucketWebHookCause" - } - ], - "description": "BitbucketWebHook represents data for a Bitbucket webhook that fired a specific build." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "genericWebHook": { + "data": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.GenericWebHookCause" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" } ], - "description": "genericWebHook holds data about a builds generic webhook trigger." + "description": "Data is the serialized representation of the state." }, - "githubWebHook": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.GitHubWebHookCause" - } - ], - "description": "gitHubWebHook represents data for a GitHub webhook that fired a specific build." + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "gitlabWebHook": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.GitLabWebHookCause" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "GitLabWebHook represents data for a GitLab webhook that fired a specific build." - }, - "imageChangeBuild": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageChangeCause" - } - ], - "description": "imageChangeBuild stores information about an imagechange event that triggered a new build." + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "message": { - "description": "message is used to store a human readable message for why the build was triggered. E.g.: \"Manually triggered by user\", \"Configuration change\",etc.", - "type": "string" + "revision": { + "default": 0, + "description": "Revision indicates the revision of the state represented by Data.", + "format": "int64", + "type": "integer" } }, - "type": "object" + "required": [ + "revision" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "ControllerRevision", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildTriggerPolicy": { - "description": "BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.", + "apps/v1/ControllerRevisionList": { + "description": "ControllerRevisionList is a resource containing a list of ControllerRevision objects.", + "namespaced": true, "properties": { - "bitbucket": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.WebHookTrigger" - } - ], - "description": "BitbucketWebHook contains the parameters for a Bitbucket webhook type of trigger" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of ControllerRevisions", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.apps.v1.ControllerRevision" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "generic": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.WebHookTrigger" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "generic contains the parameters for a Generic webhook type of trigger" + "default": {}, + "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "ControllerRevisionList", + "version": "v1" + } + ] + }, + "apps/v1/DaemonSet": { + "description": "DaemonSet represents the configuration of a daemon set.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "github": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.WebHookTrigger" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "github contains the parameters for a GitHub webhook type of trigger" + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "gitlab": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.WebHookTrigger" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.DaemonSetSpec" } ], - "description": "GitLabWebHook contains the parameters for a GitLab webhook type of trigger" + "default": {}, + "description": "The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" }, - "imageChange": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageChangeTrigger" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.DaemonSetStatus" } ], - "description": "imageChange contains parameters for an ImageChange type of trigger" - }, - "type": { - "default": "", - "description": "type is the type of build trigger. Valid values:\n\n- GitHub GitHubWebHookBuildTriggerType represents a trigger that launches builds on GitHub webhook invocations\n\n- Generic GenericWebHookBuildTriggerType represents a trigger that launches builds on generic webhook invocations\n\n- GitLab GitLabWebHookBuildTriggerType represents a trigger that launches builds on GitLab webhook invocations\n\n- Bitbucket BitbucketWebHookBuildTriggerType represents a trigger that launches builds on Bitbucket webhook invocations\n\n- ImageChange ImageChangeBuildTriggerType represents a trigger that launches builds on availability of a new version of an image\n\n- ConfigChange ConfigChangeBuildTriggerType will trigger a build on an initial build config creation WARNING: In the future the behavior will change to trigger a build on any config change", - "type": "string" + "default": {}, + "description": "The current status of this daemon set. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" } }, - "required": [ - "type" - ], - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "DaemonSet", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.BuildVolume": { - "description": "BuildVolume describes a volume that is made available to build pods, such that it can be mounted into buildah's runtime environment. Only a subset of Kubernetes Volume sources are supported.", + "apps/v1/DaemonSetList": { + "description": "DaemonSetList is a collection of daemon sets.", + "namespaced": true, "properties": { - "mounts": { - "description": "mounts represents the location of the volume in the image build container", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "A list of daemon sets.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildVolumeMount" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.DaemonSet" } ], "default": {} }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "destinationPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "destinationPath", - "x-kubernetes-patch-strategy": "merge" + "type": "array" }, - "name": { - "default": "", - "description": "name is a unique identifier for this BuildVolume. It must conform to the Kubernetes DNS label standard and be unique within the pod. Names that collide with those added by the build controller will result in a failed build with an error message detailing which name caused the error. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "source": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildVolumeSource" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], "default": {}, - "description": "source represents the location and type of the mounted volume." + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "name", - "source", - "mounts" + "items" ], - "type": "object" - }, - "com.github.openshift.api.build.v1.BuildVolumeMount": { - "description": "BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment.", - "properties": { - "destinationPath": { - "default": "", - "description": "destinationPath is the path within the buildah runtime environment at which the volume should be mounted. The transient mount within the build image and the backing volume will both be mounted read only. Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated by the builder process Paths that collide with those added by the build controller will result in a failed build with an error message detailing which path caused the error.", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "DaemonSetList", + "version": "v1" } - }, - "required": [ - "destinationPath" - ], - "type": "object" + ] }, - "com.github.openshift.api.build.v1.BuildVolumeSource": { - "description": "BuildVolumeSource represents the source of a volume to mount Only one of its supported types may be specified at any given time.", + "apps/v1/Deployment": { + "description": "Deployment enables declarative updates for Pods and ReplicaSets.", + "namespaced": true, "properties": { - "configMap": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ConfigMapVolumeSource" - } - ], - "description": "configMap represents a ConfigMap that should populate this volume" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "csi": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.CSIVolumeSource" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "csi represents ephemeral storage provided by external CSI drivers which support this capability" + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "secret": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.SecretVolumeSource" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.DeploymentSpec" } ], - "description": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" + "default": {}, + "description": "Specification of the desired behavior of the Deployment." }, - "type": { - "default": "", - "description": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "com.github.openshift.api.build.v1.ConfigMapBuildSource": { - "description": "ConfigMapBuildSource describes a configmap and its destination directory that will be used only at the build time. The content of the configmap referenced here will be copied into the destination directory instead of mounting.", - "properties": { - "configMap": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.DeploymentStatus" } ], "default": {}, - "description": "configMap is a reference to an existing configmap that you want to use in your build." - }, - "destinationDir": { - "description": "destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", - "type": "string" + "description": "Most recently observed status of the Deployment." } }, - "required": [ - "configMap" - ], - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "Deployment", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.CustomBuildStrategy": { - "description": "CustomBuildStrategy defines input parameters specific to Custom build.", + "apps/v1/DeploymentList": { + "description": "DeploymentList is a list of Deployments.", + "namespaced": true, "properties": { - "buildAPIVersion": { - "description": "buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "items": { + "description": "Items is the list of Deployments.", "items": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.Deployment" } ], "default": {} }, "type": "array" }, - "exposeDockerSocket": { - "description": "exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "forcePull": { - "description": "forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally", - "type": "boolean" + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + ], + "default": {}, + "description": "Standard list metadata." + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "DeploymentList", + "version": "v1" + } + ] + }, + "apps/v1/ReplicaSet": { + "description": "ReplicaSet ensures that a specified number of pod replicas are running at any given time.