diff --git a/master-standalone-strict/acraccesstoken-generators-v1alpha1.json b/master-standalone-strict/acraccesstoken-generators-v1alpha1.json index 7ef1f52..6553bc5 100644 --- a/master-standalone-strict/acraccesstoken-generators-v1alpha1.json +++ b/master-standalone-strict/acraccesstoken-generators-v1alpha1.json @@ -1,5 +1,5 @@ { - "description": "ACRAccessToken returns a Azure Container Registry token\nthat can be used for pushing/pulling images.\nNote: by default it will return an ACR Refresh Token with full access\n(depending on the identity).\nThis can be scoped down to the repository level using .spec.scope.\nIn case scope is defined it will return an ACR Access Token.\n\n\nSee docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md", + "description": "ACRAccessToken returns an Azure Container Registry token\nthat can be used for pushing/pulling images.\nNote: by default it will return an ACR Refresh Token with full access\n(depending on the identity).\nThis can be scoped down to the repository level using .spec.scope.\nIn case scope is defined it will return an ACR Access Token.\n\nSee docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -38,15 +38,24 @@ "description": "The Azure clientId of the service principle used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -57,15 +66,24 @@ "description": "The Azure ClientSecret of the service principle used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -98,10 +116,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -135,7 +159,7 @@ "type": "string" }, "scope": { - "description": "Define the scope for the access token, e.g. pull/push access for a repository.\nif not provided it will return a refresh token that has full scope.\nNote: you need to pin it down to the repository level, there is no wildcard available.\n\n\nexamples:\nrepository:my-repository:pull,push\nrepository:my-repository:pull\n\n\nsee docs for details: https://docs.docker.com/registry/spec/auth/scope/", + "description": "Define the scope for the access token, e.g. pull/push access for a repository.\nif not provided it will return a refresh token that has full scope.\nNote: you need to pin it down to the repository level, there is no wildcard available.\n\nexamples:\nrepository:my-repository:pull,push\nrepository:my-repository:pull\n\nsee docs for details: https://docs.docker.com/registry/spec/auth/scope/", "type": "string" }, "tenantId": { diff --git a/master-standalone-strict/adoptedresource-services-v1alpha1.json b/master-standalone-strict/adoptedresource-services-v1alpha1.json index f2d6325..4a9ac70 100644 --- a/master-standalone-strict/adoptedresource-services-v1alpha1.json +++ b/master-standalone-strict/adoptedresource-services-v1alpha1.json @@ -2,11 +2,11 @@ "description": "AdoptedResource is the schema for the AdoptedResource API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -22,15 +22,15 @@ "additionalProperties": { "type": "string" }, - "description": "AdditionalKeys represents any additional arbitrary identifiers used when describing the target resource.", + "description": "AdditionalKeys represents any additional arbitrary identifiers used when\ndescribing the target resource.", "type": "object" }, "arn": { - "description": "ARN is the AWS Resource Name for the resource. It is a globally unique identifier.", + "description": "ARN is the AWS Resource Name for the resource. It is a globally\nunique identifier.", "type": "string" }, "nameOrID": { - "description": "NameOrId is a user-supplied string identifier for the resource. It may or may not be globally unique, depending on the type of resource.", + "description": "NameOrId is a user-supplied string identifier for the resource. It may\nor may not be globally unique, depending on the type of resource.", "type": "string" } }, @@ -38,7 +38,7 @@ "additionalProperties": false }, "kubernetes": { - "description": "ResourceWithMetadata provides the values necessary to create a Kubernetes resource and override any of its metadata values.", + "description": "ResourceWithMetadata provides the values necessary to create a\nKubernetes resource and override any of its metadata values.", "properties": { "group": { "type": "string" @@ -47,45 +47,45 @@ "type": "string" }, "metadata": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen automatically converts this to an arbitrary string-string map. https://github.com/kubernetes-sigs/controller-tools/issues/385 \n Active discussion about inclusion of this field in the spec is happening in this PR: https://github.com/kubernetes-sigs/controller-tools/pull/395 \n Until this is allowed, or if it never is, we will produce a subset of the object meta that contains only the fields which the user is allowed to modify in the metadata.", + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects\nusers must create.\nIt is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen\nautomatically converts this to an arbitrary string-string map.\nhttps://github.com/kubernetes-sigs/controller-tools/issues/385\n\nActive discussion about inclusion of this field in the spec is happening in this PR:\nhttps://github.com/kubernetes-sigs/controller-tools/pull/395\n\nUntil this is allowed, or if it never is, we will produce a subset of the object meta\nthat contains only the fields which the user is allowed to modify in the metadata.", "properties": { "annotations": { "additionalProperties": { "type": "string" }, - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "generateName": { - "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. \n If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). \n Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "description": "GenerateName is an optional prefix, used by the server, to generate a unique\nname ONLY IF the Name field has not been provided.\nIf this field is used, the name returned to the client will be different\nthan the name passed. This value will also be combined with a unique suffix.\nThe provided value has the same validation rules as the Name field,\nand may be truncated by the length of the suffix required to make the value\nunique on the server.\n\nIf this field is specified and the generated name exists, the server will\nNOT return a 409 - instead, it will either return 201 Created or 500 with Reason\nServerTimeout indicating a unique name could not be found in the time allotted, and the client\nshould retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, "labels": { "additionalProperties": { "type": "string" }, - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" }, "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, "namespace": { - "description": "Namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. \n Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "description": "Namespace defines the space within each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces", "type": "string" }, "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "description": "List of objects depended by this object. If ALL objects in the list have\nbeen deleted, this object will be garbage collected. If this object is managed by a controller,\nthen an entry in this list will point to this controller, with the controller field set to true.\nThere cannot be more than one managing controller.", "items": { - "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", + "description": "OwnerReference contains enough information to let you identify an owning\nobject. An owning object must be in the same namespace as the dependent, or\nbe cluster-scoped, so there is no namespace field.", "properties": { "apiVersion": { "description": "API version of the referent.", "type": "string" }, "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then\nthe owner cannot be deleted from the key-value store until this\nreference is removed.\nSee https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion\nfor how the garbage collector interacts with this field and enforces the foreground deletion.\nDefaults to false.\nTo set this field, a user needs \"delete\" permission of the owner,\notherwise 422 (Unprocessable Entity) will be returned.", "type": "boolean" }, "controller": { @@ -93,15 +93,15 @@ "type": "boolean" }, "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind of the referent.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "name": { - "description": "Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", "type": "string" }, "uid": { - "description": "UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids", + "description": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", "type": "string" } }, @@ -111,7 +111,8 @@ "name", "uid" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" } @@ -139,9 +140,9 @@ "description": "AdoptedResourceStatus defines the observed status of the AdoptedResource.", "properties": { "conditions": { - "description": "A collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the adopted resource CR and its target custom resource", + "description": "A collection of `ackv1alpha1.Condition` objects that describe the various\nterminal states of the adopted resource CR and its target custom resource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", diff --git a/master-standalone-strict/alertmanager-monitoring-v1.json b/master-standalone-strict/alertmanager-monitoring-v1.json index 9b9599c..98194c4 100644 --- a/master-standalone-strict/alertmanager-monitoring-v1.json +++ b/master-standalone-strict/alertmanager-monitoring-v1.json @@ -1,20 +1,42 @@ { - "description": "Alertmanager describes an Alertmanager cluster.", + "description": "The `Alertmanager` custom resource definition (CRD) defines a desired [Alertmanager](https://prometheus.io/docs/alerting) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage and many more.\n\nFor each `Alertmanager` resource, the Operator deploys a `StatefulSet` in the same namespace. When there are two or more configured replicas, the Operator runs the Alertmanager instances in high-availability mode.\n\nThe resource defines via label and namespace selectors which `AlertmanagerConfig` objects should be associated to the deployed Alertmanager instances.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "Specification of the desired behavior of the Alertmanager cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { + "additionalArgs": { + "description": "AdditionalArgs allows setting additional arguments for the 'Alertmanager' container.\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nAlertmanager container which may cause issues if they are invalid or not supported\nby the given Alertmanager version.", + "items": { + "description": "Argument as part of the AdditionalArgs list.", + "properties": { + "name": { + "description": "Name of the argument, e.g. \"scrape.discovery-reload-interval\".", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Argument value, e.g. 30s. Can be empty for name-only arguments (e.g. --storage.tsdb.no-lockfile)", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, "additionalPeers": { "description": "AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster.", "items": { @@ -29,9 +51,9 @@ "description": "Describes node affinity scheduling rules for the pod.", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { "preference": { "description": "A node selector term, associated with the corresponding weight.", @@ -39,22 +61,23 @@ "matchExpressions": { "description": "A list of node selector requirements by node's labels.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -63,27 +86,29 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchFields": { "description": "A list of node selector requirements by node's fields.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -92,7 +117,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", @@ -110,35 +136,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { "nodeSelectorTerms": { "description": "Required. A list of node selector terms. The terms are ORed.", "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { "matchExpressions": { "description": "A list of node selector requirements by node's labels.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -147,27 +175,29 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchFields": { "description": "A list of node selector requirements by node's fields.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -176,13 +206,15 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -200,7 +232,7 @@ "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { @@ -208,27 +240,28 @@ "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -237,41 +270,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -280,13 +331,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -294,14 +346,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -311,7 +364,7 @@ "type": "object" }, "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "format": "int32", "type": "integer" } @@ -322,35 +375,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -359,41 +414,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -402,13 +475,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -416,14 +490,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -432,7 +507,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", @@ -442,7 +518,7 @@ "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { @@ -450,27 +526,28 @@ "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -479,41 +556,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -522,13 +617,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -536,14 +632,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -553,7 +650,7 @@ "type": "object" }, "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "format": "int32", "type": "integer" } @@ -564,35 +661,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -601,41 +700,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -644,13 +761,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -658,14 +776,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -674,7 +793,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", @@ -684,28 +804,45 @@ "type": "object", "additionalProperties": false }, + "alertmanagerConfigMatcherStrategy": { + "description": "AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig objects\nprocess incoming alerts.", + "properties": { + "type": { + "default": "OnNamespace", + "description": "AlertmanagerConfigMatcherStrategyType defines the strategy used by\nAlertmanagerConfig objects to match alerts in the routes and inhibition\nrules.\n\nThe default value is `OnNamespace`.", + "enum": [ + "OnNamespace", + "None" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "alertmanagerConfigNamespaceSelector": { - "description": "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace.", + "description": "Namespaces to be selected for AlertmanagerConfig discovery. If nil, only\ncheck own namespace.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -714,13 +851,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -734,22 +872,23 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -758,13 +897,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -773,7 +913,7 @@ "additionalProperties": false }, "alertmanagerConfiguration": { - "description": "EXPERIMENTAL: alertmanagerConfiguration specifies the configuration of Alertmanager. If defined, it takes precedence over the `configSecret` field. This field may change in future releases.", + "description": "alertmanagerConfiguration specifies the configuration of Alertmanager.\n\nIf defined, it takes precedence over the `configSecret` field.\n\nThis is an *experimental feature*, it may change in any upcoming release\nin a breaking way.", "properties": { "global": { "description": "Defines the global parameters of the Alertmanager configuration.", @@ -782,17 +922,18 @@ "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -808,7 +949,7 @@ "additionalProperties": false }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -816,17 +957,18 @@ "additionalProperties": false }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -842,14 +984,15 @@ "additionalProperties": false }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -869,14 +1012,15 @@ "additionalProperties": false }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the Alertmanager object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the Alertmanager\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -895,11 +1039,15 @@ "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -909,7 +1057,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -932,7 +1081,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -952,14 +1102,15 @@ "additionalProperties": false }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -978,18 +1129,231 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -1002,15 +1366,51 @@ "type": "object", "additionalProperties": false }, - "proxyURL": { - "description": "Optional proxy URL.", + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1020,7 +1420,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1043,7 +1444,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1063,7 +1465,7 @@ "additionalProperties": false }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1073,7 +1475,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1096,7 +1499,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1127,7 +1531,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1142,91 +1547,881 @@ "x-kubernetes-map-type": "atomic", "additionalProperties": false }, - "serverName": { - "description": "Used to verify the hostname for the targets.", + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "opsGenieApiKey": { + "description": "The default OpsGenie API Key.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "opsGenieApiUrl": { + "description": "The default OpsGenie API URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "pagerdutyUrl": { + "description": "The default Pagerduty URL.", + "type": "string" + }, + "resolveTimeout": { + "description": "ResolveTimeout is the default value used by alertmanager if the alert does\nnot include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated.\nThis has no impact on alerts from Prometheus, as they always include EndsAt.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "slackApiUrl": { + "description": "The default Slack API URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "smtp": { + "description": "Configures global SMTP parameters.", + "properties": { + "authIdentity": { + "description": "SMTP Auth using PLAIN", + "type": "string" + }, + "authPassword": { + "description": "SMTP Auth using LOGIN and PLAIN.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "authSecret": { + "description": "SMTP Auth using CRAM-MD5.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "authUsername": { + "description": "SMTP Auth using CRAM-MD5, LOGIN and PLAIN. If empty, Alertmanager doesn't authenticate to the SMTP server.", + "type": "string" + }, + "from": { + "description": "The default SMTP From header field.", + "type": "string" + }, + "hello": { + "description": "The default hostname to identify to the SMTP server.", + "type": "string" + }, + "requireTLS": { + "description": "The default SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "smartHost": { + "description": "The default SMTP smarthost used for sending emails.", + "properties": { + "host": { + "description": "Defines the host's address, it can be a DNS name or a literal IP address.", + "minLength": 1, + "type": "string" + }, + "port": { + "description": "Defines the host's port, it can be a literal port number or a port name.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "host", + "port" + ], + "type": "object", + "additionalProperties": false + }, + "tlsConfig": { + "description": "The default TLS configuration for SMTP receivers", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration.\nIt must be defined in the same namespace as the Alertmanager object.\nThe operator will not enforce a `namespace` label for routes and inhibition rules.", + "minLength": 1, + "type": "string" + }, + "templates": { + "description": "Custom notification templates.", + "items": { + "description": "SecretOrConfigMap allows to specify data as a Secret or ConfigMap. Fields are mutually exclusive.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the service account has `automountServiceAccountToken: true`, set the field to `false` to opt out of automounting API credentials.", + "type": "boolean" + }, + "baseImage": { + "description": "Base image that is used to deploy pods, without tag.\nDeprecated: use 'image' instead.", + "type": "string" + }, + "clusterAdvertiseAddress": { + "description": "ClusterAdvertiseAddress is the explicit address to advertise in cluster.\nNeeds to be provided for non RFC1918 [1] (public) addresses.\n[1] RFC1918: https://tools.ietf.org/html/rfc1918", + "type": "string" + }, + "clusterGossipInterval": { + "description": "Interval between gossip attempts.", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "clusterLabel": { + "description": "Defines the identifier that uniquely identifies the Alertmanager cluster.\nYou should only set it when the Alertmanager cluster includes Alertmanager instances which are external to this Alertmanager resource. In practice, the addresses of the external instances are provided via the `.spec.additionalPeers` field.", + "type": "string" + }, + "clusterPeerTimeout": { + "description": "Timeout for cluster peering.", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "clusterPushpullInterval": { + "description": "Interval between pushpull attempts.", + "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "clusterTLS": { + "description": "Configures the mutual TLS configuration for the Alertmanager cluster's gossip protocol.\n\nIt requires Alertmanager >= 0.24.0.", + "properties": { + "client": { + "description": "Client-side configuration for mutual TLS.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "server": { + "description": "Server-side configuration for mutual TLS.", + "properties": { + "cert": { + "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "certFile": { + "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", + "type": "string" + }, + "cipherSuites": { + "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", + "items": { + "type": "string" + }, + "type": "array" + }, + "client_ca": { + "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } }, + "required": [ + "key" + ], "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, - "resolveTimeout": { - "description": "ResolveTimeout is the default value used by alertmanager if the alert does not include EndsAt, after this time passes it can declare the alert as resolved if it has not been updated. This has no impact on alerts from Prometheus, as they always include EndsAt.", - "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "clientAuthType": { + "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", + "type": "string" + }, + "curvePreferences": { + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", + "items": { + "type": "string" + }, + "type": "array" + }, + "keyFile": { + "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", + "type": "string" + }, + "keySecret": { + "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "maxVersion": { + "description": "Maximum TLS version that is acceptable.", + "type": "string" + }, + "minVersion": { + "description": "Minimum TLS version that is acceptable.", "type": "string" + }, + "preferServerCipherSuites": { + "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", + "type": "boolean" } }, "type": "object", "additionalProperties": false - }, - "name": { - "description": "The name of the AlertmanagerConfig resource which is used to generate the Alertmanager configuration. It must be defined in the same namespace as the Alertmanager object. The operator will not enforce a `namespace` label for routes and inhibition rules.", - "minLength": 1, - "type": "string" } }, + "required": [ + "client", + "server" + ], "type": "object", "additionalProperties": false }, - "baseImage": { - "description": "Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead", - "type": "string" - }, - "clusterAdvertiseAddress": { - "description": "ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918", - "type": "string" - }, - "clusterGossipInterval": { - "description": "Interval between gossip attempts.", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "clusterPeerTimeout": { - "description": "Timeout for cluster peering.", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, - "clusterPushpullInterval": { - "description": "Interval between pushpull attempts.", - "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", - "type": "string" - }, "configMaps": { - "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/.", + "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into `/etc/alertmanager/configmaps/` in the 'alertmanager' container.", "items": { "type": "string" }, "type": "array" }, "configSecret": { - "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains the configuration for this Alertmanager instance. If empty, it defaults to 'alertmanager-'. \n The Alertmanager configuration should be available under the `alertmanager.yaml` key. Additional keys from the original secret are copied to the generated secret. \n If either the secret or the `alertmanager.yaml` key is missing, the operator provisions an Alertmanager configuration with one empty receiver (effectively dropping alert notifications).", + "description": "ConfigSecret is the name of a Kubernetes Secret in the same namespace as the\nAlertmanager object, which contains the configuration for this Alertmanager\ninstance. If empty, it defaults to `alertmanager-`.