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "from": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled" + "description": "If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "pullSecret": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.ReplicaSetSpec" } ], - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries" + "default": {}, + "description": "Spec defines the specification of the desired behavior of the ReplicaSet. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" }, - "secrets": { - "description": "secrets is a list of additional secrets that will be included in the build pod", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SecretSpec" - } - ], - "default": {} - }, - "type": "array" + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.apps.v1.ReplicaSetStatus" + } + ], + "default": {}, + "description": "Status is the most recently observed status of the ReplicaSet. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" } }, - "required": [ - "from" - ], - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "ReplicaSet", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.DockerBuildStrategy": { - "description": "DockerBuildStrategy defines input parameters specific to container image build.", + "apps/v1/ReplicaSetList": { + "description": "ReplicaSetList is a collection of ReplicaSets.", + "namespaced": true, "properties": { - "buildArgs": { - "description": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" - } - ], - "default": {} - }, - "type": "array" - }, - "dockerfilePath": { - "description": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "items": { + "description": "List of ReplicaSets. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset", "items": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.ReplicaSet" } ], "default": {} }, "type": "array" }, - "forcePull": { - "description": "forcePull describes if the builder should pull the images from registry prior to building.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "from": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file." + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "ReplicaSetList", + "version": "v1" + } + ] + }, + "apps/v1/StatefulSet": { + "description": "StatefulSet represents a set of pods with consistent identities. Identities are defined as:\n - Network: A single stable DNS and hostname.\n - Storage: As many VolumeClaims as requested.\n\nThe StatefulSet guarantees that a given network identity will always map to the same storage identity.", + "namespaced": true, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "imageOptimizationPolicy": { - "description": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "noCache": { - "description": "noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag", - "type": "boolean" + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "pullSecret": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.StatefulSetSpec" } ], - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries" + "default": {}, + "description": "Spec defines the desired identities of pods in this set." }, - "volumes": { - "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildVolume" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.apps.v1.StatefulSetStatus" + } ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "default": {}, + "description": "Status is the current status of Pods in this StatefulSet. This data may be out of date by some window of time." } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "StatefulSet", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.DockerStrategyOptions": { - "description": "DockerStrategyOptions contains extra strategy options for container image builds", + "apps/v1/StatefulSetList": { + "description": "StatefulSetList is a collection of StatefulSets.", + "namespaced": true, "properties": { - "buildArgs": { - "description": "Args contains any build arguments that are to be passed to Docker. See https://docs.docker.com/engine/reference/builder/#/arg for more details", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is the list of stateful sets.", "items": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" + "$ref": "#/components/schemas/io.k8s.api.apps.v1.StatefulSet" } ], "default": {} }, "type": "array" }, - "noCache": { - "description": "noCache overrides the docker-strategy noCache option in the build config", - "type": "boolean" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.GenericWebHookCause": { - "description": "GenericWebHookCause holds information about a generic WebHook that triggered a build.", - "properties": { - "revision": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceRevision" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "revision is an optional field that stores the git source revision information of the generic webhook trigger when it is available." - }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" + "default": {}, + "description": "Standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, - "type": "object" + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "apps", + "kind": "StatefulSetList", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.GitBuildSource": { - "description": "GitBuildSource defines the parameters of a Git SCM", + "authentication.k8s.io/v1/SelfSubjectReview": { + "description": "SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request. When using impersonation, users will receive the user info of the user being impersonated. If impersonation or request header authentication is used, any extra keys will have their case ignored and returned as lowercase.", + "namespaced": false, "properties": { - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", - "type": "string" - }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ref": { - "description": "ref is the branch/tag/ref to build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "uri": { - "default": "", - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", - "type": "string" - } - }, - "required": [ - "uri" - ], - "type": "object" - }, - "com.github.openshift.api.build.v1.GitHubWebHookCause": { - "description": "GitHubWebHookCause has information about a GitHub webhook that triggered a build.", - "properties": { - "revision": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceRevision" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "revision is the git revision information of the trigger." + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.GitLabWebHookCause": { - "description": "GitLabWebHookCause has information about a GitLab webhook that triggered a build.", - "properties": { - "revision": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceRevision" + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.SelfSubjectReviewStatus" } ], - "description": "Revision is the git source revision information of the trigger." - }, - "secret": { - "description": "Secret is the obfuscated webhook secret that triggered a build.", - "type": "string" + "default": {}, + "description": "Status is filled in by the server with the user attributes." } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authentication.k8s.io", + "kind": "SelfSubjectReview", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.GitSourceRevision": { - "description": "GitSourceRevision is the commit information from a git source for a build", + "authentication.k8s.io/v1/TokenRequest": { + "description": "TokenRequest requests a token for a given service account.", + "namespaced": true, "properties": { - "author": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceControlUser" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "author is the author of a specific commit" - }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", - "type": "string" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "committer": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SourceControlUser" + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequestSpec" } ], "default": {}, - "description": "committer is the committer of a specific commit" + "description": "Spec holds information about the request being evaluated" }, - "message": { - "description": "message is the description of a specific commit", - "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.ImageChangeCause": { - "description": "ImageChangeCause contains information about the image that triggered a build", - "properties": { - "fromRef": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenRequestStatus" } ], - "description": "fromRef contains detailed information about an image that triggered a build." - }, - "imageID": { - "description": "imageID is the ID of the image that triggered a new build.", - "type": "string" + "default": {}, + "description": "Status is filled in by the server and indicates whether the token can be authenticated." } }, - "type": "object" + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authentication.k8s.io", + "kind": "TokenRequest", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.ImageChangeTrigger": { - "description": "ImageChangeTrigger allows builds to be triggered when an ImageStream changes", + "authentication.k8s.io/v1/TokenReview": { + "description": "TokenReview attempts to authenticate a token to a known user. Note: TokenReview requests may be cached by the webhook token authenticator plugin in the kube-apiserver.", + "namespaced": false, "properties": { - "from": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration." - }, - "lastTriggeredImageID": { - "description": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build This field is deprecated and will be removed in a future release. Deprecated", - "type": "string" + "default": {}, + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "paused": { - "description": "paused is true if this trigger is temporarily disabled. Optional.", - "type": "boolean" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { - "description": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", - "properties": { - "from": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageStreamTagReference" + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenReviewSpec" } ], "default": {}, - "description": "from is the ImageStreamTag that is the source of the trigger." + "description": "Spec holds information about the request being evaluated" }, - "lastTriggerTime": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/io.k8s.api.authentication.v1.TokenReviewStatus" } ], - "description": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build." - }, - "lastTriggeredImageID": { - "description": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", - "type": "string" + "default": {}, + "description": "Status is filled in by the server and indicates whether the request can be authenticated." } }, - "type": "object" + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authentication.k8s.io", + "kind": "TokenReview", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.ImageLabel": { - "description": "ImageLabel represents a label applied to the resulting image.", + "authorization.k8s.io/v1/LocalSubjectAccessReview": { + "description": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.", + "namespaced": true, "properties": { - "name": { - "default": "", - "description": "name defines the name of the label. It must have non-zero length.