\n\nThe Alertmanager configuration should be available under the\n`alertmanager.yaml` key. Additional keys from the original secret are\ncopied to the generated secret and mounted into the\n`/etc/alertmanager/config` directory in the `alertmanager` container.\n\nIf either the secret or the `alertmanager.yaml` key is missing, the\noperator provisions a minimal Alertmanager configuration with one empty\nreceiver (effectively dropping alert notifications).", "type": "string" }, "containers": { - "description": "Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "description": "Containers allows injecting additional containers. This is meant to\nallow adding an authentication proxy to an Alertmanager pod.\nContainers described here modify an operator generated container if they\nshare the same name and modifications are done via a strategic merge\npatch. The current container names are: `alertmanager` and\n`config-reloader`. Overriding containers is entirely outside the scope\nof what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "description": "List of environment variables to set in the container.\nCannot be updated.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { @@ -1235,7 +2430,7 @@ "type": "string" }, "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { @@ -1249,7 +2444,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1264,7 +2460,7 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", @@ -1282,7 +2478,7 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", @@ -1320,7 +2516,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1343,10 +2540,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "items": { "description": "EnvFromSource represents the source of a set of ConfigMaps", "properties": { @@ -1354,7 +2555,8 @@ "description": "The ConfigMap to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1373,7 +2575,8 @@ "description": "The Secret to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1387,40 +2590,42 @@ }, "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1429,7 +2634,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1443,7 +2648,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1458,11 +2664,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1471,8 +2677,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1487,7 +2707,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1500,26 +2720,27 @@ "type": "object" }, "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1528,7 +2749,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1542,7 +2763,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1557,11 +2779,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1570,8 +2792,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1586,7 +2822,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1602,28 +2838,29 @@ "type": "object" }, "livenessProbe": { - "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -1631,7 +2868,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1641,10 +2879,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1653,7 +2891,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1667,7 +2905,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1682,11 +2921,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1696,22 +2935,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1726,7 +2965,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1736,12 +2975,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -1749,16 +2988,16 @@ "type": "object" }, "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, "ports": { - "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", "items": { "description": "ContainerPort represents a network port in a single container.", "properties": { "containerPort": { - "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", "format": "int32", "type": "integer" }, @@ -1767,17 +3006,17 @@ "type": "string" }, "hostPort": { - "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", "format": "int32", "type": "integer" }, "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, "protocol": { "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, @@ -1794,28 +3033,29 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -1823,7 +3063,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1833,10 +3074,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1845,7 +3086,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1859,7 +3100,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1874,11 +3116,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1888,22 +3130,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1918,7 +3160,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1928,21 +3170,69 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } }, "type": "object" }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { - "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "additionalProperties": { "anyOf": [ @@ -1956,7 +3246,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -1972,21 +3262,42 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, "securityContext": { - "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, "capabilities": { - "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "add": { "description": "Added capabilities", @@ -1994,7 +3305,8 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "drop": { "description": "Removed capabilities", @@ -2002,39 +3314,40 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "seLinuxOptions": { - "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "level": { "description": "Level is SELinux level label that applies to the container.", @@ -2056,14 +3369,14 @@ "type": "object" }, "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -2073,10 +3386,10 @@ "type": "object" }, "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { @@ -2084,11 +3397,11 @@ "type": "string" }, "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -2098,28 +3411,29 @@ "type": "object" }, "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -2127,7 +3441,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2137,10 +3452,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2149,7 +3464,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2163,7 +3478,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2178,11 +3494,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2192,22 +3508,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2222,7 +3538,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2232,12 +3548,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -2245,23 +3561,23 @@ "type": "object" }, "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", "type": "boolean" }, "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", "type": "boolean" }, "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" }, "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", "type": "boolean" }, "volumeDevices": { @@ -2284,19 +3600,23 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { @@ -2304,15 +3624,19 @@ "type": "string" }, "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -2322,10 +3646,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", "type": "string" } }, @@ -2336,18 +3664,90 @@ }, "type": "array" }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object", + "additionalProperties": false + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, + "enableFeatures": { + "description": "Enable access to Alertmanager feature flags. By default, no features are enabled.\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nIt requires Alertmanager >= 0.27.0.", + "items": { + "type": "string" + }, + "type": "array" + }, + "enableServiceLinks": { + "description": "Indicates whether information about services should be injected into pod's environment variables", + "type": "boolean" + }, "externalUrl": { - "description": "The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name.", + "description": "The external URL the Alertmanager instances will be available under. This is\nnecessary to generate correct URLs. This is necessary if Alertmanager is not\nserved from root of a DNS name.", "type": "string" }, "forceEnableClusterMode": { - "description": "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.", + "description": "ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica.\nUse case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each.", "type": "boolean" }, "hostAliases": { "description": "Pods' hostAliases configuration", "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", "properties": { "hostnames": { "description": "Hostnames for the above IP address.", @@ -2374,16 +3774,27 @@ "x-kubernetes-list-type": "map" }, "image": { - "description": "Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured.", + "description": "Image if specified has precedence over baseImage, tag and sha\ncombinations. Specifying the version is still necessary to ensure the\nPrometheus Operator knows what version of Alertmanager is being\nconfigured.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy for the 'alertmanager', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", + "enum": [ + "", + "Always", + "Never", + "IfNotPresent" + ], "type": "string" }, "imagePullSecrets": { - "description": "An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", + "description": "An optional list of references to secrets in the same namespace\nto use for pulling prometheus and alertmanager images from registries\nsee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", "items": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -2393,26 +3804,28 @@ "type": "array" }, "initContainers": { - "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.\nfetch secrets for injection into the Alertmanager configuration from external sources. Any\nerrors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator\ngenerated init containers if they share the same name and modifications are\ndone via a strategic merge patch. The current init container name is:\n`init-config-reloader`. Overriding init containers is entirely outside the\nscope of what the maintainers will support and by doing so, you accept that\nthis behaviour may break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "description": "List of environment variables to set in the container.\nCannot be updated.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { @@ -2421,7 +3834,7 @@ "type": "string" }, "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { @@ -2435,7 +3848,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2450,7 +3864,7 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", @@ -2468,7 +3882,7 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", @@ -2506,7 +3920,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2529,10 +3944,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "items": { "description": "EnvFromSource represents the source of a set of ConfigMaps", "properties": { @@ -2540,7 +3959,8 @@ "description": "The ConfigMap to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2559,7 +3979,8 @@ "description": "The Secret to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2573,40 +3994,42 @@ }, "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2615,7 +4038,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2629,7 +4052,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2644,11 +4068,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2657,8 +4081,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2673,7 +4111,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2686,26 +4124,27 @@ "type": "object" }, "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2714,7 +4153,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2728,7 +4167,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2743,11 +4183,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2756,8 +4196,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2772,7 +4226,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2788,28 +4242,29 @@ "type": "object" }, "livenessProbe": { - "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -2817,7 +4272,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2827,10 +4283,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2839,7 +4295,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2853,7 +4309,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2868,11 +4325,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2882,22 +4339,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2912,7 +4369,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2922,12 +4379,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -2935,16 +4392,16 @@ "type": "object" }, "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, "ports": { - "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", "items": { "description": "ContainerPort represents a network port in a single container.", "properties": { "containerPort": { - "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", "format": "int32", "type": "integer" }, @@ -2953,17 +4410,17 @@ "type": "string" }, "hostPort": { - "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", "format": "int32", "type": "integer" }, "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, "protocol": { "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, @@ -2980,28 +4437,29 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -3009,7 +4467,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3019,10 +4478,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -3031,7 +4490,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -3045,7 +4504,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -3060,11 +4520,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -3074,22 +4534,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -3104,7 +4564,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -3114,21 +4574,69 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } }, "type": "object" }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { - "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "additionalProperties": { "anyOf": [ @@ -3142,7 +4650,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -3158,21 +4666,42 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, "securityContext": { - "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, "capabilities": { - "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "add": { "description": "Added capabilities", @@ -3180,7 +4709,8 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "drop": { "description": "Removed capabilities", @@ -3188,39 +4718,40 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "seLinuxOptions": { - "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "level": { "description": "Level is SELinux level label that applies to the container.", @@ -3242,14 +4773,14 @@ "type": "object" }, "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -3259,10 +4790,10 @@ "type": "object" }, "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { @@ -3270,11 +4801,11 @@ "type": "string" }, "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -3284,28 +4815,29 @@ "type": "object" }, "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -3313,7 +4845,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3323,10 +4856,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -3335,7 +4868,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -3349,7 +4882,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -3364,11 +4898,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -3378,22 +4912,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -3408,7 +4942,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -3418,12 +4952,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -3431,23 +4965,23 @@ "type": "object" }, "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", "type": "boolean" }, "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", "type": "boolean" }, "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" }, "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", "type": "boolean" }, "volumeDevices": { @@ -3470,19 +5004,23 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { @@ -3490,15 +5028,19 @@ "type": "string" }, "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -3508,10 +5050,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", "type": "string" } }, @@ -3522,8 +5068,26 @@ }, "type": "array" }, + "limits": { + "description": "Defines the limits command line flags when starting Alertmanager.", + "properties": { + "maxPerSilenceBytes": { + "description": "The maximum size of an individual silence as stored on disk. This corresponds to the Alertmanager's\n`--silences.max-per-silence-bytes` flag.\nIt requires Alertmanager >= v0.28.0.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "maxSilences": { + "description": "The maximum number active and pending silences. This corresponds to the\nAlertmanager's `--silences.max-silences` flag.\nIt requires Alertmanager >= v0.28.0.", + "format": "int32", + "minimum": 0, + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, "listenLocal": { - "description": "ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication.", + "description": "ListenLocal makes the Alertmanager server listen on loopback, so that it\ndoes not bind against the Pod IP. Note this is only for the Alertmanager\nUI, not the gossip communication.", "type": "boolean" }, "logFormat": { @@ -3547,7 +5111,7 @@ "type": "string" }, "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.", + "description": "Minimum number of seconds for which a newly created pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires enabling the StatefulSetMinReadySeconds feature gate.", "format": "int32", "type": "integer" }, @@ -3559,28 +5123,43 @@ "type": "object" }, "paused": { - "description": "If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions.", + "description": "If set to true all actions on the underlying managed objects are not\ngoint to be performed, except for delete actions.", "type": "boolean" }, + "persistentVolumeClaimRetentionPolicy": { + "description": "The field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.\nThe default behavior is all PVCs are retained.\nThis is an alpha field from kubernetes 1.23 until 1.26 and a beta field from 1.26.\nIt requires enabling the StatefulSetAutoDeletePVC feature gate.", + "properties": { + "whenDeleted": { + "description": "WhenDeleted specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is deleted. The default policy\nof `Retain` causes PVCs to not be affected by StatefulSet deletion. The\n`Delete` policy causes those PVCs to be deleted.", + "type": "string" + }, + "whenScaled": { + "description": "WhenScaled specifies what happens to PVCs created from StatefulSet\nVolumeClaimTemplates when the StatefulSet is scaled down. The default\npolicy of `Retain` causes PVCs to not be affected by a scaledown. The\n`Delete` policy causes the associated PVCs for any excess pods above\nthe replica count to be deleted.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "podMetadata": { - "description": "PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods.", + "description": "PodMetadata configures labels and annotations which are propagated to the Alertmanager pods.\n\nThe following items are reserved and cannot be overridden:\n* \"alertmanager\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/instance\" label, set to the name of the Alertmanager instance.\n* \"app.kubernetes.io/managed-by\" label, set to \"prometheus-operator\".\n* \"app.kubernetes.io/name\" label, set to \"alertmanager\".\n* \"app.kubernetes.io/version\" label, set to the Alertmanager version.\n* \"kubectl.kubernetes.io/default-container\" annotation, set to \"alertmanager\".", "properties": { "annotations": { "additionalProperties": { "type": "string" }, - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" }, "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" } }, @@ -3588,7 +5167,8 @@ "additionalProperties": false }, "portName": { - "description": "Port name used for the pods and governing service. This defaults to web", + "default": "web", + "description": "Port name used for the pods and governing service.\nDefaults to `web`.", "type": "string" }, "priorityClassName": { @@ -3596,13 +5176,38 @@ "type": "string" }, "replicas": { - "description": "Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size.", + "description": "Size is the expected size of the alertmanager cluster. The controller will\neventually make the size of the running cluster equal to the expected\nsize.", "format": "int32", "type": "integer" }, "resources": { "description": "Define resources requests and limits for single Pods.", "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "additionalProperties": { "anyOf": [ @@ -3616,7 +5221,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -3632,7 +5237,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, @@ -3641,49 +5246,71 @@ }, "retention": { "default": "120h", - "description": "Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).", + "description": "Time duration Alertmanager shall retain data for. Default is '120h',\nand must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours).", "pattern": "^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "routePrefix": { - "description": "The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`.", + "description": "The route prefix Alertmanager registers HTTP handlers for. This is useful,\nif using ExternalURL and a proxy is rewriting HTTP routes of a request,\nand the actual ExternalURL is still true, but the server serves requests\nunder a different route prefix. For example for use with `kubectl proxy`.", "type": "string" }, "secrets": { - "description": "Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/.", + "description": "Secrets is a list of Secrets in the same namespace as the Alertmanager\nobject, which shall be mounted into the Alertmanager Pods.\nEach Secret is added to the StatefulSet definition as a volume named `secret-`.\nThe Secrets are mounted into `/etc/alertmanager/secrets/` in the 'alertmanager' container.", "items": { "type": "string" }, "type": "array" }, "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext.", + "description": "SecurityContext holds pod-level security attributes and common container settings.\nThis defaults to the default PodSecurityContext.", "properties": { + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "description": "A special supplemental group that applies to all containers in a pod.\nSome volume types allow the Kubelet to change the ownership of that volume\nto be owned by the pod:\n\n1. The owning GID will be the FSGroup\n2. The setgid bit is set (new files created in the volume will be owned by FSGroup)\n3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.", + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume\nbefore being exposed inside Pod. This field will only apply to\nvolume types which support fsGroup based ownership(and permissions).\nIt will have no effect on ephemeral volume types such as: secret, configmaps\nand emptydir.\nValid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in SecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence\nfor that container.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.\nIt has no effect on nodes that do not support SELinux or to volumes does not support SELinux.\nValid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime.\nThis may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option.\nThis requires all Pods that share the same volume to use the same SELinux label.\nIt is not possible to share the same volume among privileged and unprivileged Pods.\nEligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes\nwhose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their\nCSIDriver instance. Other volumes are always re-labelled recursively.\n\"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used.\nIf not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes\nand \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "description": "The SELinux context to be applied to all containers.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in SecurityContext. If set in\nboth SecurityContext and PodSecurityContext, the value specified in SecurityContext\ntakes precedence for that container.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "level": { "description": "Level is SELinux level label that applies to the container.", @@ -3706,14 +5333,14 @@ "additionalProperties": false }, "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "description": "The seccomp options to use by the containers in this pod.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -3724,15 +5351,20 @@ "additionalProperties": false }, "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.", + "description": "A list of groups applied to the first process run in each container, in\naddition to the container's primary GID and fsGroup (if specified). If\nthe SupplementalGroupsPolicy feature is enabled, the\nsupplementalGroupsPolicy field determines whether these are in addition\nto or instead of any group memberships defined in the container image.\nIf unspecified, no additional groups are added, though group memberships\ndefined in the container image may still be used, depending on the\nsupplementalGroupsPolicy field.\nNote that this field cannot be set when spec.os.name is windows.", "items": { "format": "int64", "type": "integer" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated.\nValid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used.\n(Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled\nand the container runtime must implement support for this feature.\nNote that this field cannot be set when spec.os.name is windows.", + "type": "string" }, "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported\nsysctls (by the container runtime) might fail to launch.\nNote that this field cannot be set when spec.os.name is windows.", "items": { "description": "Sysctl defines a kernel parameter to be set", "properties": { @@ -3751,13 +5383,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options within a container's SecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { @@ -3765,11 +5398,11 @@ "type": "string" }, "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -3781,25 +5414,30 @@ "additionalProperties": false }, "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods.", + "description": "ServiceAccountName is the name of the ServiceAccount to use to run the\nPrometheus Pods.", + "type": "string" + }, + "serviceName": { + "description": "The name of the service name used by the underlying StatefulSet(s) as the governing service.\nIf defined, the Service must be created before the Alertmanager resource in the same namespace and it must define a selector that matches the pod labels.\nIf empty, the operator will create and manage a headless service named `alertmanager-operated` for Alermanager resources.\nWhen deploying multiple Alertmanager resources in the same namespace, it is recommended to specify a different value for each.\nSee https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id for more details.", + "minLength": 1, "type": "string" }, "sha": { - "description": "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL.", + "description": "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`.\nSimilar to a tag, but the SHA explicitly deploys an immutable container image.\nVersion and Tag are ignored if SHA is set.\nDeprecated: use 'image' instead. The image digest can be specified as part of the image URL.", "type": "string" }, "storage": { - "description": "Storage is the definition of how storage will be used by the Alertmanager instances.", + "description": "Storage is the definition of how storage will be used by the Alertmanager\ninstances.", "properties": { "disableMountSubPath": { - "description": "Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts.", + "description": "Deprecated: subPath usage will be removed in a future release.", "type": "boolean" }, "emptyDir": { - "description": "EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", + "description": "EmptyDirVolumeSource to be used by the StatefulSet.\nIf specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir", "properties": { "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { @@ -3811,7 +5449,7 @@ "type": "string" } ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } @@ -3820,30 +5458,31 @@ "additionalProperties": false }, "ephemeral": { - "description": "EphemeralVolumeSource to be used by the Prometheus StatefulSets. This is a beta field in k8s 1.21, for lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", + "description": "EphemeralVolumeSource to be used by the StatefulSet.\nThis is a beta field in k8s 1.21 and GA in 1.15.\nFor lower versions, starting with k8s 1.19, it requires enabling the GenericEphemeralVolume feature gate.\nMore info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "dataSource": { - "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { @@ -3864,10 +5503,10 @@ "additionalProperties": false }, "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { @@ -3877,6 +5516,10 @@ "name": { "description": "Name is the name of resource being referenced", "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" } }, "required": [ @@ -3884,11 +5527,10 @@ "name" ], "type": "object", - "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resources": { - "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { "limits": { "additionalProperties": { @@ -3903,7 +5545,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -3919,7 +5561,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, @@ -3932,22 +5574,23 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3956,13 +5599,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -3971,11 +5615,15 @@ "additionalProperties": false }, "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { @@ -3998,14 +5646,14 @@ "additionalProperties": false }, "volumeClaimTemplate": { - "description": "A PVC spec to be used by the Prometheus StatefulSets.", + "description": "Defines the PVC spec to be used by the Prometheus StatefulSets.\nThe easiest way to use a volume that cannot be automatically provisioned\nis to use a label selector alongside manually created PersistentVolumes.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -4015,18 +5663,18 @@ "additionalProperties": { "type": "string" }, - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "description": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations", "type": "object" }, "labels": { "additionalProperties": { "type": "string" }, - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "description": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels", "type": "object" }, "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" } }, @@ -4034,20 +5682,21 @@ "additionalProperties": false }, "spec": { - "description": "Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "description": "Defines the desired characteristics of a volume requested by a pod author.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "dataSource": { - "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { @@ -4068,10 +5717,10 @@ "additionalProperties": false }, "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { @@ -4081,6 +5730,10 @@ "name": { "description": "Name is the name of resource being referenced", "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" } }, "required": [ @@ -4088,11 +5741,10 @@ "name" ], "type": "object", - "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resources": { - "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { "limits": { "additionalProperties": { @@ -4107,7 +5759,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -4123,7 +5775,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, @@ -4136,22 +5788,23 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -4160,13 +5813,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -4175,11 +5829,15 @@ "additionalProperties": false }, "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { @@ -4191,14 +5849,24 @@ "additionalProperties": false }, "status": { - "description": "Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "description": "Deprecated: this field is never set.", "properties": { "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "description": "accessModes contains the actual access modes the volume backing the PVC has.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "description": "When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource\nthat it does not recognizes, then it should ignore that update and let other controllers\nhandle it.", + "type": "string" + }, + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "x-kubernetes-map-type": "granular" }, "allocatedResources": { "additionalProperties": { @@ -4213,7 +5881,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity.\nKey names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered\nreserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation\nis requested.\nFor storage quota, the larger value from allocatedResources and PVC.spec.resources is used.\nIf allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.\nIf a volume expansion capacity request is lowered, allocatedResources is only\nlowered if there are no expansion operations in progress and if the actual volume capacity\nis equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName\nshould ignore the update for the purpose it was designed. For example - a controller that\nonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid\nresources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", "type": "object" }, "capacity": { @@ -4233,9 +5901,9 @@ "type": "object" }, "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.", + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being\nresized then the Condition will be set to 'Resizing'.", "items": { - "description": "PersistentVolumeClaimCondition contails details about state of pvc", + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "properties": { "lastProbeTime": { "description": "lastProbeTime is the time we probed the condition.", @@ -4252,14 +5920,15 @@ "type": "string" }, "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"ResizeStarted\" that means the underlying persistent volume is being resized.", + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason\nfor condition's last transition. If it reports \"Resizing\" that means the underlying\npersistent volume is being resized.", "type": "string" }, "status": { + "description": "Status is the status of the condition.\nCan be True, False, Unknown.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", "type": "string" }, "type": { - "description": "PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type", + "description": "Type is the type of the condition.\nMore info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string" } }, @@ -4269,14 +5938,36 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.\nWhen unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", "type": "string" }, - "resizeStatus": { - "description": "resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.\nWhen this is unset, there is no ModifyVolume operation being attempted.\nThis is a beta field and requires enabling VolumeAttributesClass feature (off by default).", + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.", + "type": "string" + }, + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object", + "additionalProperties": false + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.", "type": "string" } }, @@ -4292,33 +5983,39 @@ "additionalProperties": false }, "tag": { - "description": "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL.", + "description": "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`.\nVersion is ignored if Tag is set.\nDeprecated: use 'image' instead. The image tag can be specified as part of the image URL.", "type": "string" }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down) which may lead to data corruption.\n\nDefaults to 120 seconds.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, "tolerations": { "description": "If specified, the pod's tolerations.", "items": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "description": "The pod this Toleration is attached to tolerates any taint that matches\nthe triple using the matching operator .", "properties": { "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", "type": "string" }, "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.", "type": "string" }, "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.", + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.", "type": "string" }, "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.", "format": "int64", "type": "integer" }, "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.", "type": "string" } }, @@ -4332,27 +6029,28 @@ "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", "properties": { "labelSelector": { - "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", + "description": "LabelSelector is used to find matching pods.\nPods that match this label selector are counted to determine the number of pods\nin their corresponding topology domain.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -4361,35 +6059,52 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which\nspreading will be calculated. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are ANDed with labelSelector\nto select the group of existing pods over which spreading will be calculated\nfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.\nMatchLabelKeys cannot be set when LabelSelector isn't set.\nKeys that don't exist in the incoming pod labels will\nbe ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "description": "MaxSkew describes the degree to which pods may be unevenly distributed.\nWhen `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference\nbetween the number of matching pods in the target topology and the global minimum.\nThe global minimum is the minimum number of matching pods in an eligible domain\nor zero if the number of eligible domains is less than MinDomains.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 2/2/1:\nIn this case, the global minimum is 1.\n| zone1 | zone2 | zone3 |\n| P P | P P | P |\n- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;\nscheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)\nviolate MaxSkew(1).\n- if MaxSkew is 2, incoming pod can be scheduled onto any zone.\nWhen `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence\nto topologies that satisfy it.\nIt's a required field. Default value is 1 and 0 is not allowed.", "format": "int32", "type": "integer" }, "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate.", + "description": "MinDomains indicates a minimum number of eligible domains.\nWhen the number of eligible domains with matching topology keys is less than minDomains,\nPod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed.\nAnd when the number of eligible domains with matching topology keys equals or greater than minDomains,\nthis value has no effect on scheduling.\nAs a result, when the number of eligible domains is less than minDomains,\nscheduler won't schedule more than maxSkew Pods to those domains.\nIf value is nil, the constraint behaves as if MinDomains is equal to 1.\nValid values are integers greater than 0.\nWhen value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same\nlabelSelector spread as 2/2/2:\n| zone1 | zone2 | zone3 |\n| P P | P P | P P |\nThe number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0.\nIn this situation, new pod with the same labelSelector cannot be scheduled,\nbecause computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,\nit will violate MaxSkew.", "format": "int32", "type": "integer" }, + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector\nwhen calculating pod topology spread skew. Options are:\n- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.\n- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating\npod topology spread skew. Options are:\n- Honor: nodes without taints, along with tainted nodes for which the incoming pod\nhas a toleration, are included.\n- Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\nThis is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.", + "type": "string" + }, "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key\nand identical values are considered to be in the same topology.\nWe consider each as a \"bucket\", and try to put balanced number\nof pods into each bucket.\nWe define a domain as a particular instance of a topology.\nAlso, we define an eligible domain as a domain whose nodes meet the requirements of\nnodeAffinityPolicy and nodeTaintsPolicy.\ne.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology.\nAnd, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology.\nIt's a required field.", "type": "string" }, "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.", + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy\nthe spread constraint.\n- DoNotSchedule (default) tells the scheduler not to schedule it.\n- ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod\nif and only if every possible node assignment for that pod would violate\n\"MaxSkew\" on some topology.\nFor example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same\nlabelSelector spread as 3/1/1:\n| zone1 | zone2 | zone3 |\n| P P P | P | P |\nIf WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled\nto zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\nMaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler\nwon't make it *more* imbalanced.\nIt's a required field.", "type": "string" } }, @@ -4407,16 +6122,16 @@ "type": "string" }, "volumeMounts": { - "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects.", + "description": "VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition.\nVolumeMounts specified will be appended to other VolumeMounts in the alertmanager container,\nthat are generated as a result of StorageSpec objects.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { @@ -4424,15 +6139,19 @@ "type": "string" }, "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -4445,28 +6164,28 @@ "type": "array" }, "volumes": { - "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects.", + "description": "Volumes allows configuration of additional volumes on the output StatefulSet definition.\nVolumes specified will be appended to other volumes that are generated as a result of\nStorageSpec objects.", "items": { "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "properties": { "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree\nawsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" }, "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", "format": "int32", "type": "integer" }, "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "description": "readOnly value true will force the readOnly setting in VolumeMounts.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "boolean" }, "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string" } }, @@ -4476,7 +6195,7 @@ "type": "object" }, "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.\nDeprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type\nare redirected to the disk.csi.azure.com CSI driver.", "properties": { "cachingMode": { "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.", @@ -4491,7 +6210,8 @@ "type": "string" }, "fsType": { - "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "default": "ext4", + "description": "fsType is Filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "kind": { @@ -4499,7 +6219,8 @@ "type": "string" }, "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "default": false, + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" } }, @@ -4510,10 +6231,10 @@ "type": "object" }, "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod.\nDeprecated: AzureFile is deprecated. All operations for the in-tree azureFile type\nare redirected to the file.csi.azure.com CSI driver.", "properties": { "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretName": { @@ -4532,32 +6253,34 @@ "type": "object" }, "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime", + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.\nDeprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", "properties": { "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "description": "monitors is Required: Monitors is a collection of Ceph monitors\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "boolean" }, "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" }, "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -4565,7 +6288,7 @@ "x-kubernetes-map-type": "atomic" }, "user": { - "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "description": "user is optional: User is the rados user name, default is admin\nMore info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "string" } }, @@ -4575,21 +6298,22 @@ "type": "object" }, "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine.\nDeprecated: Cinder is deprecated. All operations for the in-tree cinder type\nare redirected to the cinder.csi.openstack.org CSI driver.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "boolean" }, "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", + "description": "secretRef is optional: points to a secret object containing parameters used to connect\nto OpenStack.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -4597,7 +6321,7 @@ "x-kubernetes-map-type": "atomic" }, "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "description": "volumeID used to identify the volume in cinder.\nMore info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" } }, @@ -4610,12 +6334,12 @@ "description": "configMap represents a configMap that should populate this volume", "properties": { "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "defaultMode is optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { "description": "Maps a string key to a path within a volume.", "properties": { @@ -4624,12 +6348,12 @@ "type": "string" }, "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -4639,10 +6363,12 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4654,21 +6380,22 @@ "x-kubernetes-map-type": "atomic" }, "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).", + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", "properties": { "driver": { - "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "description": "driver is the name of the CSI driver that handles this volume.\nConsult with your admin for the correct name as registered in the cluster.", "type": "string" }, "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\".\nIf not provided, the empty value is passed to the associated CSI driver\nwhich will determine the default filesystem to apply.", "type": "string" }, "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", + "description": "nodePublishSecretRef is a reference to the secret object containing\nsensitive information to pass to the CSI driver to complete the CSI\nNodePublishVolume and NodeUnpublishVolume calls.\nThis field is optional, and may be empty if no secret is required. If the\nsecret object contains more than one secret, all secret references are passed.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -4676,14 +6403,14 @@ "x-kubernetes-map-type": "atomic" }, "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "description": "readOnly specifies a read-only configuration for the volume.\nDefaults to false (read/write).", "type": "boolean" }, "volumeAttributes": { "additionalProperties": { "type": "string" }, - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI\ndriver. Consult your driver's documentation for supported values.", "type": "object" } }, @@ -4696,7 +6423,7 @@ "description": "downwardAPI represents downward API about the pod that should populate this volume", "properties": { "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "Optional: mode bits to use on created files by default. Must be a\nOptional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDefaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, @@ -4706,7 +6433,7 @@ "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", @@ -4724,7 +6451,7 @@ "x-kubernetes-map-type": "atomic" }, "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, @@ -4733,7 +6460,7 @@ "type": "string" }, "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", @@ -4769,16 +6496,17 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "description": "emptyDir represents a temporary directory that shares a pod's lifetime.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "properties": { "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "description": "medium represents what type of storage medium should back this directory.\nThe default is \"\" which means to use the node's default medium.\nMust be an empty string (default) or Memory.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, "sizeLimit": { @@ -4790,7 +6518,7 @@ "type": "string" } ], - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir", + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume.\nThe size limit is also applicable for memory medium.\nThe maximum usage on memory medium EmptyDir would be the minimum value between\nthe SizeLimit specified here and the sum of memory limits of all containers in a pod.\nThe default is nil which means that the limit is undefined.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } @@ -4798,30 +6526,31 @@ "type": "object" }, "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time.", + "description": "ephemeral represents a volume that is handled by a cluster storage driver.\nThe volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,\nand deleted when the pod is removed.\n\nUse this if:\na) the volume is only needed while the pod runs,\nb) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and\nd) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific\nAPIs for volumes that persist for longer than the lifecycle\nof an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to\nbe used that way - see the documentation of the driver for\nmore information.\n\nA pod can use both types of ephemeral volumes and\npersistent volumes at the same time.", "properties": { "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil.", + "description": "Will be used to create a stand-alone PVC to provision the volume.\nThe pod in which this EphemeralVolumeSource is embedded will be the\nowner of the PVC, i.e. the PVC will be deleted together with the\npod. The name of the PVC will be `-` where\n`` is the name from the `PodSpec.Volumes` array\nentry. Pod validation will reject the pod if the concatenated name\nis not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod\nwill *not* be used for the pod to avoid using an unrelated\nvolume by mistake. Starting the pod is then blocked until\nthe unrelated PVC is removed. If such a pre-created PVC is\nmeant to be used by the pod, the PVC has to updated with an\nowner reference to the pod once the pod exists. Normally\nthis should not be necessary, but it may be useful when\nmanually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes\nto the PVC after it has been created.