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "value": { - "description": "value defines the literal value of the label.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "com.github.openshift.api.build.v1.ImageSource": { - "description": "ImageSource is used to describe build source that will be extracted from an image or used during a multi stage build. A reference of type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified to pull the image from an external registry or override the default service account secret if pulling from the internal registry. Image sources can either be used to extract content from an image and place it into the build context along with the repository source, or used directly during a multi-stage container image build to allow content to be copied without overwriting the contents of the repository source (see the 'paths' and 'as' fields).", - "properties": { - "as": { - "description": "A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses \"COPY --from=nginx:latest\" will first check for an image source that has \"nginx:latest\" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" }, - "from": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from." + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "paths": { - "description": "paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.ImageSourcePath" - } - ], - "default": {} - }, - "type": "array" + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SubjectAccessReviewSpec" + } + ], + "default": {}, + "description": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted." }, - "pullSecret": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" } ], - "description": "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set." + "default": {}, + "description": "Status is filled in by the server and indicates whether the request is allowed or not" } }, "required": [ - "from" + "spec" ], - "type": "object" - }, - "com.github.openshift.api.build.v1.ImageSourcePath": { - "description": "ImageSourcePath describes a path to be copied from a source image and its destination within the build directory.", - "properties": { - "destinationDir": { - "default": "", - "description": "destinationDir is the relative directory within the build directory where files copied from the image are placed.", - "type": "string" - }, - "sourcePath": { - "default": "", - "description": "sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.k8s.io", + "kind": "LocalSubjectAccessReview", + "version": "v1" } - }, - "required": [ - "sourcePath", - "destinationDir" - ], - "type": "object" + ] }, - "com.github.openshift.api.build.v1.ImageStreamTagReference": { - "description": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", + "authorization.k8s.io/v1/SelfSubjectAccessReview": { + "description": "SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action", + "namespaced": false, "properties": { - "name": { - "description": "name is the name of the ImageStreamTag for an ImageChangeTrigger", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "namespace": { - "description": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy": { - "description": "JenkinsPipelineBuildStrategy holds parameters specific to a Jenkins Pipeline build. Deprecated: use OpenShift Pipelines", - "properties": { - "env": { - "description": "env contains additional environment variables you want to pass into a build pipeline.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" - } - ], - "default": {} - }, - "type": "array" }, - "jenkinsfile": { - "description": "Jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.", - "type": "string" + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "jenkinsfilePath": { - "description": "JenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.", - "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.SecretBuildSource": { - "description": "SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting.", - "properties": { - "destinationDir": { - "description": "destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", - "type": "string" + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec" + } + ], + "default": {}, + "description": "Spec holds information about the request being evaluated. user and groups must be empty" }, - "secret": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" } ], "default": {}, - "description": "secret is a reference to an existing secret that you want to use in your build." + "description": "Status is filled in by the server and indicates whether the request is allowed or not" } }, "required": [ - "secret" + "spec" ], - "type": "object" - }, - "com.github.openshift.api.build.v1.SecretLocalReference": { - "description": "SecretLocalReference contains information that points to the local secret being used", - "properties": { - "name": { - "default": "", - "description": "Name is the name of the resource in the same namespace being referenced", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.k8s.io", + "kind": "SelfSubjectAccessReview", + "version": "v1" } - }, - "required": [ - "name" - ], - "type": "object" + ] }, - "com.github.openshift.api.build.v1.SecretSpec": { - "description": "SecretSpec specifies a secret to be included in a build pod and its corresponding mount point", + "authorization.k8s.io/v1/SelfSubjectRulesReview": { + "description": "SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.", + "namespaced": false, "properties": { - "mountPath": { - "default": "", - "description": "mountPath is the path at which to mount the secret", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "secretSource": { + "metadata": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + ], + "default": {}, + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SelfSubjectRulesReviewSpec" + } + ], + "default": {}, + "description": "Spec holds information about the request being evaluated." + }, + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SubjectRulesReviewStatus" } ], "default": {}, - "description": "secretSource is a reference to the secret" + "description": "Status is filled in by the server and indicates the set of actions a user can perform." } }, "required": [ - "secretSource", - "mountPath" + "spec" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.k8s.io", + "kind": "SelfSubjectRulesReview", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.SourceBuildStrategy": { - "description": "SourceBuildStrategy defines input parameters specific to an Source build.", + "authorization.k8s.io/v1/SubjectAccessReview": { + "description": "SubjectAccessReview checks whether or not a user or group can perform an action.", + "namespaced": false, "properties": { - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.EnvVar" - } - ], - "default": {} - }, - "type": "array" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "forcePull": { - "description": "forcePull describes if the builder should pull the images from registry prior to building.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "from": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "incremental": { - "description": "incremental flag forces the Source build to do incremental builds if true.", - "type": "boolean" - }, - "pullSecret": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SubjectAccessReviewSpec" } ], - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries" - }, - "scripts": { - "description": "scripts is the location of Source scripts", - "type": "string" + "default": {}, + "description": "Spec holds information about the request being evaluated" }, - "volumes": { - "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.BuildVolume" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" + "status": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" + } ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "default": {}, + "description": "Status is filled in by the server and indicates whether the request is allowed or not" } }, "required": [ - "from" + "spec" ], - "type": "object" - }, - "com.github.openshift.api.build.v1.SourceControlUser": { - "description": "SourceControlUser defines the identity of a user of source control", - "properties": { - "email": { - "description": "email of the source control user", - "type": "string" - }, - "name": { - "description": "name of the source control user", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.k8s.io", + "kind": "SubjectAccessReview", + "version": "v1" } - }, - "type": "object" + ] }, - "com.github.openshift.api.build.v1.SourceRevision": { - "description": "SourceRevision is the revision or commit information from the source for the build", + "authorization.openshift.io/v1/ClusterRole": { + "description": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { - "git": { + "aggregationRule": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.GitSourceRevision" + "$ref": "#/components/schemas/io.k8s.api.rbac.v1.AggregationRule" } ], - "description": "Git contains information about git-based build source" + "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller." }, - "type": { - "default": "", - "description": "type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "com.github.openshift.api.build.v1.SourceStrategyOptions": { - "description": "SourceStrategyOptions contains extra strategy options for Source builds", - "properties": { - "incremental": { - "description": "incremental overrides the source-strategy incremental option in the build config", - "type": "boolean" - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.StageInfo": { - "description": "StageInfo contains details about a build stage.", - "properties": { - "durationMilliseconds": { - "description": "durationMilliseconds identifies how long the stage took to complete in milliseconds. Note: the duration of a stage can exceed the sum of the duration of the steps within the stage as not all actions are accounted for in explicit build steps.", - "format": "int64", - "type": "integer" }, - "name": { - "description": "name is a unique identifier for each build stage that occurs.