\n\nRequired, must not be nil.", "properties": { "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", + "description": "May contain labels and annotations that will be copied into the PVC\nwhen creating it. No other fields are allowed and will be rejected during\nvalidation.", "type": "object" }, "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", + "description": "The specification for the PersistentVolumeClaim. The entire content is\ncopied unchanged into the PVC that gets created from this\ntemplate. The same fields as in a PersistentVolumeClaim\nare also valid here.", "properties": { "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "description": "accessModes contains the desired access modes the volume should have.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "dataSource": { - "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.", + "description": "dataSource field can be used to specify either:\n* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)\n* An existing PVC (PersistentVolumeClaim)\nIf the provisioner or an external controller can support the specified data source,\nit will create a new volume based on the contents of the specified data source.\nWhen the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,\nand dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.\nIf the namespace is specified, then dataSourceRef will not be copied to dataSource.", "properties": { "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { @@ -4841,10 +6570,10 @@ "x-kubernetes-map-type": "atomic" }, "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.", + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty\nvolume is desired. This may be any object from a non-empty API group (non\ncore object) or a PersistentVolumeClaim object.\nWhen this field is specified, volume binding will only succeed if the type of\nthe specified object matches some installed volume populator or dynamic\nprovisioner.\nThis field will replace the functionality of the dataSource field and as such\nif both fields are non-empty, they must have the same value. For backwards\ncompatibility, when namespace isn't specified in dataSourceRef,\nboth fields (dataSource and dataSourceRef) will be set to the same\nvalue automatically if one of them is empty and the other is non-empty.\nWhen namespace is specified in dataSourceRef,\ndataSource isn't set to the same value and must be empty.\nThere are three important differences between dataSource and dataSourceRef:\n* While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.\n(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", "properties": { "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "description": "APIGroup is the group for the resource being referenced.\nIf APIGroup is not specified, the specified Kind must be in the core API group.\nFor any other third-party types, APIGroup is required.", "type": "string" }, "kind": { @@ -4854,17 +6583,20 @@ "name": { "description": "Name is the name of resource being referenced", "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced\nNote that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.\n(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" } }, "required": [ "kind", "name" ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, "resources": { - "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "description": "resources represents the minimum resources the volume should have.\nIf RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements\nthat are lower than previous value but must still be higher than capacity recorded in the\nstatus field of the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "properties": { "limits": { "additionalProperties": { @@ -4879,7 +6611,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -4895,7 +6627,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, @@ -4907,22 +6639,23 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -4931,13 +6664,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -4945,11 +6679,15 @@ "x-kubernetes-map-type": "atomic" }, "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "description": "storageClassName is the name of the StorageClass required by the claim.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.\nIf specified, the CSI driver will create or update the volume with the attributes defined\nin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,\nit can be changed after the claim is created. An empty string value means that no VolumeAttributesClass\nwill be applied to the claim but it's not allowed to reset this field to empty string once it is set.\nIf unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass\nwill be set by the persistentvolume controller if it exists.\nIf the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be\nset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource\nexists.\nMore info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/\n(Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).", "type": "string" }, "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.", + "description": "volumeMode defines what type of volume is required by the claim.\nValue of Filesystem is implied when not included in claim spec.", "type": "string" }, "volumeName": { @@ -4972,7 +6710,7 @@ "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "lun": { @@ -4981,7 +6719,7 @@ "type": "integer" }, "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "targetWWNs": { @@ -4989,27 +6727,29 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "description": "wwids Optional: FC volume world wide identifiers (wwids)\nEither wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "description": "flexVolume represents a generic volume resource that is\nprovisioned/attached using an exec based plugin.\nDeprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", "properties": { "driver": { "description": "driver is the name of the driver to use for this volume.", "type": "string" }, "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, "options": { @@ -5020,14 +6760,15 @@ "type": "object" }, "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "description": "secretRef is Optional: secretRef is reference to the secret object containing\nsensitive information to pass to the plugin scripts. This may be\nempty if no secret object is specified. If the secret object\ncontains more than one secret, all secrets are passed to the plugin\nscripts.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5041,10 +6782,10 @@ "type": "object" }, "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running", + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.\nDeprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", "properties": { "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker\nshould be considered as deprecated", "type": "string" }, "datasetUUID": { @@ -5055,23 +6796,23 @@ "type": "object" }, "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nDeprecated: GCEPersistentDisk is deprecated. All operations for the in-tree\ngcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "properties": { "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "description": "partition is the partition in the volume that you want to mount.\nIf omitted, the default is to mount by volume name.\nExamples: For volume /dev/sda1, you specify the partition as \"1\".\nSimilarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "format": "int32", "type": "integer" }, "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "boolean" } }, @@ -5081,10 +6822,10 @@ "type": "object" }, "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "description": "gitRepo represents a git repository at a particular revision.\nDeprecated: GitRepo is deprecated. To provision a container with a git repo, mount an\nEmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir\ninto the Pod's container.", "properties": { "directory": { - "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", + "description": "directory is the target directory name.\nMust not contain or start with '..'. If '.' is supplied, the volume directory will be the\ngit repository. Otherwise, if specified, the volume will contain the git repository in\nthe subdirectory with the given name.", "type": "string" }, "repository": { @@ -5102,18 +6843,18 @@ "type": "object" }, "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md", + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.\nDeprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md", "properties": { "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "description": "endpoints is the endpoint name that details Glusterfs topology.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "description": "path is the Glusterfs volume path.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "boolean" } }, @@ -5124,14 +6865,14 @@ "type": "object" }, "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.", + "description": "hostPath represents a pre-existing file or directory on the host\nmachine that is directly exposed to the container. This is generally\nused for system agents or other privileged things that are allowed\nto see the host machine. Most containers will NOT need this.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "properties": { "path": { - "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "description": "path of the directory on the host.\nIf the path is a symlink, it will follow the link to the real path.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" }, "type": { - "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "description": "type for HostPath Volume\nDefaults to \"\"\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string" } }, @@ -5140,8 +6881,22 @@ ], "type": "object" }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.\nThe volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\n- Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\n- IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.\nA failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.\nThe types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.\nThe OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.\nThe volume will be mounted read-only (ro) and non-executable files (noexec).\nSub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).\nThe field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "properties": { + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are:\nAlways: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.\nNever: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.\nIfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string" + }, + "reference": { + "description": "Required: Image or artifact reference to be used.\nBehaves in the same way as pod.spec.containers[*].image.\nPull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", + "type": "string" + } + }, + "type": "object" + }, "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md", + "description": "iscsi represents an ISCSI Disk resource that is attached to a\nkubelet's host machine and then exposed to the pod.\nMore info: https://examples.k8s.io/volumes/iscsi/README.md", "properties": { "chapAuthDiscovery": { "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", @@ -5152,11 +6907,11 @@ "type": "boolean" }, "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "description": "initiatorName is the custom iSCSI Initiator Name.\nIf initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface\n: will be created for the connection.", "type": "string" }, "iqn": { @@ -5164,7 +6919,8 @@ "type": "string" }, "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "default": "default", + "description": "iscsiInterface is the interface Name that uses an iSCSI transport.\nDefaults to 'default' (tcp).", "type": "string" }, "lun": { @@ -5173,21 +6929,23 @@ "type": "integer" }, "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.", "type": "boolean" }, "secretRef": { "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5195,7 +6953,7 @@ "x-kubernetes-map-type": "atomic" }, "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port\nis other than default (typically TCP ports 860 and 3260).", "type": "string" } }, @@ -5207,22 +6965,22 @@ "type": "object" }, "name": { - "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "name of the volume.\nMust be a DNS_LABEL and unique within the pod.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "properties": { "path": { - "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "description": "path that is exported by the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" }, "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "description": "readOnly here will force the NFS export to be mounted with read-only permissions.\nDefaults to false.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "boolean" }, "server": { - "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "description": "server is the hostname or IP address of the NFS server.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string" } }, @@ -5233,14 +6991,14 @@ "type": "object" }, "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "description": "persistentVolumeClaimVolumeSource represents a reference to a\nPersistentVolumeClaim in the same namespace.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "properties": { "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string" }, "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "description": "readOnly Will force the ReadOnly setting in VolumeMounts.\nDefault false.", "type": "boolean" } }, @@ -5250,10 +7008,10 @@ "type": "object" }, "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine", + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.\nDeprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "pdID": { @@ -5267,14 +7025,14 @@ "type": "object" }, "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine", + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine.\nDeprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type\nare redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate\nis on.", "properties": { "fsType": { - "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "description": "fSType represents the filesystem type to mount\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "volumeID": { @@ -5291,20 +7049,90 @@ "description": "projected items for all in one resources secrets, configmaps, and downward API", "properties": { "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "defaultMode are the mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "sources": { - "description": "sources is the list of volume projections", + "description": "sources is the list of volume projections. Each entry in this list\nhandles one source.", "items": { - "description": "Projection that may be projected along with other supported volume types", + "description": "Projection that may be projected along with other supported volume types.\nExactly one of these fields must be set.", "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field\nof ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the\ncombination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written\ninto the pod filesystem. Esoteric PEM features such as inter-block\ncomments and block headers are stripped. Certificates are deduplicated.\nThe ordering of certificates within the file is arbitrary, and Kubelet\nmay change the order over time.", + "properties": { + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has\neffect if signerName is set. Mutually-exclusive with name. If unset,\ninterpreted as \"match nothing\". If set but empty, interpreted as \"match\neverything\".", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive\nwith signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s)\naren't available. If using name, then the named ClusterTrustBundle is\nallowed not to exist. If using signerName, then the combination of\nsignerName and labelSelector is allowed to match zero\nClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name.\nMutually-exclusive with name. The contents of all selected\nClusterTrustBundles will be unified and deduplicated.", + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, "configMap": { "description": "configMap information about the configMap data to project", "properties": { "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nConfigMap will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the ConfigMap,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { "description": "Maps a string key to a path within a volume.", "properties": { @@ -5313,12 +7141,12 @@ "type": "string" }, "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -5328,10 +7156,12 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5351,7 +7181,7 @@ "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "properties": { "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", @@ -5369,7 +7199,7 @@ "x-kubernetes-map-type": "atomic" }, "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "Optional: mode bits used to set permissions on this file, must be an octal value\nbetween 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, @@ -5378,7 +7208,7 @@ "type": "string" }, "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", @@ -5414,7 +7244,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -5423,7 +7254,7 @@ "description": "secret information about the secret data to project", "properties": { "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "description": "items if unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { "description": "Maps a string key to a path within a volume.", "properties": { @@ -5432,12 +7263,12 @@ "type": "string" }, "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -5447,10 +7278,12 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5465,16 +7298,16 @@ "description": "serviceAccountToken is information about the serviceAccountToken data to project", "properties": { "audience": { - "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "description": "audience is the intended audience of the token. A recipient of a token\nmust identify itself with an identifier specified in the audience of the\ntoken, and otherwise should reject the token. The audience defaults to the\nidentifier of the apiserver.", "type": "string" }, "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "description": "expirationSeconds is the requested duration of validity of the service\naccount token. As the token approaches expiration, the kubelet volume\nplugin will proactively rotate the service account token. The kubelet will\nstart trying to rotate the token if the token is older than 80 percent of\nits time to live or if the token is older than 24 hours.Defaults to 1 hour\nand must be at least 10 minutes.", "format": "int64", "type": "integer" }, "path": { - "description": "path is the path relative to the mount point of the file to project the token into.", + "description": "path is the path relative to the mount point of the file to project the\ntoken into.", "type": "string" } }, @@ -5486,32 +7319,33 @@ }, "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime", + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime.\nDeprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", "properties": { "group": { - "description": "group to map volume access to Default is no group", + "description": "group to map volume access to\nDefault is no group", "type": "string" }, "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions.\nDefaults to false.", "type": "boolean" }, "registry": { - "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "description": "registry represents a single or multiple Quobyte Registry services\nspecified as a string as host:port pair (multiple entries are separated with commas)\nwhich acts as the central registry for volumes", "type": "string" }, "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", + "description": "tenant owning the given Quobyte volume in the Backend\nUsed with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, "user": { - "description": "user to map volume access to Defaults to serivceaccount user", + "description": "user to map volume access to\nDefaults to serivceaccount user", "type": "string" }, "volume": { @@ -5526,40 +7360,44 @@ "type": "object" }, "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md", + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.\nDeprecated: RBD is deprecated and the in-tree rbd type is no longer supported.\nMore info: https://examples.k8s.io/volumes/rbd/README.md", "properties": { "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine", + "description": "fsType is the filesystem type of the volume that you want to mount.\nTip: Ensure that the filesystem type is supported by the host operating system.\nExamples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "description": "image is the rados image name.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "default": "/etc/ceph/keyring", + "description": "keyring is the path to key ring for RBDUser.\nDefault is /etc/ceph/keyring.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "description": "monitors is a collection of Ceph monitors.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "default": "rbd", + "description": "pool is the rados pool name.\nDefault is rbd.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" }, "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "description": "readOnly here will force the ReadOnly setting in VolumeMounts.\nDefaults to false.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "description": "secretRef is name of the authentication secret for RBDUser. If provided\noverrides keyring.\nDefault is nil.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5567,7 +7405,8 @@ "x-kubernetes-map-type": "atomic" }, "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "default": "admin", + "description": "user is the rados user name.\nDefault is admin.\nMore info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string" } }, @@ -5578,10 +7417,11 @@ "type": "object" }, "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.", + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.\nDeprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "default": "xfs", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\".\nDefault is \"xfs\".", "type": "string" }, "gateway": { @@ -5593,14 +7433,15 @@ "type": "string" }, "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "description": "readOnly Defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "description": "secretRef references to the secret for ScaleIO user and other\nsensitive information. If this is not provided, Login operation will fail.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5612,7 +7453,8 @@ "type": "boolean" }, "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "default": "ThinProvisioned", + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.\nDefault is ThinProvisioned.", "type": "string" }, "storagePool": { @@ -5624,7 +7466,7 @@ "type": "string" }, "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "description": "volumeName is the name of a volume already created in the ScaleIO system\nthat is associated with this volume source.", "type": "string" } }, @@ -5636,15 +7478,15 @@ "type": "object" }, "secret": { - "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "description": "secret represents a secret that should populate this volume.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "properties": { "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values\nfor mode bits. Defaults to 0644.\nDirectories within the path are not affected by this setting.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "description": "items If unspecified, each key-value pair in the Data field of the referenced\nSecret will be projected into the volume as a file whose name is the\nkey and content is the value. If specified, the listed keys will be\nprojected into the specified paths, and unlisted keys will not be\npresent. If a key is specified which is not present in the Secret,\nthe volume setup will error unless it is marked optional. Paths must be\nrelative and may not contain the '..' path or start with '..'.", "items": { "description": "Maps a string key to a path within a volume.", "properties": { @@ -5653,12 +7495,12 @@ "type": "string" }, "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "description": "mode is Optional: mode bits used to set permissions on this file.\nMust be an octal value between 0000 and 0777 or a decimal value between 0 and 511.\nYAML accepts both octal and decimal values, JSON requires decimal values for mode bits.\nIf not specified, the volume defaultMode will be used.\nThis might be in conflict with other options that affect the file\nmode, like fsGroup, and the result can be other mode bits set.", "format": "int32", "type": "integer" }, "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + "description": "path is the relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.", "type": "string" } }, @@ -5668,35 +7510,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "optional": { "description": "optional field specify whether the Secret or its keys must be defined", "type": "boolean" }, "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "description": "secretName is the name of the secret in the pod's namespace to use.