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "startTime": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC." + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "steps": { - "description": "steps contains details about each step that occurs during a build stage including start time and duration in milliseconds.", + "rules": { + "description": "Rules holds all the PolicyRules for this ClusterRole", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.StepInfo" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.PolicyRule" } ], "default": {} @@ -3004,75 +5323,70 @@ "type": "array" } }, - "type": "object" + "required": [ + "rules" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "ClusterRole", + "version": "v1" + } + ] }, - "com.github.openshift.api.build.v1.StepInfo": { - "description": "StepInfo contains details about a build step.", + "authorization.openshift.io/v1/ClusterRoleBinding": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { - "durationMilliseconds": { - "description": "durationMilliseconds identifies how long the step took to complete in milliseconds.", - "format": "int64", - "type": "integer" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "name is a unique identifier for each build step.", + "groupNames": { + "description": "GroupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "startTime": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "description": "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC." - } - }, - "type": "object" - }, - "com.github.openshift.api.build.v1.WebHookTrigger": { - "description": "WebHookTrigger is a trigger that gets invoked using a webhook type of post", - "properties": { - "allowEnv": { - "description": "allowEnv determines whether the webhook can set environment variables; can only be set to true for GenericWebHook.", - "type": "boolean" - }, - "secret": { - "description": "secret used to validate requests. Deprecated: use SecretReference instead.", - "type": "string" + "default": {}, + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "secretReference": { + "roleRef": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.build.v1.SecretLocalReference" + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" } ], - "description": "secretReference is a reference to a secret in the same namespace, containing the value to be validated when the webhook is invoked. The secret being referenced must contain a key named \"WebHookSecretKey\", the value of which will be checked against the value supplied in the webhook invocation." - } - }, - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageBlobReferences": { - "description": "ImageBlobReferences describes the blob references within an image.", - "properties": { - "config": { - "description": "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", - "type": "string" - }, - "imageMissing": { - "default": false, - "description": "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", - "type": "boolean" + "default": {}, + "description": "RoleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role." }, - "layers": { - "description": "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", + "subjects": { + "description": "Subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", "items": { - "default": "", - "type": "string" + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" + } + ], + "default": {} }, "type": "array" }, - "manifests": { - "description": "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", + "userNames": { + "description": "UserNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "items": { "default": "", "type": "string" @@ -3080,2537 +5394,4224 @@ "type": "array" } }, - "type": "object" + "required": [ + "subjects", + "roleRef" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "ClusterRoleBinding", + "version": "v1" + } + ] }, - "com.github.openshift.api.image.v1.ImageImportSpec": { - "description": "ImageImportSpec describes a request to import a specific image.", + "authorization.openshift.io/v1/ClusterRoleBindingList": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "from": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "default": {}, - "description": "From is the source of an image to import; only kind DockerImage is allowed" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "importPolicy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagImportPolicy" - } - ], - "default": {}, - "description": "ImportPolicy is the policy controlling how the image is imported" + "items": { + "description": "Items is a list of ClusterRoleBindings", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.ClusterRoleBinding" + } + ], + "default": {} + }, + "type": "array" }, - "includeManifest": { - "description": "IncludeManifest determines if the manifest for each image is returned in the response", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "referencePolicy": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReferencePolicy" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], "default": {}, - "description": "ReferencePolicy defines how other components should consume the image" - }, - "to": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.LocalObjectReference" - } - ], - "description": "To is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used" + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "from" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "ClusterRoleBindingList", + "version": "v1" + } + ] }, - "com.github.openshift.api.image.v1.ImageImportStatus": { - "description": "ImageImportStatus describes the result of an image import.", + "authorization.openshift.io/v1/ClusterRoleList": { + "description": "ClusterRoleList is a collection of ClusterRoles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "image": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" - } - ], - "description": "Image is the metadata of that image, if the image was located" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "manifests": { - "description": "Manifests holds sub-manifests metadata when importing a manifest list", + "items": { + "description": "Items is a list of ClusterRoles", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.Image" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.ClusterRole" } ], "default": {} }, "type": "array" }, - "status": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], "default": {}, - "description": "Status is the status of the image import, including errors encountered while retrieving the image" - }, - "tag": { - "description": "Tag is the tag this image was located under, if any", - "type": "string" + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "status" + "items" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "ClusterRoleList", + "version": "v1" + } + ] }, - "com.github.openshift.api.image.v1.ImageLayer": { - "description": "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", + "authorization.openshift.io/v1/LocalResourceAccessReview": { + "description": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "mediaType": { - "default": "", - "description": "MediaType of the referenced object.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "name": { - "default": "", - "description": "Name of the layer as defined by the underlying store.", + "content": { + "allOf": [ + { + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + ], + "description": "Content is the actual content of the request for create and update" + }, + "isNonResourceURL": { + "default": false, + "description": "IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "size": { - "default": 0, - "description": "Size of the layer in bytes as defined by the underlying store.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "name", - "size", - "mediaType" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageLayerData": { - "description": "ImageLayerData contains metadata about an image layer.", - "properties": { - "mediaType": { + "namespace": { "default": "", - "description": "MediaType of the referenced object.", + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", "type": "string" }, - "size": { - "description": "Size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", - "format": "int64", - "type": "integer" - } - }, - "required": [ - "size", - "mediaType" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageLookupPolicy": { - "description": "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", - "properties": { - "local": { - "default": false, - "description": "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", - "type": "boolean" - } - }, - "required": [ - "local" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageManifest": { - "description": "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", - "properties": { - "architecture": { + "path": { "default": "", - "description": "Architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + "description": "Path is the path of a non resource URL", "type": "string" }, - "digest": { + "resource": { "default": "", - "description": "Digest is the unique identifier for the manifest. It refers to an Image object.", + "description": "Resource is one of the existing resource types", "type": "string" }, - "manifestSize": { - "default": 0, - "description": "ManifestSize represents the size of the raw object contents, in bytes.", - "format": "int64", - "type": "integer" + "resourceAPIGroup": { + "default": "", + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string" }, - "mediaType": { + "resourceAPIVersion": { "default": "", - "description": "MediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", "type": "string" }, - "os": { + "resourceName": { "default": "", - "description": "OS specifies the operating system, for example `linux`.", + "description": "ResourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", "type": "string" }, - "variant": { - "description": "Variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", + "verb": { + "default": "", + "description": "Verb is one of: get, list, watch, create, update, delete", "type": "string" } }, "required": [ - "digest", - "mediaType", - "manifestSize", - "architecture", - "os" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "LocalResourceAccessReview", + "version": "v1" + } + ] }, - "com.github.openshift.api.image.v1.ImageStreamImportSpec": { - "description": "ImageStreamImportSpec defines what images should be imported.", + "authorization.openshift.io/v1/LocalSubjectAccessReview": { + "description": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "images": { - "description": "Images are a list of individual images to import.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageImportSpec" - } - ], - "default": {} - }, - "type": "array" - }, - "import": { - "default": false, - "description": "Import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "repository": { + "content": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.RepositoryImportSpec" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" } ], - "description": "Repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server." - } - }, - "required": [ - "import" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageStreamImportStatus": { - "description": "ImageStreamImportStatus contains information about the status of an image stream import.", - "properties": { - "images": { - "description": "Images is set with the result of importing spec.images", + "description": "Content is the actual content of the request for create and update" + }, + "groups": { + "description": "Groups is optional. Groups is the list of groups to which the User belongs.", "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageImportStatus" - } - ], - "default": {} + "default": "", + "type": "string" }, "type": "array" }, - "import": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageStream" - } - ], - "description": "Import is the image stream that was successfully updated or created when 'to' was set." + "isNonResourceURL": { + "default": false, + "description": "IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean" }, - "repository": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.RepositoryImportStatus" - } - ], - "description": "Repository is set if spec.repository was set to the outcome of the import" - } - }, - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageStreamSpec": { - "description": "ImageStreamSpec represents options for ImageStreams.", - "properties": { - "dockerImageRepository": { - "description": "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "lookupPolicy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageLookupPolicy" - } - ], - "default": {}, - "description": "lookupPolicy controls how other resources reference images within this namespace." - }, - "tags": { - "description": "tags map arbitrary string values to specific image locators", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReference" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - } - }, - "type": "object" - }, - "com.github.openshift.api.image.v1.ImageStreamStatus": { - "description": "ImageStreamStatus contains information about the state of this image stream.", - "properties": { - "dockerImageRepository": { + "namespace": { "default": "", - "description": "DockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", "type": "string" }, - "publicDockerImageRepository": { - "description": "PublicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", + "path": { + "default": "", + "description": "Path is the path of a non resource URL", "type": "string" }, - "tags": { - "description": "Tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.NamedTagEventList" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-patch-merge-key": "tag", - "x-kubernetes-patch-strategy": "merge" - } - }, - "required": [ - "dockerImageRepository" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.NamedTagEventList": { - "description": "NamedTagEventList relates a tag to its image history.", - "properties": { - "conditions": { - "description": "Conditions is an array of conditions that apply to the tag event list.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagEventCondition" - } - ], - "default": {} - }, - "type": "array" - }, - "items": { - "description": "Standard object's metadata.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagEvent" - } - ], - "default": {} - }, - "type": "array" + "resource": { + "default": "", + "description": "Resource is one of the existing resource types", + "type": "string" }, - "tag": { + "resourceAPIGroup": { "default": "", - "description": "Tag is the tag for which the history is recorded", + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", "type": "string" - } - }, - "required": [ - "tag", - "items" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.RepositoryImportSpec": { - "description": "RepositoryImportSpec describes a request to import images from a container image repository.", - "properties": { - "from": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "default": {}, - "description": "From is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed" }, - "importPolicy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagImportPolicy" - } - ], - "default": {}, - "description": "ImportPolicy is the policy controlling how the image is imported" + "resourceAPIVersion": { + "default": "", + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string" }, - "includeManifest": { - "description": "IncludeManifest determines if the manifest for each image is returned in the response", - "type": "boolean" + "resourceName": { + "default": "", + "description": "ResourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string" }, - "referencePolicy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReferencePolicy" - } - ], - "default": {}, - "description": "ReferencePolicy defines how other components should consume the image" - } - }, - "required": [ - "from" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.RepositoryImportStatus": { - "description": "RepositoryImportStatus describes the result of an image repository import", - "properties": { - "additionalTags": { - "description": "AdditionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", + "scopes": { + "description": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", "items": { "default": "", "type": "string" }, "type": "array" }, - "images": { - "description": "Images is a list of images successfully retrieved by the import of the repository.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.ImageImportStatus" - } - ], - "default": {} - }, - "type": "array" - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Status" - } - ], - "default": {}, - "description": "Status reflects whether any failure occurred during import" - } - }, - "type": "object" - }, - "com.github.openshift.api.image.v1.SignatureCondition": { - "description": "SignatureCondition describes an image signature condition of particular kind at particular probe time.", - "properties": { - "lastProbeTime": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "Last time the condition was checked." - }, - "lastTransitionTime": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "Last time the condition transit from one status to another." - }, - "message": { - "description": "Human readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "(brief) reason for the condition's last transition.", - "type": "string" - }, - "status": { + "user": { "default": "", - "description": "Status of the condition, one of True, False, Unknown.", + "description": "User is optional. If both User and Groups are empty, the current authenticated user is used.", "type": "string" }, - "type": { + "verb": { "default": "", - "description": "Type of signature condition, Complete or Failed.", + "description": "Verb is one of: get, list, watch, create, update, delete", "type": "string" } }, "required": [ - "type", - "status" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL", + "user", + "groups", + "scopes" ], - "type": "object" - }, - "com.github.openshift.api.image.v1.SignatureIssuer": { - "description": "SignatureIssuer holds information about an issuer of signing certificate or key.", - "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", - "type": "string" - }, - "organization": { - "description": "Organization name.", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "LocalSubjectAccessReview", + "version": "v1" } - }, - "type": "object" + ] }, - "com.github.openshift.api.image.v1.SignatureSubject": { - "description": "SignatureSubject holds information about a person or entity who created the signature.", + "authorization.openshift.io/v1/ResourceAccessReview": { + "description": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", - "type": "string" - }, - "organization": { - "description": "Organization name.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "publicKeyID": { - "default": "", - "description": "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", - "type": "string" - } - }, - "required": [ - "publicKeyID" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.TagEvent": { - "description": "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", - "properties": { - "created": { + "content": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" } ], - "description": "Created holds the time the TagEvent was created" + "description": "Content is the actual content of the request for create and update" }, - "dockerImageReference": { - "default": "", - "description": "DockerImageReference is the string that can be used to pull this image", + "isNonResourceURL": { + "default": false, + "description": "IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "generation": { - "default": 0, - "description": "Generation is the spec tag generation that resulted in this tag being updated", - "format": "int64", - "type": "integer" + "namespace": { + "default": "", + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string" }, - "image": { + "path": { "default": "", - "description": "Image is the image", + "description": "Path is the path of a non resource URL", "type": "string" - } - }, - "required": [ - "created", - "dockerImageReference", - "image", - "generation" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.TagEventCondition": { - "description": "TagEventCondition contains condition information for a tag event.", - "properties": { - "generation": { - "default": 0, - "description": "Generation is the spec tag generation that this status corresponds to", - "format": "int64", - "type": "integer" }, - "lastTransitionTime": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "LastTransitionTIme is the time the condition transitioned from one status to another." + "resource": { + "default": "", + "description": "Resource is one of the existing resource types", + "type": "string" }, - "message": { - "description": "Message is a human readable description of the details about last transition, complementing reason.", + "resourceAPIGroup": { + "default": "", + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", "type": "string" }, - "reason": { - "description": "Reason is a brief machine readable explanation for the condition's last