\nMore info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" } }, "type": "object" }, "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.", + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.\nDeprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", "properties": { "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "description": "fsType is the filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "description": "readOnly defaults to false (read/write). ReadOnly here will force\nthe ReadOnly setting in VolumeMounts.", "type": "boolean" }, "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "description": "secretRef specifies the secret to use for obtaining the StorageOS API\ncredentials. If not specified, default values will be attempted.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -5704,21 +7548,21 @@ "x-kubernetes-map-type": "atomic" }, "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "description": "volumeName is the human-readable name of the StorageOS volume. Volume\nnames are only unique within a namespace.", "type": "string" }, "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no\nnamespace is specified then the Pod's namespace will be used. This allows the\nKubernetes name scoping to be mirrored within StorageOS for tighter integration.\nSet VolumeName to any name to override the default behaviour.\nSet to \"default\" if you are not using namespaces within StorageOS.\nNamespaces that do not pre-exist within StorageOS will be created.", "type": "string" } }, "type": "object" }, "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine", + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.\nDeprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type\nare redirected to the csi.vsphere.vmware.com CSI driver.", "properties": { "fsType": { - "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "description": "fsType is filesystem type to mount.\nMust be a filesystem type supported by the host operating system.\nEx. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, "storagePolicyID": { @@ -5750,6 +7594,11 @@ "web": { "description": "Defines the web command line flags when starting Alertmanager.", "properties": { + "getConcurrency": { + "description": "Maximum number of GET requests processed concurrently. This corresponds to the\nAlertmanager's `--web.get-concurrency` flag.", + "format": "int32", + "type": "integer" + }, "httpConfig": { "description": "Defines HTTP parameters for web server.", "properties": { @@ -5757,15 +7606,15 @@ "description": "List of headers that can be added to HTTP responses.", "properties": { "contentSecurityPolicy": { - "description": "Set the Content-Security-Policy header to HTTP responses. Unset if blank.", + "description": "Set the Content-Security-Policy header to HTTP responses.\nUnset if blank.", "type": "string" }, "strictTransportSecurity": { - "description": "Set the Strict-Transport-Security header to HTTP responses. Unset if blank. Please make sure that you use this with care as this header might force browsers to load Prometheus and the other applications hosted on the same domain and subdomains over HTTPS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "description": "Set the Strict-Transport-Security header to HTTP responses.\nUnset if blank.\nPlease make sure that you use this with care as this header might force\nbrowsers to load Prometheus and the other applications hosted on the same\ndomain and subdomains over HTTPS.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", "type": "string" }, "xContentTypeOptions": { - "description": "Set the X-Content-Type-Options header to HTTP responses. Unset if blank. Accepted value is nosniff. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", + "description": "Set the X-Content-Type-Options header to HTTP responses.\nUnset if blank. Accepted value is nosniff.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options", "enum": [ "", "NoSniff" @@ -5773,7 +7622,7 @@ "type": "string" }, "xFrameOptions": { - "description": "Set the X-Frame-Options header to HTTP responses. Unset if blank. Accepted values are deny and sameorigin. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", + "description": "Set the X-Frame-Options header to HTTP responses.\nUnset if blank. Accepted values are deny and sameorigin.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options", "enum": [ "", "Deny", @@ -5782,7 +7631,7 @@ "type": "string" }, "xXSSProtection": { - "description": "Set the X-XSS-Protection header to all responses. Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", + "description": "Set the X-XSS-Protection header to all responses.\nUnset if blank.\nhttps://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection", "type": "string" } }, @@ -5790,18 +7639,23 @@ "additionalProperties": false }, "http2": { - "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS. When TLSConfig is not configured, HTTP/2 will be disabled. Whenever the value of the field changes, a rolling update will be triggered.", + "description": "Enable HTTP/2 support. Note that HTTP/2 is only supported with TLS.\nWhen TLSConfig is not configured, HTTP/2 will be disabled.\nWhenever the value of the field changes, a rolling update will be triggered.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, + "timeout": { + "description": "Timeout for HTTP requests. This corresponds to the Alertmanager's\n`--web.timeout` flag.", + "format": "int32", + "type": "integer" + }, "tlsConfig": { "description": "Defines the TLS parameters for HTTPS.", "properties": { "cert": { - "description": "Contains the TLS certificate for the server.", + "description": "Secret or ConfigMap containing the TLS certificate for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `certFile`.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -5811,7 +7665,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5834,7 +7689,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5853,15 +7709,19 @@ "type": "object", "additionalProperties": false }, + "certFile": { + "description": "Path to the TLS certificate file in the container for the web server.\n\nEither `keySecret` or `keyFile` must be defined.\n\nIt is mutually exclusive with `cert`.", + "type": "string" + }, "cipherSuites": { - "description": "List of supported cipher suites for TLS versions up to TLS 1.2. If empty, Go default cipher suites are used. Available cipher suites are documented in the go documentation: https://golang.org/pkg/crypto/tls/#pkg-constants", + "description": "List of supported cipher suites for TLS versions up to TLS 1.2.\n\nIf not defined, the Go default cipher suites are used.\nAvailable cipher suites are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#pkg-constants", "items": { "type": "string" }, "type": "array" }, "client_ca": { - "description": "Contains the CA certificate for client certificate authentication to the server.", + "description": "Secret or ConfigMap containing the CA certificate for client certificate\nauthentication to the server.\n\nIt is mutually exclusive with `clientCAFile`.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -5871,7 +7731,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5894,7 +7755,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5914,25 +7776,34 @@ "additionalProperties": false }, "clientAuthType": { - "description": "Server policy for client authentication. Maps to ClientAuth Policies. For more detail on clientAuth options: https://golang.org/pkg/crypto/tls/#ClientAuthType", + "description": "The server policy for client TLS authentication.\n\nFor more detail on clientAuth options:\nhttps://golang.org/pkg/crypto/tls/#ClientAuthType", + "type": "string" + }, + "clientCAFile": { + "description": "Path to the CA certificate file for client certificate authentication to\nthe server.\n\nIt is mutually exclusive with `client_ca`.", "type": "string" }, "curvePreferences": { - "description": "Elliptic curves that will be used in an ECDHE handshake, in preference order. Available curves are documented in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID", + "description": "Elliptic curves that will be used in an ECDHE handshake, in preference\norder.\n\nAvailable curves are documented in the Go documentation:\nhttps://golang.org/pkg/crypto/tls/#CurveID", "items": { "type": "string" }, "type": "array" }, + "keyFile": { + "description": "Path to the TLS private key file in the container for the web server.\n\nIf defined, either `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keySecret`.", + "type": "string" + }, "keySecret": { - "description": "Secret containing the TLS key for the server.", + "description": "Secret containing the TLS private key for the web server.\n\nEither `cert` or `certFile` must be defined.\n\nIt is mutually exclusive with `keyFile`.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -5948,22 +7819,18 @@ "additionalProperties": false }, "maxVersion": { - "description": "Maximum TLS version that is acceptable. Defaults to TLS13.", + "description": "Maximum TLS version that is acceptable.", "type": "string" }, "minVersion": { - "description": "Minimum TLS version that is acceptable. Defaults to TLS12.", + "description": "Minimum TLS version that is acceptable.", "type": "string" }, "preferServerCipherSuites": { - "description": "Controls whether the server selects the client's most preferred cipher suite, or the server's most preferred cipher suite. If true then the server's preference, as expressed in the order of elements in cipherSuites, is used.", + "description": "Controls whether the server selects the client's most preferred cipher\nsuite, or the server's most preferred cipher suite.\n\nIf true then the server's preference, as expressed in\nthe order of elements in cipherSuites, is used.", "type": "boolean" } }, - "required": [ - "cert", - "keySecret" - ], "type": "object", "additionalProperties": false } @@ -5976,29 +7843,80 @@ "additionalProperties": false }, "status": { - "description": "Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "Most recent observed status of the Alertmanager cluster. Read-only.\nMore info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { "availableReplicas": { - "description": "Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster.", + "description": "Total number of available pods (ready for at least minReadySeconds)\ntargeted by this Alertmanager cluster.", "format": "int32", "type": "integer" }, + "conditions": { + "description": "The current state of the Alertmanager object.", + "items": { + "description": "Condition represents the state of the resources associated with the\nPrometheus, Alertmanager or ThanosRuler resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status property.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details for the condition's last transition.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration represents the .metadata.generation that the\ncondition was set based upon. For instance, if `.metadata.generation` is\ncurrently 12, but the `.status.conditions[].observedGeneration` is 9, the\ncondition is out of date with respect to the current state of the\ninstance.", + "format": "int64", + "type": "integer" + }, + "reason": { + "description": "Reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition.", + "minLength": 1, + "type": "string" + }, + "type": { + "description": "Type of the condition being reported.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, "paused": { - "description": "Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed.", + "description": "Represents whether any actions on the underlying managed objects are\nbeing performed. Only delete actions will be performed.", "type": "boolean" }, "replicas": { - "description": "Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector).", + "description": "Total number of non-terminated pods targeted by this Alertmanager\nobject (their labels match the selector).", "format": "int32", "type": "integer" }, + "selector": { + "description": "The selector used to match the pods targeted by this Alertmanager object.", + "type": "string" + }, "unavailableReplicas": { - "description": "Total number of unavailable pods targeted by this Alertmanager cluster.", + "description": "Total number of unavailable pods targeted by this Alertmanager object.", "format": "int32", "type": "integer" }, "updatedReplicas": { - "description": "Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec.", + "description": "Total number of non-terminated pods targeted by this Alertmanager\nobject that have the desired version spec.", "format": "int32", "type": "integer" } diff --git a/master-standalone-strict/alertmanagerconfig-monitoring-v1alpha1.json b/master-standalone-strict/alertmanagerconfig-monitoring-v1alpha1.json index 4ef8df2..c0fa43f 100644 --- a/master-standalone-strict/alertmanagerconfig-monitoring-v1alpha1.json +++ b/master-standalone-strict/alertmanagerconfig-monitoring-v1alpha1.json @@ -1,39 +1,39 @@ { - "description": "AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster.", + "description": "AlertmanagerConfig configures the Prometheus Alertmanager,\nspecifying how alerts should be grouped, inhibited and notified to external systems.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource.", + "description": "AlertmanagerConfigSpec is a specification of the desired behavior of the\nAlertmanager configuration.\nBy default, the Alertmanager configuration only applies to alerts for which\nthe `namespace` label is equal to the namespace of the AlertmanagerConfig\nresource (see the `.spec.alertmanagerConfigMatcherStrategy` field of the\nAlertmanager CRD).", "properties": { "inhibitRules": { - "description": "List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace.", + "description": "List of inhibition rules. The rules will only apply to alerts matching\nthe resource's namespace.", "items": { - "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", + "description": "InhibitRule defines an inhibition rule that allows to mute alerts when other\nalerts are already firing.\nSee https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule", "properties": { "equal": { - "description": "Labels that must have an equal value in the source and target alert for the inhibition to take effect.", + "description": "Labels that must have an equal value in the source and target alert for\nthe inhibition to take effect.", "items": { "type": "string" }, "type": "array" }, "sourceMatch": { - "description": "Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace.", + "description": "Matchers for which one or more alerts have to exist for the inhibition\nto take effect. The operator enforces that the alert matches the\nresource's namespace.", "items": { "description": "Matcher defines how to match on alert's labels.", "properties": { "matchType": { - "description": "Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty.", + "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", "enum": [ "!=", "=", @@ -48,7 +48,7 @@ "type": "string" }, "regex": { - "description": "Whether to match on equality (false) or regular-expression (true). Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead.", + "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", "type": "boolean" }, "value": { @@ -64,12 +64,12 @@ "type": "array" }, "targetMatch": { - "description": "Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace.", + "description": "Matchers that have to be fulfilled in the alerts to be muted. The\noperator enforces that the alert matches the resource's namespace.", "items": { "description": "Matcher defines how to match on alert's labels.", "properties": { "matchType": { - "description": "Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty.", + "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", "enum": [ "!=", "=", @@ -84,7 +84,7 @@ "type": "string" }, "regex": { - "description": "Whether to match on equality (false) or regular-expression (true). Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead.", + "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", "type": "boolean" }, "value": { @@ -143,8 +143,8 @@ "months": { "description": "Months is a list of MonthRange", "items": { - "description": "MonthRange is an inclusive range of months of the year beginning in January Months can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March')", - "pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$)", + "description": "MonthRange is an inclusive range of months of the year beginning in January\nMonths can be specified by name (e.g 'January') by numerical month (e.g '1') or as an inclusive range (e.g 'January:March', '1:3', '1:March')", + "pattern": "^((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|1[0-2]|[1-9]))$)|$)", "type": "string" }, "type": "array" @@ -172,7 +172,7 @@ "weekdays": { "description": "Weekdays is a list of WeekdayRange", "items": { - "description": "WeekdayRange is an inclusive range of days of the week beginning on Sunday Days can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday')", + "description": "WeekdayRange is an inclusive range of days of the week beginning on Sunday\nDays can be specified by name (e.g 'Sunday') or as an inclusive range (e.g 'Monday:Friday')", "pattern": "^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$)", "type": "string" }, @@ -193,6 +193,9 @@ "type": "array" } }, + "required": [ + "name" + ], "type": "object" }, "type": "array" @@ -202,45 +205,21 @@ "items": { "description": "Receiver defines one or more notification integrations.", "properties": { - "emailConfigs": { - "description": "List of Email configurations.", + "discordConfigs": { + "description": "List of Discord configurations.", "items": { - "description": "EmailConfig configures notifications via Email.", + "description": "DiscordConfig configures notifications via Discord.\nSee https://prometheus.io/docs/alerting/latest/configuration/#discord_config", "properties": { - "authIdentity": { - "description": "The identity to use for authentication.", - "type": "string" - }, - "authPassword": { - "description": "The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object" - }, - "authSecret": { - "description": "The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "apiURL": { + "description": "The secret's key that contains the Discord webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -251,82 +230,72 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "authUsername": { - "description": "The username to use for authentication.", + "avatarURL": { + "description": "The avatar url of the message sender.", + "pattern": "^https?://.+$", "type": "string" }, - "from": { - "description": "The sender address.", + "content": { + "description": "The template of the content's body.", + "minLength": 1, "type": "string" }, - "headers": { - "description": "Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } + "type": "object" }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "hello": { - "description": "The hostname to identify to the SMTP server.", - "type": "string" - }, - "html": { - "description": "The HTML body of the email notification.", - "type": "string" - }, - "requireTLS": { - "description": "The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints.", - "type": "boolean" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "smarthost": { - "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", - "type": "string" - }, - "text": { - "description": "The text body of the email notification.", - "type": "string" - }, - "tlsConfig": { - "description": "TLS configuration", - "properties": { - "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { - "description": "The key to select.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -336,15 +305,16 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "secret": { - "description": "Secret containing data to use for the targets.", + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -361,22 +331,106 @@ }, "type": "object" }, - "cert": { - "description": "Struct containing the client cert file for the targets.", + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { - "configMap": { - "description": "ConfigMap containing data to use for the targets.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { - "description": "The key to select.", + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", + "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, @@ -386,15 +440,2790 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "secret": { - "description": "Secret containing data to use for the targets.", + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "message": { + "description": "The template of the message's body.", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "title": { + "description": "The template of the message's title.", + "type": "string" + }, + "username": { + "description": "The username of the message sender.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "apiURL" + ], + "type": "object" + }, + "type": "array" + }, + "emailConfigs": { + "description": "List of Email configurations.", + "items": { + "description": "EmailConfig configures notifications via Email.", + "properties": { + "authIdentity": { + "description": "The identity to use for authentication.", + "type": "string" + }, + "authPassword": { + "description": "The secret's key that contains the password to use for authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "authSecret": { + "description": "The secret's key that contains the CRAM-MD5 secret.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "authUsername": { + "description": "The username to use for authentication.", + "type": "string" + }, + "from": { + "description": "The sender address.", + "type": "string" + }, + "headers": { + "description": "Further headers email header key/value pairs. Overrides any headers\npreviously set by the notification implementation.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "hello": { + "description": "The hostname to identify to the SMTP server.", + "type": "string" + }, + "html": { + "description": "The HTML body of the email notification.", + "type": "string" + }, + "requireTLS": { + "description": "The SMTP TLS requirement.\nNote that Go does not support unencrypted connections to remote SMTP endpoints.", + "type": "boolean" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "smarthost": { + "description": "The SMTP host and port through which emails are sent. E.g. example.com:25", + "type": "string" + }, + "text": { + "description": "The text body of the email notification.", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "to": { + "description": "The email address to send notifications to.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "msteamsConfigs": { + "description": "List of MSTeams configurations.\nIt requires Alertmanager >= 0.26.0.", + "items": { + "description": "MSTeamsConfig configures notifications via Microsoft Teams.\nIt requires Alertmanager >= 0.26.0.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "summary": { + "description": "Message summary template.\nIt requires Alertmanager >= 0.27.0.", + "type": "string" + }, + "text": { + "description": "Message body template.", + "type": "string" + }, + "title": { + "description": "Message title template.", + "type": "string" + }, + "webhookUrl": { + "description": "MSTeams webhook URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "webhookUrl" + ], + "type": "object" + }, + "type": "array" + }, + "msteamsv2Configs": { + "description": "List of MSTeamsV2 configurations.\nIt requires Alertmanager >= 0.28.0.", + "items": { + "description": "MSTeamsV2Config configures notifications via Microsoft Teams using the new message format with adaptive cards as required by flows\nSee https://prometheus.io/docs/alerting/latest/configuration/#msteamsv2_config\nIt requires Alertmanager >= 0.28.0.", + "properties": { + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "sendResolved": { + "description": "Whether to notify about resolved alerts.", + "type": "boolean" + }, + "text": { + "description": "Message body template.", + "minLength": 1, + "type": "string" + }, + "title": { + "description": "Message title template.", + "minLength": 1, + "type": "string" + }, + "webhookURL": { + "description": "MSTeams incoming webhook URL.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "Name of the receiver. Must be unique across all items from the list.", + "minLength": 1, + "type": "string" + }, + "opsgenieConfigs": { + "description": "List of OpsGenie configurations.", + "items": { + "description": "OpsGenieConfig configures notifications via OpsGenie.