transition.", + "resourceAPIVersion": { + "default": "", + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", "type": "string" }, - "status": { + "resourceName": { "default": "", - "description": "Status of the condition, one of True, False, Unknown.", + "description": "ResourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", "type": "string" }, - "type": { + "verb": { "default": "", - "description": "Type of tag event condition, currently only ImportSuccess", + "description": "Verb is one of: get, list, watch, create, update, delete", "type": "string" } }, "required": [ - "type", - "status", - "generation" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], - "type": "object" - }, - "com.github.openshift.api.image.v1.TagImportPolicy": { - "description": "TagImportPolicy controls how images related to this tag will be imported.", - "properties": { - "importMode": { - "description": "ImportMode describes how to import an image manifest.", - "type": "string" - }, - "insecure": { - "description": "Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", - "type": "boolean" - }, - "scheduled": { - "description": "Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", - "type": "boolean" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "ResourceAccessReview", + "version": "v1" } - }, - "type": "object" + ] }, - "com.github.openshift.api.image.v1.TagReference": { - "description": "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", + "authorization.openshift.io/v1/Role": { + "description": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "annotations": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", - "type": "object" - }, - "from": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "description": "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream." - }, - "generation": { - "description": "Generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", - "format": "int64", - "type": "integer" - }, - "importPolicy": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagImportPolicy" - } - ], - "default": {}, - "description": "ImportPolicy is information that controls how images may be imported by the server." - }, - "name": { - "default": "", - "description": "Name of the tag", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reference": { - "description": "Reference states if the tag will be imported. Default value is false, which means the tag will be imported.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "referencePolicy": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.image.v1.TagReferencePolicy" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "ReferencePolicy defines how other components should consume the image." - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "com.github.openshift.api.image.v1.TagReferencePolicy": { - "description": "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", - "properties": { - "type": { - "default": "", - "description": "Type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction": { - "description": "ClusterRoleScopeRestriction describes restrictions on cluster role scopes", - "properties": { - "allowEscalation": { - "default": false, - "description": "allowEscalation indicates whether you can request roles and their escalating resources", - "type": "boolean" - }, - "namespaces": { - "description": "namespaces is the list of namespaces that can be referenced. * means any of them (including *)", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "roleNames": { - "description": "roleNames is the list of cluster roles that can referenced. * means anything", + "rules": { + "description": "Rules holds all the PolicyRules for this Role", "items": { - "default": "", - "type": "string" + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.PolicyRule" + } + ], + "default": {} }, "type": "array" } }, "required": [ - "roleNames", - "namespaces", - "allowEscalation" + "rules" ], - "type": "object" - }, - "com.github.openshift.api.oauth.v1.ScopeRestriction": { - "description": "ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil.", - "properties": { - "clusterRole": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction" - } - ], - "description": "clusterRole describes a set of restrictions for cluster role scoping." - }, - "literals": { - "description": "ExactValues means the scope has to match a particular set of strings exactly", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "Role", + "version": "v1" } - }, - "type": "object" + ] }, - "com.github.openshift.api.project.v1.ProjectSpec": { - "description": "ProjectSpec describes the attributes on a Project", + "authorization.openshift.io/v1/RoleBinding": { + "description": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "finalizers": { - "description": "Finalizers is an opaque list of values that must be empty to permanently remove object from storage", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "groupNames": { + "description": "GroupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "items": { "default": "", "type": "string" }, "type": "array" - } - }, - "type": "object" - }, - "com.github.openshift.api.project.v1.ProjectStatus": { - "description": "ProjectStatus is information about the current status of a Project", - "properties": { - "conditions": { - "description": "Represents the latest available observations of the project current state.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.NamespaceCondition" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" }, - "phase": { - "description": "Phase is the current lifecycle phase of the project\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", - "enum": [ - "Active", - "Terminating" - ], + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector": { - "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector must present. If only one is present, it is the only selection criteria. If both are specified, the project must match both restrictions.", - "properties": { - "annotations": { - "additionalProperties": { - "default": "", - "type": "string" - }, - "description": "AnnotationSelector is used to select projects by annotation.", - "type": "object" }, - "labels": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - } - ], - "description": "LabelSelector is used to select projects by label." - } - }, - "type": "object" - }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec": { - "description": "ClusterResourceQuotaSpec defines the desired quota restrictions", - "properties": { - "quota": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaSpec" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], "default": {}, - "description": "Quota defines the desired quota" + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "selector": { + "roleRef": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector" + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" } ], "default": {}, - "description": "Selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource." - } - }, - "required": [ - "selector", - "quota" - ], - "type": "object" - }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { - "description": "ClusterResourceQuotaStatus defines the actual enforced quota and its current usage", - "properties": { - "namespaces": { - "description": "Namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.", + "description": "RoleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role." + }, + "subjects": { + "description": "Subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace" + "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" } ], "default": {} }, "type": "array" }, - "total": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaStatus" - } - ], - "default": {}, - "description": "Total defines the actual enforced quota and its current usage across all projects" + "userNames": { + "description": "UserNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" } }, "required": [ - "total" + "subjects", + "roleRef" ], - "type": "object" - }, - "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { - "description": "ResourceQuotaStatusByNamespace gives status for a particular project", - "properties": { - "namespace": { - "default": "", - "description": "Namespace the project this status applies to", - "type": "string" - }, - "status": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ResourceQuotaStatus" - } - ], - "default": {}, - "description": "Status indicates how many resources have been consumed by this project" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "RoleBinding", + "version": "v1" } - }, - "required": [ - "namespace", - "status" - ], - "type": "object" + ] }, - "com.github.openshift.api.route.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "authorization.openshift.io/v1/RoleBindingList": { + "description": "RoleBindingList is a collection of RoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "name": { - "description": "name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" - } - }, - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "com.github.openshift.api.route.v1.RouteHTTPHeader": { - "description": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", - "properties": { - "action": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion" - } - ], - "default": {}, - "description": "action specifies actions to perform on headers, such as setting or deleting headers." }, - "name": { - "default": "", - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "items": { + "description": "Items is a list of RoleBindings", + "items": { + "allOf": [ + { + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.RoleBinding" + } + ], + "default": {} + }, + "type": "array" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - }, - "required": [ - "name", - "action" - ], - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion": { - "description": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", - "properties": { - "set": { + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteSetHTTPHeader" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise." - }, - "type": { - "default": "", - "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", - "type": "string" + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" } }, "required": [ - "type" + "items" ], "type": "object", - "x-kubernetes-unions": [ + "x-kubernetes-group-version-kind": [ { - "discriminator": "type", - "fields-to-discriminateBy": { - "set": "Set" - } + "group": "authorization.openshift.io", + "kind": "RoleBindingList", + "version": "v1" } ] }, - "com.github.openshift.api.route.v1.RouteHTTPHeaderActions": { - "description": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "authorization.openshift.io/v1/RoleBindingRestriction": { + "description": "RoleBindingRestriction is an object that can be matched against a subject\n(user, group, or service account) to determine whether rolebindings on that\nsubject are allowed in the namespace to which the RoleBindingRestriction\nbelongs. If any one of those RoleBindingRestriction objects matches\na subject, rolebindings on that subject in the namespace are allowed.