\nSee https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", + "properties": { + "actions": { + "description": "Comma separated list of actions that will be available for the alert.", + "type": "string" + }, + "apiKey": { + "description": "The secret's key that contains the OpsGenie API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "apiURL": { + "description": "The URL to send OpsGenie API requests to.", + "type": "string" + }, + "description": { + "description": "Description of the incident.", + "type": "string" + }, + "details": { + "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "entity": { + "description": "Optional field that can be used to specify which domain alert is related to.", + "type": "string" + }, + "httpConfig": { + "description": "HTTP client configuration.", + "properties": { + "authorization": { + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "properties": { + "credentials": { + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": { + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", + "type": "string" + } + }, + "type": "object" + }, + "basicAuth": { + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "bearerTokenSecret": { + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "followRedirects": { + "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", + "type": "boolean" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "oauth2": { + "description": "OAuth2 client credentials used to fetch a token for the targets.", + "properties": { + "clientId": { + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "tlsConfig": { + "description": "TLS configuration for the client.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -407,89 +3236,119 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "insecureSkipVerify": { - "description": "Disable target certificate validation.", - "type": "boolean" - }, - "keySecret": { - "description": "Secret containing the client key file for the targets.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], "type": "string" }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" + "type": "object" } }, "type": "object" }, - "to": { - "description": "The email address to send notifications to.", + "message": { + "description": "Alert text limited to 130 characters.", + "type": "string" + }, + "note": { + "description": "Additional alert note.", + "type": "string" + }, + "priority": { + "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", + "type": "string" + }, + "responders": { + "description": "List of responders responsible for notifications.", + "items": { + "description": "OpsGenieConfigResponder defines a responder to an incident.\nOne of `id`, `name` or `username` has to be defined.", + "properties": { + "id": { + "description": "ID of the responder.", + "type": "string" + }, + "name": { + "description": "Name of the responder.", + "type": "string" + }, + "type": { + "description": "Type of responder.", + "minLength": 1, + "type": "string" + }, + "username": { + "description": "Username of the responder.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "type": "array" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "source": { + "description": "Backlink to the sender of the notification.", + "type": "string" + }, + "tags": { + "description": "Comma separated list of tags attached to the notifications.", "type": "string" + }, + "updateAlerts": { + "description": "Whether to update message and description of the alert in OpsGenie if it already exists\nBy default, the alert is never updated in OpsGenie, the new message only appears in activity log.", + "type": "boolean" } }, "type": "object" }, "type": "array" }, - "name": { - "description": "Name of the receiver. Must be unique across all items from the list.", - "minLength": 1, - "type": "string" - }, - "opsgenieConfigs": { - "description": "List of OpsGenie configurations.", + "pagerdutyConfigs": { + "description": "List of PagerDuty configurations.", "items": { - "description": "OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config", + "description": "PagerDutyConfig configures notifications via PagerDuty.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", "properties": { - "actions": { - "description": "Comma separated list of actions that will be available for the alert.", + "class": { + "description": "The class/type of the event.", "type": "string" }, - "apiKey": { - "description": "The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object" + "client": { + "description": "Client identification.", + "type": "string" }, - "apiURL": { - "description": "The URL to send OpsGenie API requests to.", + "clientURL": { + "description": "Backlink to the sender of notification.", + "type": "string" + }, + "component": { + "description": "The part or component of the affected system that is broken.", "type": "string" }, "description": { @@ -497,7 +3356,7 @@ "type": "string" }, "details": { - "description": "A set of arbitrary key/value pairs that provide further detail about the incident.", + "description": "Arbitrary key/value pairs that provide further detail about the incident.", "items": { "description": "KeyValue defines a (key, value) tuple.", "properties": { @@ -519,25 +3378,26 @@ }, "type": "array" }, - "entity": { - "description": "Optional field that can be used to specify which domain alert is related to.", + "group": { + "description": "A cluster or grouping of sources.", "type": "string" }, "httpConfig": { "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -552,24 +3412,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -584,14 +3445,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -609,14 +3471,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -627,17 +3490,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -647,7 +3515,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -669,7 +3538,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -687,14 +3557,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -712,18 +3583,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -735,15 +3811,55 @@ ], "type": "object" }, - "proxyURL": { - "description": "Optional proxy URL.", + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyURL": { + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -753,7 +3869,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -775,7 +3892,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -793,7 +3911,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -803,7 +3921,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -825,7 +3944,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -854,7 +3974,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -868,6 +3989,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -878,143 +4019,147 @@ }, "type": "object" }, - "message": { - "description": "Alert text limited to 130 characters.", - "type": "string" - }, - "note": { - "description": "Additional alert note.", - "type": "string" - }, - "priority": { - "description": "Priority level of alert. Possible values are P1, P2, P3, P4, and P5.", - "type": "string" - }, - "responders": { - "description": "List of responders responsible for notifications.", + "pagerDutyImageConfigs": { + "description": "A list of image details to attach that provide further detail about an incident.", "items": { - "description": "OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined.", + "description": "PagerDutyImageConfig attaches images to an incident", "properties": { - "id": { - "description": "ID of the responder.", + "alt": { + "description": "Alt is the optional alternative text for the image.", "type": "string" }, - "name": { - "description": "Name of the responder.", + "href": { + "description": "Optional URL; makes the image a clickable link.", "type": "string" }, - "type": { - "description": "Type of responder.", - "enum": [ - "team", - "teams", - "user", - "escalation", - "schedule" - ], - "minLength": 1, + "src": { + "description": "Src of the image being attached to the incident", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "pagerDutyLinkConfigs": { + "description": "A list of link details to attach that provide further detail about an incident.", + "items": { + "description": "PagerDutyLinkConfig attaches text links to an incident", + "properties": { + "alt": { + "description": "Text that describes the purpose of the link, and can be used as the link's text.", "type": "string" }, - "username": { - "description": "Username of the responder.", + "href": { + "description": "Href is the URL of the link to be attached", "type": "string" } }, - "required": [ - "type" - ], "type": "object" }, "type": "array" }, + "routingKey": { + "description": "The secret's key that contains the PagerDuty integration key (when using\nEvents API v2). Either this field or `serviceKey` needs to be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "sendResolved": { "description": "Whether or not to notify about resolved alerts.", "type": "boolean" }, - "source": { - "description": "Backlink to the sender of the notification.", + "serviceKey": { + "description": "The secret's key that contains the PagerDuty service key (when using\nintegration type \"Prometheus\"). Either this field or `routingKey` needs to\nbe defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "severity": { + "description": "Severity of the incident.", "type": "string" }, - "tags": { - "description": "Comma separated list of tags attached to the notifications.", + "source": { + "description": "Unique location of the affected system.", "type": "string" }, - "updateAlerts": { - "description": "Whether to update message and description of the alert in OpsGenie if it already exists By default, the alert is never updated in OpsGenie, the new message only appears in activity log.", - "type": "boolean" + "url": { + "description": "The URL to send requests to.", + "type": "string" } }, "type": "object" }, "type": "array" }, - "pagerdutyConfigs": { - "description": "List of PagerDuty configurations.", + "pushoverConfigs": { + "description": "List of Pushover configurations.", "items": { - "description": "PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config", + "description": "PushoverConfig configures notifications via Pushover.\nSee https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", "properties": { - "class": { - "description": "The class/type of the event.", - "type": "string" - }, - "client": { - "description": "Client identification.", - "type": "string" - }, - "clientURL": { - "description": "Backlink to the sender of notification.", - "type": "string" - }, - "component": { - "description": "The part or component of the affected system that is broken.", + "device": { + "description": "The name of a device to send the notification to", "type": "string" }, - "description": { - "description": "Description of the incident.", + "expire": { + "description": "How long your notification will continue to be retried for, unless the user\nacknowledges the notification.", + "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", "type": "string" }, - "details": { - "description": "Arbitrary key/value pairs that provide further detail about the incident.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "group": { - "description": "A cluster or grouping of sources.", - "type": "string" + "html": { + "description": "Whether notification message is HTML or plain text.", + "type": "boolean" }, "httpConfig": { "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1029,24 +4174,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1061,14 +4207,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1086,14 +4233,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1104,17 +4252,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1124,7 +4277,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1138,15 +4292,234 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "secret": { - "description": "Secret containing data to use for the targets.", + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1159,19 +4532,59 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, "type": "object" }, - "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1185,42 +4598,30 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters to append to the token URL", - "type": "object" - }, - "scopes": { - "description": "OAuth2 scopes used for the token request", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "The URL to fetch the token from", - "minLength": 1, - "type": "string" - } + "type": "array" }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1230,7 +4631,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1252,7 +4654,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1270,7 +4673,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1280,7 +4683,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1302,7 +4706,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1331,7 +4736,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1345,6 +4751,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1355,55 +4781,174 @@ }, "type": "object" }, - "pagerDutyImageConfigs": { - "description": "A list of image details to attach that provide further detail about an incident.", + "message": { + "description": "Notification message.", + "type": "string" + }, + "priority": { + "description": "Priority, see https://pushover.net/api#priority", + "type": "string" + }, + "retry": { + "description": "How often the Pushover servers will send the same notification to the user.\nMust be at least 30 seconds.", + "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "sound": { + "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", + "type": "string" + }, + "title": { + "description": "Notification title.", + "type": "string" + }, + "token": { + "description": "The secret's key that contains the registered application's API token, see https://pushover.net/apps.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `token` or `tokenFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "tokenFile": { + "description": "The token file that contains the registered application's API token, see https://pushover.net/apps.\nEither `token` or `tokenFile` is required.\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + }, + "ttl": { + "description": "The time to live definition for the alert notification", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, + "url": { + "description": "A supplementary URL shown alongside the message.", + "type": "string" + }, + "urlTitle": { + "description": "A title for supplementary URL, otherwise just the URL is shown", + "type": "string" + }, + "userKey": { + "description": "The secret's key that contains the recipient user's user key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\nEither `userKey` or `userKeyFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "userKeyFile": { + "description": "The user key file that contains the recipient user's user key.\nEither `userKey` or `userKeyFile` is required.\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "slackConfigs": { + "description": "List of Slack configurations.", + "items": { + "description": "SlackConfig configures notifications via Slack.\nSee https://prometheus.io/docs/alerting/latest/configuration/#slack_config", + "properties": { + "actions": { + "description": "A list of Slack actions that are sent with each notification.", "items": { - "description": "PagerDutyImageConfig attaches images to an incident", + "description": "SlackAction configures a single Slack action that is sent with each\nnotification.\nSee https://api.slack.com/docs/message-attachments#action_fields and\nhttps://api.slack.com/docs/message-buttons for more information.", "properties": { - "alt": { - "description": "Alt is the optional alternative text for the image.", + "confirm": { + "description": "SlackConfirmationField protect users from destructive actions or\nparticularly distinguished decisions by asking them to confirm their button\nclick one more time.\nSee https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields\nfor more information.", + "properties": { + "dismissText": { + "type": "string" + }, + "okText": { + "type": "string" + }, + "text": { + "minLength": 1, + "type": "string" + }, + "title": { + "type": "string" + } + }, + "required": [ + "text" + ], + "type": "object" + }, + "name": { "type": "string" }, - "href": { - "description": "Optional URL; makes the image a clickable link.", + "style": { "type": "string" }, - "src": { - "description": "Src of the image being attached to the incident", + "text": { + "minLength": 1, "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pagerDutyLinkConfigs": { - "description": "A list of link details to attach that provide further detail about an incident.", - "items": { - "description": "PagerDutyLinkConfig attaches text links to an incident", - "properties": { - "alt": { - "description": "Text that describes the purpose of the link, and can be used as the link's text.", + }, + "type": { + "minLength": 1, "type": "string" }, - "href": { - "description": "Href is the URL of the link to be attached", + "url": { + "type": "string" + }, + "value": { "type": "string" } }, + "required": [ + "text", + "type" + ], "type": "object" }, "type": "array" }, - "routingKey": { - "description": "The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "apiURL": { + "description": "The secret's key that contains the Slack webhook URL.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1414,75 +4959,66 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" + "callbackId": { + "type": "string" }, - "serviceKey": { - "description": "The secret's key that contains the PagerDuty service key (when using integration type \"Prometheus\"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" + "channel": { + "description": "The channel or user to send notifications to.", + "type": "string" + }, + "color": { + "type": "string" + }, + "fallback": { + "type": "string" + }, + "fields": { + "description": "A list of Slack fields that are sent with each notification.", + "items": { + "description": "SlackField configures a single Slack field that is sent with each notification.\nEach field must contain a title, value, and optionally, a boolean value to indicate if the field\nis short enough to be displayed next to other fields designated as short.\nSee https://api.slack.com/docs/message-attachments#fields for more information.", + "properties": { + "short": { + "type": "boolean" + }, + "title": { + "minLength": 1, + "type": "string" + }, + "value": { + "minLength": 1, + "type": "string" + } }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } + "required": [ + "title", + "value" + ], + "type": "object" }, - "required": [ - "key" - ], - "type": "object" - }, - "severity": { - "description": "Severity of the incident.", - "type": "string" + "type": "array" }, - "url": { - "description": "The URL to send requests to.", - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "pushoverConfigs": { - "description": "List of Pushover configurations.", - "items": { - "description": "PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config", - "properties": { - "expire": { - "description": "How long your notification will continue to be retried for, unless the user acknowledges the notification.", - "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", + "footer": { "type": "string" }, - "html": { - "description": "Whether notification message is HTML or plain text.", - "type": "boolean" - }, "httpConfig": { "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1497,24 +5033,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1529,14 +5066,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1554,14 +5092,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1572,17 +5111,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1592,7 +5136,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1614,7 +5159,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1632,14 +5178,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1657,18 +5204,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -1680,15 +5432,55 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1698,7 +5490,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1720,7 +5513,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1738,7 +5532,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1748,7 +5542,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1770,7 +5565,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1796,251 +5592,134 @@ "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "serverName": { - "description": "Used to verify the hostname for the targets.", - "type": "string" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "message": { - "description": "Notification message.", - "type": "string" - }, - "priority": { - "description": "Priority, see https://pushover.net/api#priority", - "type": "string" - }, - "retry": { - "description": "How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds.", - "pattern": "^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$", - "type": "string" - }, - "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", - "type": "boolean" - }, - "sound": { - "description": "The name of one of the sounds supported by device clients to override the user's default sound choice", - "type": "string" - }, - "title": { - "description": "Notification title.", - "type": "string" - }, - "token": { - "description": "The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object" - }, - "url": { - "description": "A supplementary URL shown alongside the message.", - "type": "string" - }, - "urlTitle": { - "description": "A title for supplementary URL, otherwise just the URL is shown", - "type": "string" - }, - "userKey": { - "description": "The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - }, - "slackConfigs": { - "description": "List of Slack configurations.", - "items": { - "description": "SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config", - "properties": { - "actions": { - "description": "A list of Slack actions that are sent with each notification.", - "items": { - "description": "SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information.", - "properties": { - "confirm": { - "description": "SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information.", - "properties": { - "dismissText": { - "type": "string" - }, - "okText": { - "type": "string" - }, - "text": { - "minLength": 1, - "type": "string" + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "title": { - "type": "string" - } + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "required": [ - "text" - ], - "type": "object" - }, - "name": { - "type": "string" - }, - "style": { - "type": "string" - }, - "text": { - "minLength": 1, - "type": "string" - }, - "type": { - "minLength": 1, - "type": "string" - }, - "url": { - "type": "string" + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } }, - "value": { - "type": "string" - } - }, - "required": [ - "text", - "type" - ], - "type": "object" - }, - "type": "array" - }, - "apiURL": { - "description": "The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" + "type": "object" } }, - "required": [ - "key" - ], "type": "object" }, - "callbackId": { + "iconEmoji": { "type": "string" }, - "channel": { - "description": "The channel or user to send notifications to.", + "iconURL": { "type": "string" }, - "color": { + "imageURL": { "type": "string" }, - "fallback": { - "type": "string" + "linkNames": { + "type": "boolean" }, - "fields": { - "description": "A list of Slack fields that are sent with each notification.", + "mrkdwnIn": { "items": { - "description": "SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information.", - "properties": { - "short": { - "type": "boolean" - }, - "title": { - "minLength": 1, - "type": "string" - }, - "value": { - "minLength": 1, - "type": "string" - } - }, - "required": [ - "title", - "value" - ], - "type": "object" + "type": "string" }, "type": "array" }, - "footer": { + "pretext": { + "type": "string" + }, + "sendResolved": { + "description": "Whether or not to notify about resolved alerts.", + "type": "boolean" + }, + "shortFields": { + "type": "boolean" + }, + "text": { + "type": "string" + }, + "thumbURL": { + "type": "string" + }, + "title": { + "type": "string" + }, + "titleLink": { + "type": "string" + }, + "username": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "snsConfigs": { + "description": "List of SNS configurations", + "items": { + "description": "SNSConfig configures notifications via AWS SNS.\nSee https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", + "properties": { + "apiURL": { + "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com.\nIf not specified, the SNS API URL from the SNS SDK will be used.", "type": "string" }, + "attributes": { + "additionalProperties": { + "type": "string" + }, + "description": "SNS message attributes.", + "type": "object" + }, "httpConfig": { "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2055,24 +5734,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2087,14 +5767,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2112,14 +5793,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2130,17 +5812,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -2150,7 +5837,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2172,7 +5860,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2190,14 +5879,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2215,38 +5905,283 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, - "type": "array" + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "tokenUrl": { - "description": "The URL to fetch the token from", - "minLength": 1, - "type": "string" - } + "type": "array" }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -2256,7 +6191,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2278,7 +6214,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2296,7 +6233,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -2306,7 +6243,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2328,7 +6266,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2357,7 +6296,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2371,6 +6311,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -2381,47 +6341,92 @@ }, "type": "object" }, - "iconEmoji": { - "type": "string" - }, - "iconURL": { - "type": "string" - }, - "imageURL": { + "message": { + "description": "The message content of the SNS notification.", "type": "string" }, - "linkNames": { - "type": "boolean" - }, - "mrkdwnIn": { - "items": { - "type": "string" - }, - "type": "array" - }, - "pretext": { + "phoneNumber": { + "description": "Phone number if message is delivered via SMS in E.164 format.