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "request": { - "description": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteHTTPHeader" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "response": { - "description": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteHTTPHeader" - } - ], - "default": {} - }, - "type": "array", - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteHTTPHeaders": { - "description": "RouteHTTPHeaders defines policy for HTTP headers.", - "properties": { - "actions": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteHTTPHeaderActions" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details." - } - }, - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteIngress": { - "description": "RouteIngress holds information about the places where a route is exposed.", - "properties": { - "conditions": { - "description": "Conditions is the state of the route, may be empty.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteIngressCondition" - } - ], - "default": {} - }, - "type": "array" - }, - "host": { - "description": "Host is the host string under which the route is exposed; this value is required", - "type": "string" - }, - "routerCanonicalHostname": { - "description": "CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.", - "type": "string" - }, - "routerName": { - "description": "Name is a name chosen by the router to identify itself; this value is required", - "type": "string" + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" }, - "wildcardPolicy": { - "description": "Wildcard policy is the wildcard policy that was allowed where this route is exposed.", - "type": "string" + "spec": { + "description": "spec defines the matcher.", + "properties": { + "grouprestriction": { + "description": "grouprestriction matches against group subjects.", + "nullable": true, + "properties": { + "groups": { + "description": "groups is a list of groups used to match against an individual user's\ngroups. If the user is a member of one of the whitelisted groups, the user\nis allowed to be bound to a role.", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "labels": { + "description": "Selectors specifies a list of label selectors over group labels.", + "items": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "nullable": true, + "type": "array" + } + }, + "type": "object" + }, + "serviceaccountrestriction": { + "description": "serviceaccountrestriction matches against service-account subjects.", + "nullable": true, + "properties": { + "namespaces": { + "description": "namespaces specifies a list of literal namespace names.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serviceaccounts": { + "description": "serviceaccounts specifies a list of literal service-account names.", + "items": { + "description": "ServiceAccountReference specifies a service account and namespace by their\nnames.", + "properties": { + "name": { + "description": "name is the name of the service account.", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the service account. Service accounts from\ninside the whitelisted namespaces are allowed to be bound to roles. If\nNamespace is empty, then the namespace of the RoleBindingRestriction in\nwhich the ServiceAccountReference is embedded is used.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "userrestriction": { + "description": "userrestriction matches against user subjects.", + "nullable": true, + "properties": { + "groups": { + "description": "groups specifies a list of literal group names.", + "items": { + "type": "string" + }, + "nullable": true, + "type": "array" + }, + "labels": { + "description": "Selectors specifies a list of label selectors over user labels.", + "items": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "nullable": true, + "type": "array" + }, + "users": { + "description": "users specifies a list of literal user names.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" } }, - "type": "object" + "required": [], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "RoleBindingRestriction", + "version": "v1" + } + ] }, - "com.github.openshift.api.route.v1.RouteIngressCondition": { - "description": "RouteIngressCondition contains details for the current condition of this route on a particular router.", + "authorization.openshift.io/v1/RoleBindingRestrictionList": { + "description": "RoleBindingRestrictionList is a list of RoleBindingRestriction", + "namespaced": true, "properties": { - "lastTransitionTime": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - ], - "description": "RFC 3339 date and time when this condition last transitioned" - }, - "message": { - "description": "Human readable message indicating details about last transition.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reason": { - "description": "(brief) reason for the condition's last transition, and is usually a machine and human readable constant", - "type": "string" + "items": { + "description": "List of rolebindingrestrictions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "items": { + "$ref": "#/components/schemas/io.openshift.authorization.v1.RoleBindingRestriction" + }, + "type": "array" }, - "status": { - "default": "", - "description": "Status is the status of the condition. Can be True, False, Unknown.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "type": { - "default": "", - "description": "Type is the type of the condition. Currently only Admitted or UnservableInFutureVersions.", - "type": "string" - } - }, - "required": [ - "type", - "status" - ], - "type": "object" - }, - "com.github.openshift.api.route.v1.RoutePort": { - "description": "RoutePort defines a port mapping from a router to an endpoint in the service endpoints.", - "properties": { - "targetPort": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required" + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" } }, "required": [ - "targetPort" + "items" ], - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteSetHTTPHeader": { - "description": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", - "properties": { - "value": { - "default": "", - "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", - "type": "string" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "RoleBindingRestrictionList", + "version": "v1" } - }, - "required": [ - "value" - ], - "type": "object" + ] }, - "com.github.openshift.api.route.v1.RouteSpec": { - "description": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", + "authorization.openshift.io/v1/RoleList": { + "description": "RoleList is a collection of Roles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "alternateBackends": { - "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of Roles", "items": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteTargetReference" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.Role" } ], "default": {} }, "type": "array" }, - "host": { - "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "httpHeaders": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteHTTPHeaders" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } ], - "description": "httpHeaders defines policy for HTTP headers." - }, - "path": { - "description": "path that the router watches for, to route traffic for to the service. Optional", + "default": {}, + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + } + }, + "required": [ + "items" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "RoleList", + "version": "v1" + } + ] + }, + "authorization.openshift.io/v1/SelfSubjectRulesReview": { + "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "port": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RoutePort" - } - ], - "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use." - }, - "subdomain": { - "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.\n\nExample: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "tls": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.TLSConfig" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec" } ], - "description": "The tls field provides the ability to configure certificates and termination for the route." + "default": {}, + "description": "Spec adds information about how to conduct the check" }, - "to": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteTargetReference" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" } ], "default": {}, - "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend." - }, - "wildcardPolicy": { - "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", - "type": "string" + "description": "Status is completed by the server to tell which permissions you have" } }, "required": [ - "to" + "spec" ], - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteStatus": { - "description": "RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.", - "properties": { - "ingress": { - "description": "ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.RouteIngress" - } - ], - "default": {} - }, - "type": "array" - } - }, - "type": "object" - }, - "com.github.openshift.api.route.v1.RouteTargetReference": { - "description": "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.", - "properties": { - "kind": { - "default": "", - "description": "The kind of target that the route is referring to. Currently, only 'Service' is allowed", - "type": "string" - }, - "name": { - "default": "", - "description": "name of the service/target that is being referred to. e.g. name of the service", - "type": "string" - }, - "weight": { - "description": "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.", - "format": "int32", - "type": "integer" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "SelfSubjectRulesReview", + "version": "v1" } - }, - "required": [ - "kind", - "name" - ], - "type": "object" + ] }, - "com.github.openshift.api.route.v1.TLSConfig": { - "description": "TLSConfig defines config used to secure a route and provide termination", + "authorization.openshift.io/v1/SubjectAccessReview": { + "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": false, "properties": { - "caCertificate": { - "description": "caCertificate provides the cert authority certificate contents", - "type": "string" - }, - "certificate": { - "description": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", - "type": "string" - }, - "destinationCACertificate": { - "description": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "externalCertificate": { + "content": { "allOf": [ { - "$ref": "#/components/schemas/com.github.openshift.api.route.v1.LocalObjectReference" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.runtime.RawExtension" } ], - "description": "externalCertificate provides certificate contents as a secret reference. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. Forbidden when `certificate` is set." + "description": "Content is the actual content of the request for create and update" + }, + "groups": { + "description": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", + "items": { + "default": "", + "type": "string" + }, + "type": "array" + }, + "isNonResourceURL": { + "default": false, + "description": "IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean" }, - "insecureEdgeTerminationPolicy": { - "description": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\nIf a route does not specify insecureEdgeTerminationPolicy, then the default behavior is \"None\".\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only).\n\n* None - no traffic is allowed on the insecure port (default).\n\n* Redirect - clients are redirected to the secure port.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "key": { - "description": "key provides key file contents", + "namespace": { + "default": "", + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", "type": "string" }, - "termination": { + "path": { "default": "", - "description": "termination indicates termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default) * passthrough - Traffic is sent straight to the destination without the router providing TLS termination * reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", + "description": "Path is the path of a non resource URL", "type": "string" - } - }, - "required": [ - "termination" - ], - "type": "object" - }, - "com.github.openshift.api.security.v1.AllowedFlexVolume": { - "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", - "properties": { - "driver": { + }, + "resource": { "default": "", - "description": "Driver is the name of the Flexvolume driver.", + "description": "Resource is one of the existing resource types", "type": "string" - } - }, - "required": [ - "driver" - ], - "type": "object" - }, - "com.github.openshift.api.security.v1.FSGroupStrategyOptions": { - "description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", - "properties": { - "ranges": { - "description": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.IDRange" - } - ], - "default": {} - }, - "type": "array" }, - "type": { - "description": "Type is the strategy that will dictate what FSGroup is used in the SecurityContext.", + "resourceAPIGroup": { + "default": "", + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", "type": "string" - } - }, - "type": "object" - }, - "com.github.openshift.api.security.v1.IDRange": { - "description": "IDRange provides a min/max of an allowed range of IDs.", - "properties": { - "max": { - "description": "Max is the end of the range, inclusive.", - "format": "int64", - "type": "integer" }, - "min": { - "description": "Min is the start of the range, inclusive.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec": { - "description": "PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview", - "properties": { - "serviceAccountNames": { - "description": "serviceAccountNames is an optional set of ServiceAccounts to run the check with. If serviceAccountNames is empty, the template.spec.serviceAccountName is used, unless it's empty, in which case \"default\" is used instead. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", - "items": { - "default": "", - "type": "string" - }, - "type": "array" + "resourceAPIVersion": { + "default": "", + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string" }, - "template": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" - } - ], - "default": {}, - "description": "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored." - } - }, - "required": [ - "template" - ], - "type": "object" - }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { - "description": "PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.", - "properties": { - "allowedServiceAccounts": { - "description": "allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus" - } - ], - "default": {} - }, - "type": "array" - } - }, - "required": [ - "allowedServiceAccounts" - ], - "type": "object" - }, - "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec": { - "description": "PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.", - "properties": { - "template": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" - } - ], - "default": {}, - "description": "template is the PodTemplateSpec to check." - } - }, - "required": [ - "template" - ], - "type": "object" - }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec": { - "description": "PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview", - "properties": { - "groups": { - "description": "groups is the groups you're testing for.", + "resourceName": { + "default": "", + "description": "ResourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string" + }, + "scopes": { + "description": "Scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", "items": { "default": "", "type": "string" }, "type": "array" }, - "template": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" - } - ], - "default": {}, - "description": "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked." - }, "user": { - "description": "user is the user you're testing for. If you specify \"user\" but not \"group\", then is it interpreted as \"What if user were not a member of any groups. If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.", + "default": "", + "description": "User is optional. If both User and Groups are empty, the current authenticated user is used.", + "type": "string" + }, + "verb": { + "default": "", + "description": "Verb is one of: get, list, watch, create, update, delete", "type": "string" } }, "required": [ - "template" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL", + "user", + "groups", + "scopes" ], - "type": "object" + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "SubjectAccessReview", + "version": "v1" + } + ] }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { - "description": "PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.", + "authorization.openshift.io/v1/SubjectRulesReview": { + "description": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "namespaced": true, "properties": { - "allowedBy": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied." + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "template": { + "spec": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec" } ], "default": {}, - "description": "template is the PodTemplateSpec after the defaulting is applied." - } - }, - "type": "object" - }, - "com.github.openshift.api.security.v1.RunAsUserStrategyOptions": { - "description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.", - "properties": { - "type": { - "description": "Type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", - "type": "string" - }, - "uid": { - "description": "UID is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids.", - "format": "int64", - "type": "integer" - }, - "uidRangeMax": { - "description": "UIDRangeMax defines the max value for a strategy that allocates by range.", - "format": "int64", - "type": "integer" + "description": "Spec adds information about how to conduct the check" }, - "uidRangeMin": { - "description": "UIDRangeMin defines the min value for a strategy that allocates by range.", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "com.github.openshift.api.security.v1.SELinuxContextStrategyOptions": { - "description": "SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.", - "properties": { - "seLinuxOptions": { + "status": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.SELinuxOptions" + "$ref": "#/components/schemas/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" } ], - "description": "seLinuxOptions required to run as; required for MustRunAs" - }, - "type": { - "description": "Type is the strategy that will dictate what SELinux context is used in the SecurityContext.", - "type": "string" + "default": {}, + "description": "Status is completed by the server to tell which permissions you have" } }, - "type": "object" + "required": [ + "spec" + ], + "type": "object", + "x-kubernetes-group-version-kind": [ + { + "group": "authorization.openshift.io", + "kind": "SubjectRulesReview", + "version": "v1" + } + ] }, - "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { - "description": "ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status", + "autoscaling.openshift.io/v1/ClusterAutoscaler": { + "description": "ClusterAutoscaler is the Schema for the clusterautoscalers API", + "namespaced": false, "properties": { - "allowedBy": { - "allOf": [ - { - "$ref": "#/components/schemas/io.k8s.api.core.v1.ObjectReference" - } - ], - "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied." - }, - "name": { - "default": "", - "description": "name contains the allowed and the denied ServiceAccount name", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "template": { + "metadata": { "allOf": [ { - "$ref": "#/components/schemas/io.k8s.api.core.v1.PodTemplateSpec" + "$ref": "#/components/schemas/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } ], - "default": {}, - "description": "template is the PodTemplateSpec after the defaulting is applied." - } - }, - "required": [ - "name" - ], - "type": "object" - }, - "com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions": { - "description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", - "properties": { - "ranges": { - "description": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.", - "items": { - "allOf": [ - { - "$ref": "#/components/schemas/com.github.openshift.api.security.v1.IDRange" - } - ], - "default": {} + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata" + }, + "spec": { + "description": "Desired state of ClusterAutoscaler resource", + "properties": { + "balanceSimilarNodeGroups": { + "description": "BalanceSimilarNodeGroups enables/disables the\n`--balance-similar-node-groups` cluster-autoscaler feature.\nThis feature will automatically identify node groups with\nthe same instance type and the same set of labels and try\nto keep the respective sizes of those node groups balanced.", + "type": "boolean" + }, + "balancingIgnoredLabels": { + "description": "BalancingIgnoredLabels sets \"--balancing-ignore-label