\nIf you don't specify this value, you must specify a value for the TopicARN or TargetARN.", "type": "string" }, "sendResolved": { "description": "Whether or not to notify about resolved alerts.", "type": "boolean" }, - "shortFields": { - "type": "boolean" - }, - "text": { - "type": "string" - }, - "thumbURL": { - "type": "string" + "sigv4": { + "description": "Configures AWS's Signature Verification 4 signing process to sign requests.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" }, - "title": { + "subject": { + "description": "Subject line when the message is delivered to email endpoints.", "type": "string" }, - "titleLink": { + "targetARN": { + "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications.\nIf you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", "type": "string" }, - "username": { + "topicARN": { + "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic\nIf you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", "type": "string" } }, @@ -2429,37 +6434,67 @@ }, "type": "array" }, - "snsConfigs": { - "description": "List of SNS configurations", + "telegramConfigs": { + "description": "List of Telegram configurations.", "items": { - "description": "SNSConfig configures notifications via AWS SNS. See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs", + "description": "TelegramConfig configures notifications via Telegram.\nSee https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", "properties": { "apiURL": { - "description": "The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. If not specified, the SNS API URL from the SNS SDK will be used.", + "description": "The Telegram API URL i.e. https://api.telegram.org.\nIf not specified, default API URL will be used.", "type": "string" }, - "attributes": { - "additionalProperties": { - "type": "string" + "botToken": { + "description": "Telegram bot token. It is mutually exclusive with `botTokenFile`.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.\n\nEither `botToken` or `botTokenFile` is required.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } }, - "description": "SNS message attributes.", - "type": "object" + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "botTokenFile": { + "description": "File to read the Telegram bot token from. It is mutually exclusive with `botToken`.\nEither `botToken` or `botTokenFile` is required.\n\nIt requires Alertmanager >= v0.26.0.", + "type": "string" + }, + "chatID": { + "description": "The Telegram chat ID.", + "format": "int64", + "type": "integer" + }, + "disableNotifications": { + "description": "Disable telegram notifications", + "type": "boolean" }, "httpConfig": { "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2474,24 +6509,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2506,14 +6542,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2531,14 +6568,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2549,17 +6587,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -2569,7 +6612,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2591,7 +6635,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2609,14 +6654,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2634,18 +6680,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -2657,15 +6908,55 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -2675,7 +6966,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2697,7 +6989,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2715,7 +7008,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -2725,7 +7018,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2747,7 +7041,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2776,7 +7071,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2790,6 +7086,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -2801,114 +7117,50 @@ "type": "object" }, "message": { - "description": "The message content of the SNS notification.", + "description": "Message template", "type": "string" }, - "phoneNumber": { - "description": "Phone number if message is delivered via SMS in E.164 format. If you don't specify this value, you must specify a value for the TopicARN or TargetARN.", + "messageThreadID": { + "description": "The Telegram Group Topic ID.\nIt requires Alertmanager >= 0.26.0.", + "format": "int64", + "type": "integer" + }, + "parseMode": { + "description": "Parse mode for telegram message", + "enum": [ + "MarkdownV2", + "Markdown", + "HTML" + ], "type": "string" }, "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", + "description": "Whether to notify about resolved alerts.", "type": "boolean" - }, - "sigv4": { - "description": "Configures AWS's Signature Verification 4 signing process to sign requests.", - "properties": { - "accessKey": { - "description": "AccessKey is the AWS API key. If blank, the environment variable `AWS_ACCESS_KEY_ID` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - }, - "profile": { - "description": "Profile is the named AWS profile used to authenticate.", - "type": "string" - }, - "region": { - "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", - "type": "string" - }, - "roleArn": { - "description": "RoleArn is the named AWS profile used to authenticate.", - "type": "string" - }, - "secretKey": { - "description": "SecretKey is the AWS API secret. If blank, the environment variable `AWS_SECRET_ACCESS_KEY` is used.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" - } - }, - "type": "object" - }, - "subject": { - "description": "Subject line when the message is delivered to email endpoints.", - "type": "string" - }, - "targetARN": { - "description": "The mobile platform endpoint ARN if message is delivered via mobile notifications. If you don't specify this value, you must specify a value for the topic_arn or PhoneNumber.", - "type": "string" - }, - "topicARN": { - "description": "SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic If you don't specify this value, you must specify a value for the PhoneNumber or TargetARN.", - "type": "string" } }, + "required": [ + "chatID" + ], "type": "object" }, "type": "array" }, - "telegramConfigs": { - "description": "List of Telegram configurations.", + "victoropsConfigs": { + "description": "List of VictorOps configurations.", "items": { - "description": "TelegramConfig configures notifications via Telegram. See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config", + "description": "VictorOpsConfig configures notifications via VictorOps.\nSee https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", "properties": { - "apiURL": { - "description": "The Telegram API URL i.e. https://api.telegram.org. If not specified, default API URL will be used.", - "type": "string" - }, - "botToken": { - "description": "Telegram bot token The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "apiKey": { + "description": "The secret's key that contains the API key to use when talking to the VictorOps API.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2919,32 +7171,56 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "chatID": { - "description": "The Telegram chat ID.", - "format": "int64", - "type": "integer" + "apiUrl": { + "description": "The VictorOps API URL.", + "type": "string" }, - "disableNotifications": { - "description": "Disable telegram notifications", - "type": "boolean" + "customFields": { + "description": "Additional custom fields for notification.", + "items": { + "description": "KeyValue defines a (key, value) tuple.", + "properties": { + "key": { + "description": "Key of the tuple.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value of the tuple.", + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "entityDisplayName": { + "description": "Contains summary of the alerted problem.", + "type": "string" }, "httpConfig": { - "description": "HTTP client configuration.", + "description": "The HTTP client's configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2959,24 +7235,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2991,14 +7268,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3016,14 +7294,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3034,49 +7313,274 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", "properties": { - "key": { - "description": "The key to select.", - "type": "string" + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientSecret": { + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "additionalProperties": { + "type": "string" + }, + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", + "type": "object" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "scopes": { + "description": "`scopes` defines the OAuth2 scopes used for the token request.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" } }, - "required": [ - "key" - ], - "type": "object", - "x-kubernetes-map-type": "atomic" + "type": "object" }, - "secret": { - "description": "Secret containing data to use for the targets.", + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3089,19 +7593,59 @@ ], "type": "object", "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" } }, "type": "object" }, - "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "tokenUrl": { + "description": "`tokenURL` configures the URL to fetch the token from.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tokenUrl" + ], + "type": "object" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3115,42 +7659,30 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, - "endpointParams": { - "additionalProperties": { - "type": "string" - }, - "description": "Parameters to append to the token URL", - "type": "object" - }, - "scopes": { - "description": "OAuth2 scopes used for the token request", - "items": { - "type": "string" - }, - "type": "array" - }, - "tokenUrl": { - "description": "The URL to fetch the token from", - "minLength": 1, - "type": "string" - } + "type": "array" }, - "required": [ - "clientId", - "clientSecret", - "tokenUrl" - ], - "type": "object" + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3160,7 +7692,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3182,7 +7715,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3200,7 +7734,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3210,7 +7744,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3232,7 +7767,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3261,7 +7797,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3275,6 +7812,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -3285,100 +7842,57 @@ }, "type": "object" }, - "message": { - "description": "Message template", + "messageType": { + "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", "type": "string" }, - "parseMode": { - "description": "Parse mode for telegram message", - "enum": [ - "MarkdownV2", - "Markdown", - "HTML" - ], + "monitoringTool": { + "description": "The monitoring tool the state message is from.", + "type": "string" + }, + "routingKey": { + "description": "A key used to map the alert to a team.", "type": "string" }, "sendResolved": { - "description": "Whether to notify about resolved alerts.", + "description": "Whether or not to notify about resolved alerts.", "type": "boolean" + }, + "stateMessage": { + "description": "Contains long explanation of the alerted problem.", + "type": "string" } }, "type": "object" }, "type": "array" }, - "victoropsConfigs": { - "description": "List of VictorOps configurations.", + "webexConfigs": { + "description": "List of Webex configurations.", "items": { - "description": "VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config", + "description": "WebexConfig configures notification via Cisco Webex\nSee https://prometheus.io/docs/alerting/latest/configuration/#webex_config", "properties": { - "apiKey": { - "description": "The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", - "type": "string" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "required": [ - "key" - ], - "type": "object" - }, - "apiUrl": { - "description": "The VictorOps API URL.", - "type": "string" - }, - "customFields": { - "description": "Additional custom fields for notification.", - "items": { - "description": "KeyValue defines a (key, value) tuple.", - "properties": { - "key": { - "description": "Key of the tuple.", - "minLength": 1, - "type": "string" - }, - "value": { - "description": "Value of the tuple.", - "type": "string" - } - }, - "required": [ - "key", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "entityDisplayName": { - "description": "Contains summary of the alerted problem.", + "apiURL": { + "description": "The Webex Teams API URL i.e. https://webexapis.com/v1/messages\nProvide if different from the default API URL.", + "pattern": "^https?://.+$", "type": "string" }, "httpConfig": { - "description": "The HTTP client's configuration.", + "description": "The HTTP client's configuration.\nYou must supply the bot token via the `httpConfig.authorization` field.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3393,24 +7907,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3425,14 +7940,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3450,14 +7966,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3468,17 +7985,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3488,7 +8010,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3510,7 +8033,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3528,14 +8052,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3553,18 +8078,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -3576,15 +8306,55 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3594,7 +8364,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3616,7 +8387,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3634,7 +8406,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3644,7 +8416,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3666,7 +8439,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3695,7 +8469,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3709,6 +8484,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -3719,27 +8514,23 @@ }, "type": "object" }, - "messageType": { - "description": "Describes the behavior of the alert (CRITICAL, WARNING, INFO).", - "type": "string" - }, - "monitoringTool": { - "description": "The monitoring tool the state message is from.", + "message": { + "description": "Message template", "type": "string" }, - "routingKey": { - "description": "A key used to map the alert to a team.", + "roomID": { + "description": "ID of the Webex Teams room where to send the messages.", + "minLength": 1, "type": "string" }, "sendResolved": { - "description": "Whether or not to notify about resolved alerts.", + "description": "Whether to notify about resolved alerts.", "type": "boolean" - }, - "stateMessage": { - "description": "Contains long explanation of the alerted problem.", - "type": "string" } }, + "required": [ + "roomID" + ], "type": "object" }, "type": "array" @@ -3747,23 +8538,24 @@ "webhookConfigs": { "description": "List of webhook configurations.", "items": { - "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", + "description": "WebhookConfig configures notifications via a generic receiver supporting the webhook payload.\nSee https://prometheus.io/docs/alerting/latest/configuration/#webhook_config", "properties": { "httpConfig": { "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3778,24 +8570,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3810,14 +8603,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3835,14 +8629,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3853,17 +8648,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3873,7 +8673,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3895,7 +8696,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3913,14 +8715,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -3938,18 +8741,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -3961,15 +8969,55 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -3979,7 +9027,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4001,7 +9050,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4019,7 +9069,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -4029,7 +9079,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4051,7 +9102,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4080,7 +9132,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4094,6 +9147,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4114,19 +9187,25 @@ "description": "Whether or not to notify about resolved alerts.", "type": "boolean" }, + "timeout": { + "description": "The maximum time to wait for a webhook request to complete, before failing the\nrequest and allowing it to be retried.\nIt requires Alertmanager >= v0.28.0.", + "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", + "type": "string" + }, "url": { - "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined.", + "description": "The URL to send HTTP POST requests to. `urlSecret` takes precedence over\n`url`. One of `urlSecret` and `url` should be defined.", "type": "string" }, "urlSecret": { - "description": "The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the webhook URL to send HTTP requests to.\n`urlSecret` takes precedence over `url`. One of `urlSecret` and `url`\nshould be defined.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4137,7 +9216,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -4147,20 +9227,21 @@ "wechatConfigs": { "description": "List of WeChat configurations.", "items": { - "description": "WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", + "description": "WeChatConfig configures notifications via WeChat.\nSee https://prometheus.io/docs/alerting/latest/configuration/#wechat_config", "properties": { "agentID": { "type": "string" }, "apiSecret": { - "description": "The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the WeChat API key.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4171,7 +9252,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "apiURL": { "description": "The WeChat API URL.", @@ -4185,17 +9267,18 @@ "description": "HTTP client configuration.", "properties": { "authorization": { - "description": "Authorization header configuration for the client. This is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", + "description": "Authorization header configuration for the client.\nThis is mutually exclusive with BasicAuth and is only available starting from Alertmanager v0.22+.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4210,24 +9293,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth for the client. This is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", + "description": "BasicAuth for the client.\nThis is mutually exclusive with Authorization. If both are defined, BasicAuth takes precedence.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4242,14 +9326,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4267,14 +9352,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator.", + "description": "The secret's key that contains the bearer token to be used by the client\nfor authentication.\nThe secret needs to be in the same namespace as the AlertmanagerConfig\nobject and accessible by the Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4285,17 +9371,22 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "followRedirects": { "description": "FollowRedirects specifies whether the client should follow HTTP 3xx redirects.", "type": "boolean" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, "oauth2": { "description": "OAuth2 client credentials used to fetch a token for the targets.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -4305,7 +9396,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4327,7 +9419,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4345,14 +9438,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4370,18 +9464,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -4393,15 +9692,55 @@ ], "type": "object" }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, "proxyURL": { - "description": "Optional proxy URL.", + "description": "Optional proxy URL.\n\nIf defined, this field takes precedence over `proxyUrl`.", + "type": "string" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", "type": "string" }, "tlsConfig": { "description": "TLS configuration for the client.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -4411,7 +9750,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4433,7 +9773,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4451,7 +9792,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -4461,7 +9802,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4483,7 +9825,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4512,7 +9855,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -4526,6 +9870,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -4570,34 +9934,41 @@ "type": "array" }, "route": { - "description": "The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route.", + "description": "The Alertmanager route definition for alerts matching the resource's\nnamespace. If present, it will be added to the generated Alertmanager\nconfiguration as a first-level route.", "properties": { + "activeTimeIntervals": { + "description": "ActiveTimeIntervals is a list of MuteTimeInterval names when this route should be active.", + "items": { + "type": "string" + }, + "type": "array" + }, "continue": { - "description": "Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator.", + "description": "Boolean indicating whether an alert should continue matching subsequent\nsibling nodes. It will always be overridden to true for the first-level\nroute by the Prometheus operator.", "type": "boolean" }, "groupBy": { - "description": "List of labels to group by. Labels must not be repeated (unique list). Special label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", + "description": "List of labels to group by.\nLabels must not be repeated (unique list).\nSpecial label \"...\" (aggregate by all possible labels), if provided, must be the only element in the list.", "items": { "type": "string" }, "type": "array" }, "groupInterval": { - "description": "How long to wait before sending an updated notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"5m\"", + "description": "How long to wait before sending an updated notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"5m\"", "type": "string" }, "groupWait": { - "description": "How long to wait before sending the initial notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"30s\"", + "description": "How long to wait before sending the initial notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"30s\"", "type": "string" }, "matchers": { - "description": "List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher.", + "description": "List of matchers that the alert's labels should match. For the first\nlevel route, the operator removes any existing equality and regexp\nmatcher on the `namespace` label and adds a `namespace: ` matcher.", "items": { "description": "Matcher defines how to match on alert's labels.", "properties": { "matchType": { - "description": "Match operation available with AlertManager >= v0.22.0 and takes precedence over Regex (deprecated) if non-empty.", + "description": "Match operation available with AlertManager >= v0.22.0 and\ntakes precedence over Regex (deprecated) if non-empty.", "enum": [ "!=", "=", @@ -4612,7 +9983,7 @@ "type": "string" }, "regex": { - "description": "Whether to match on equality (false) or regular-expression (true). Deprecated as of AlertManager >= v0.22.0 where a user should use MatchType instead.", + "description": "Whether to match on equality (false) or regular-expression (true).\nDeprecated: for AlertManager >= v0.22.0, `matchType` should be used instead.", "type": "boolean" }, "value": { @@ -4628,18 +9999,18 @@ "type": "array" }, "muteTimeIntervals": { - "description": "Note: this comment applies to the field definition above but appears below otherwise it gets included in the generated manifest. CRD schema doesn't support self-referential types for now (see https://github.com/kubernetes/kubernetes/issues/62872). We have to use an alternative type to circumvent the limitation. The downside is that the Kube API can't validate the data beyond the fact that it is a valid JSON representation. MuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,", + "description": "Note: this comment applies to the field definition above but appears\nbelow otherwise it gets included in the generated manifest.\nCRD schema doesn't support self-referential types for now (see\nhttps://github.com/kubernetes/kubernetes/issues/62872). We have to use\nan alternative type to circumvent the limitation. The downside is that\nthe Kube API can't validate the data beyond the fact that it is a valid\nJSON representation.\nMuteTimeIntervals is a list of MuteTimeInterval names that will mute this route when matched,", "items": { "type": "string" }, "type": "array" }, "receiver": { - "description": "Name of the receiver for this route. If not empty, it should be listed in the `receivers` field.", + "description": "Name of the receiver for this route. If not empty, it should be listed in\nthe `receivers` field.", "type": "string" }, "repeatInterval": { - "description": "How long to wait before repeating the last notification. Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` Example: \"4h\"", + "description": "How long to wait before repeating the last notification.\nMust match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$`\nExample: \"4h\"", "type": "string" }, "routes": { diff --git a/master-standalone-strict/analysisrun-argoproj-v1alpha1.json b/master-standalone-strict/analysisrun-argoproj-v1alpha1.json index 23d4e18..0d95bba 100644 --- a/master-standalone-strict/analysisrun-argoproj-v1alpha1.json +++ b/master-standalone-strict/analysisrun-argoproj-v1alpha1.json @@ -106,6 +106,17 @@ ], "x-kubernetes-int-or-string": true }, + "consecutiveSuccessLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, "count": { "anyOf": [ { @@ -244,16 +255,56 @@ }, "datadog": { "properties": { + "aggregator": { + "enum": [ + "avg", + "min", + "max", + "sum", + "last", + "percentile", + "mean", + "l2norm", + "area" + ], + "type": "string" + }, + "apiVersion": { + "default": "v1", + "enum": [ + "v1", + "v2" + ], + "type": "string" + }, + "formula": { + "type": "string" + }, "interval": { + "default": "5m", "type": "string" }, + "queries": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, "query": { "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "namespaced": { + "type": "boolean" + } + }, + "type": "object" } }, - "required": [ - "query" - ], "type": "object" }, "graphite": { @@ -267,6 +318,17 @@ }, "type": "object" }, + "influxdb": { + "properties": { + "profile": { + "type": "string" + }, + "query": { + "type": "string" + } + }, + "type": "object" + }, "job": { "properties": { "metadata": { @@ -296,6 +358,10 @@ "format": "int32", "type": "integer" }, + "backoffLimitPerIndex": { + "format": "int32", + "type": "integer" + }, "completionMode": { "type": "string" }, @@ -306,10 +372,82 @@ "manualSelector": { "type": "boolean" }, + "maxFailedIndexes": { + "format": "int32", + "type": "integer" + }, "parallelism": { "format": "int32", "type": "integer" }, + "podFailurePolicy": { + "properties": { + "rules": { + "items": { + "properties": { + "action": { + "type": "string" + }, + "onExitCodes": { + "properties": { + "containerName": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator", + "values" + ], + "type": "object" + }, + "onPodConditions": { + "items": { + "properties": { + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "rules" + ], + "type": "object" + }, + "podReplacementPolicy": { + "type": "string" + }, "selector": { "properties": { "matchExpressions": { @@ -343,7 +481,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "suspend": { "type": "boolean" @@ -431,7 +570,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "weight": { "format": "int32", @@ -500,7 +640,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" } @@ -508,7 +649,8 @@ "required": [ "nodeSelectorTerms" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -553,7 +695,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -588,7 +745,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -654,7 +812,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -689,7 +862,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -751,7 +925,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -786,7 +975,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -852,7 +1042,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -887,7 +1092,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -956,7 +1162,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -970,7 +1177,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -996,7 +1204,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1013,7 +1222,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1038,7 +1248,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1052,7 +1263,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1126,6 +1338,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1210,6 +1434,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1521,8 +1757,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -1532,6 +1805,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -1900,7 +2176,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -1914,7 +2191,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -1940,7 +2218,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1957,7 +2236,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1982,7 +2262,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1996,7 +2277,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2070,6 +2352,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2154,6 +2448,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2465,8 +2771,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -2476,6 +2819,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -2795,6 +3141,9 @@ "hostPID": { "type": "boolean" }, + "hostUsers": { + "type": "boolean" + }, "hostname": { "type": "string" }, @@ -2805,7 +3154,8 @@ "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, @@ -2850,7 +3200,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -2864,7 +3215,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -2890,7 +3242,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -2907,7 +3260,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2932,7 +3286,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -2946,7 +3301,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -3020,6 +3376,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3104,6 +3472,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3415,8 +3795,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -3426,6 +3843,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -3776,6 +4196,35 @@ }, "type": "array" }, + "resourceClaims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "source": { + "properties": { + "resourceClaimName": { + "type": "string" + }, + "resourceClaimTemplateName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "restartPolicy": { "type": "string" }, @@ -3785,6 +4234,24 @@ "schedulerName": { "type": "string" }, + "schedulingGates": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "securityContext": { "properties": { "fsGroup": { @@ -3960,12 +4427,30 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "maxSkew": { "format": "int32", "type": "integer" }, + "minDomains": { + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, "topologyKey": { "type": "string" }, @@ -4144,6 +4629,10 @@ }, "query": { "type": "string" + }, + "timeout": { + "format": "int64", + "type": "integer" } }, "required": [ @@ -4151,11 +4640,107 @@ ], "type": "object" }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "prometheus": { "properties": { "address": { "type": "string" }, + "authentication": { + "properties": { + "oauth2": { + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "type": "string" + } + }, + "type": "object" + }, + "sigv4": { + "properties": { + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "insecure": { + "type": "boolean" + }, + "query": { + "type": "string" + }, + "rangeQuery": { + "properties": { + "end": { + "type": "string" + }, + "start": { + "type": "string" + }, + "step": { + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "skywalking": { + "properties": { + "address": { + "type": "string" + }, + "interval": { + "type": "string" + }, "query": { "type": "string" } @@ -4175,6 +4760,45 @@ }, "web": { "properties": { + "authentication": { + "properties": { + "oauth2": { + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "type": "string" + } + }, + "type": "object" + }, + "sigv4": { + "properties": { + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, "body": { "type": "string" }, @@ -4199,6 +4823,10 @@ "insecure": { "type": "boolean" }, + "jsonBody": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "jsonPath": { "type": "string" }, @@ -4235,6 +4863,24 @@ }, "terminate": { "type": "boolean" + }, + "ttlStrategy": { + "properties": { + "secondsAfterCompletion": { + "format": "int32", + "type": "integer" + }, + "secondsAfterFailure": { + "format": "int32", + "type": "integer" + }, + "secondsAfterSuccess": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false } }, "required": [ @@ -4245,6 +4891,10 @@ }, "status": { "properties": { + "completedAt": { + "format": "date-time", + "type": "string" + }, "dryRunSummary": { "properties": { "count": { @@ -4280,6 +4930,10 @@ "format": "int32", "type": "integer" }, + "consecutiveSuccess": { + "format": "int32", + "type": "integer" + }, "count": { "format": "int32", "type": "integer" diff --git a/master-standalone-strict/analysistemplate-argoproj-v1alpha1.json b/master-standalone-strict/analysistemplate-argoproj-v1alpha1.json index 027abe9..fadd2dd 100644 --- a/master-standalone-strict/analysistemplate-argoproj-v1alpha1.json +++ b/master-standalone-strict/analysistemplate-argoproj-v1alpha1.json @@ -106,6 +106,17 @@ ], "x-kubernetes-int-or-string": true }, + "consecutiveSuccessLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, "count": { "anyOf": [ { @@ -244,16 +255,56 @@ }, "datadog": { "properties": { + "aggregator": { + "enum": [ + "avg", + "min", + "max", + "sum", + "last", + "percentile", + "mean", + "l2norm", + "area" + ], + "type": "string" + }, + "apiVersion": { + "default": "v1", + "enum": [ + "v1", + "v2" + ], + "type": "string" + }, + "formula": { + "type": "string" + }, "interval": { + "default": "5m", "type": "string" }, + "queries": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, "query": { "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "namespaced": { + "type": "boolean" + } + }, + "type": "object" } }, - "required": [ - "query" - ], "type": "object" }, "graphite": { @@ -267,6 +318,17 @@ }, "type": "object" }, + "influxdb": { + "properties": { + "profile": { + "type": "string" + }, + "query": { + "type": "string" + } + }, + "type": "object" + }, "job": { "properties": { "metadata": { @@ -296,6 +358,10 @@ "format": "int32", "type": "integer" }, + "backoffLimitPerIndex": { + "format": "int32", + "type": "integer" + }, "completionMode": { "type": "string" }, @@ -306,10 +372,82 @@ "manualSelector": { "type": "boolean" }, + "maxFailedIndexes": { + "format": "int32", + "type": "integer" + }, "parallelism": { "format": "int32", "type": "integer" }, + "podFailurePolicy": { + "properties": { + "rules": { + "items": { + "properties": { + "action": { + "type": "string" + }, + "onExitCodes": { + "properties": { + "containerName": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator", + "values" + ], + "type": "object" + }, + "onPodConditions": { + "items": { + "properties": { + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "rules" + ], + "type": "object" + }, + "podReplacementPolicy": { + "type": "string" + }, "selector": { "properties": { "matchExpressions": { @@ -343,7 +481,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "suspend": { "type": "boolean" @@ -431,7 +570,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "weight": { "format": "int32", @@ -500,7 +640,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" } @@ -508,7 +649,8 @@ "required": [ "nodeSelectorTerms" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -553,7 +695,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -588,7 +745,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -654,7 +812,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -689,7 +862,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -751,7 +925,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -786,7 +975,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -852,7 +1042,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -887,7 +1092,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -956,7 +1162,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -970,7 +1177,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -996,7 +1204,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1013,7 +1222,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1038,7 +1248,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1052,7 +1263,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1126,6 +1338,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1210,6 +1434,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1521,8 +1757,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -1532,6 +1805,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -1900,7 +2176,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -1914,7 +2191,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -1940,7 +2218,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1957,7 +2236,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1982,7 +2262,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1996,7 +2277,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2070,6 +2352,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2154,6 +2448,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2465,8 +2771,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -2476,6 +2819,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -2795,6 +3141,9 @@ "hostPID": { "type": "boolean" }, + "hostUsers": { + "type": "boolean" + }, "hostname": { "type": "string" }, @@ -2805,7 +3154,8 @@ "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, @@ -2850,7 +3200,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -2864,7 +3215,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -2890,7 +3242,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -2907,7 +3260,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2932,7 +3286,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -2946,7 +3301,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -3020,6 +3376,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3104,6 +3472,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3415,8 +3795,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -3426,6 +3843,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -3776,6 +4196,35 @@ }, "type": "array" }, + "resourceClaims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "source": { + "properties": { + "resourceClaimName": { + "type": "string" + }, + "resourceClaimTemplateName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "restartPolicy": { "type": "string" }, @@ -3785,6 +4234,24 @@ "schedulerName": { "type": "string" }, + "schedulingGates": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "securityContext": { "properties": { "fsGroup": { @@ -3960,12 +4427,30 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "maxSkew": { "format": "int32", "type": "integer" }, + "minDomains": { + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, "topologyKey": { "type": "string" }, @@ -4144,6 +4629,10 @@ }, "query": { "type": "string" + }, + "timeout": { + "format": "int64", + "type": "integer" } }, "required": [ @@ -4151,11 +4640,107 @@ ], "type": "object" }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "prometheus": { "properties": { "address": { "type": "string" }, + "authentication": { + "properties": { + "oauth2": { + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "type": "string" + } + }, + "type": "object" + }, + "sigv4": { + "properties": { + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "insecure": { + "type": "boolean" + }, + "query": { + "type": "string" + }, + "rangeQuery": { + "properties": { + "end": { + "type": "string" + }, + "start": { + "type": "string" + }, + "step": { + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "skywalking": { + "properties": { + "address": { + "type": "string" + }, + "interval": { + "type": "string" + }, "query": { "type": "string" } @@ -4175,6 +4760,45 @@ }, "web": { "properties": { + "authentication": { + "properties": { + "oauth2": { + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "type": "string" + } + }, + "type": "object" + }, + "sigv4": { + "properties": { + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, "body": { "type": "string" }, @@ -4199,6 +4823,10 @@ "insecure": { "type": "boolean" }, + "jsonBody": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "jsonPath": { "type": "string" }, @@ -4232,11 +4860,22 @@ "type": "object" }, "type": "array" + }, + "templates": { + "items": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "templateName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, - "required": [ - "metrics" - ], "type": "object", "additionalProperties": false } diff --git a/master-standalone-strict/application-argoproj-v1alpha1.json b/master-standalone-strict/application-argoproj-v1alpha1.json index 121dba2..da86152 100644 --- a/master-standalone-strict/application-argoproj-v1alpha1.json +++ b/master-standalone-strict/application-argoproj-v1alpha1.json @@ -2,11 +2,11 @@ "description": "Application is a definition of Application resource.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -81,6 +81,11 @@ "sync": { "description": "Sync contains parameters for the operation", "properties": { + "autoHealAttemptsCount": { + "description": "SelfHealAttemptsCount contains the number of auto-heal attempts", + "format": "int64", + "type": "integer" + }, "dryRun": { "description": "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync", "type": "boolean" @@ -123,11 +128,18 @@ "type": "array" }, "revision": { - "description": "Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec.", + "description": "Revision is the revision (Git) or chart version (Helm) which to sync the application to\nIf omitted, will use the revision specified in app spec.", "type": "string" }, + "revisions": { + "description": "Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to\nIf omitted, will use the revision specified in app spec.", + "items": { + "type": "string" + }, + "type": "array" + }, "source": { - "description": "Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation", + "description": "Source overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation", "properties": { "chart": { "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", @@ -213,6 +225,13 @@ "helm": { "description": "Helm holds helm specific options", "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "description": "FileParameters are file parameters to the helm template", "items": { @@ -235,6 +254,14 @@ "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", "type": "boolean" }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, "parameters": { "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", "items": { @@ -269,6 +296,14 @@ "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", "type": "boolean" }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, "valueFiles": { "description": "ValuesFiles is a list of Helm value files to use when generating a template", "items": { @@ -277,9 +312,14 @@ "type": "array" }, "values": { - "description": "Values specifies Helm values to be passed to helm template, typically defined as a block", + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", "type": "string" }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "description": "Version is the Helm version to use for templating (\"3\")", "type": "string" @@ -290,6 +330,13 @@ "kustomize": { "description": "Kustomize holds kustomize specific options", "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" @@ -297,6 +344,10 @@ "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", "type": "object" }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" @@ -304,6 +355,13 @@ "description": "CommonLabels is a list of additional labels to add to rendered manifests", "type": "object" }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", "type": "boolean" @@ -312,6 +370,10 @@ "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", "type": "boolean" }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, "images": { "description": "Images is a list of Kustomize image override specifications", "items": { @@ -320,6 +382,18 @@ }, "type": "array" }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, "namePrefix": { "description": "NamePrefix is a prefix appended to resources for Kustomize apps", "type": "string" @@ -328,6 +402,86 @@ "description": "NameSuffix is a suffix appended to resources for Kustomize apps", "type": "string" }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, "version": { "description": "Version controls which version of Kustomize to use for rendering manifests", "type": "string" @@ -335,12 +489,16 @@ }, "type": "object" }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, "path": { "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", "type": "string" }, "plugin": { - "description": "ConfigManagementPlugin holds config management plugin specific options", + "description": "Plugin holds config management plugin specific options", "properties": { "env": { "description": "Env is a list of environment variable entries", @@ -366,16 +524,50 @@ }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, "repoURL": { "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", "type": "string" }, "targetRevision": { - "description": "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", "type": "string" } }, @@ -384,1321 +576,5043 @@ ], "type": "object" }, - "syncOptions": { - "description": "SyncOptions provide per-sync sync-options, e.g. Validate=false", + "sources": { + "description": "Sources overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation", "items": { - "type": "string" - }, - "type": "array" - }, - "syncStrategy": { - "description": "SyncStrategy describes how to perform the sync", - "properties": { - "apply": { - "description": "Apply will perform a `kubectl apply` to perform the sync.", - "properties": { - "force": { - "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times.", - "type": "boolean" - } + "description": "ApplicationSource contains all required information about the source of an application", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" }, - "type": "object" - }, - "hook": { - "description": "Hook will submit any referenced resources to perform the sync. This is the default strategy", - "properties": { - "force": { - "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times.", - "type": "boolean" - } + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "spec": { - "description": "ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.", - "properties": { - "destination": { - "description": "Destination is a reference to the target Kubernetes server and namespace", - "properties": { - "name": { - "description": "Name is an alternate way of specifying the target cluster by its symbolic name", - "type": "string" - }, - "namespace": { - "description": "Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace", - "type": "string" - }, - "server": { - "description": "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API", - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - }, - "ignoreDifferences": { - "description": "IgnoreDifferences is a list of resources and their fields which should be ignored during comparison", - "items": { - "description": "ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.", - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "description": "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the desired state defined in the SCM and won't be displayed in diffs", - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "description": "Info contains a list of information (URLs, email addresses, and plain text) that relates to the application", - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "description": "Project is a reference to the project this application belongs to. The empty string means that application belongs to the 'default' project.", - "type": "string" - }, - "revisionHistoryLimit": { - "description": "RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. This should only be changed in exceptional circumstances. Setting to zero will store no history. This will reduce storage used. Increasing will increase the space used to store the history, so we do not recommend increasing it. Default is 10.", - "format": "int64", - "type": "integer" - }, - "source": { - "description": "Source is a reference to the location of the application's manifests or chart", - "properties": { - "chart": { - "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", - "type": "string" - }, - "directory": { - "description": "Directory holds path/directory specific options", - "properties": { - "exclude": { - "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", - "type": "string" - }, - "include": { - "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", - "type": "string" - }, - "jsonnet": { - "description": "Jsonnet holds options specific to Jsonnet", - "properties": { - "extVars": { - "description": "ExtVars is a list of Jsonnet External Variables", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "libs": { - "description": "Additional library search dirs", - "items": { + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", "type": "string" }, - "type": "array" - }, - "tlas": { - "description": "TLAS is a list of Jsonnet Top-level Arguments", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" - } - }, - "type": "object", - "additionalProperties": false - }, - "recurse": { - "description": "Recurse specifies whether to scan a directory recursively for manifests", - "type": "boolean" - } - }, - "type": "object", - "additionalProperties": false - }, - "helm": { - "description": "Helm holds helm specific options", - "properties": { - "fileParameters": { - "description": "FileParameters are file parameters to the helm template", - "items": { - "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", - "properties": { - "name": { - "description": "Name is the name of the Helm parameter", - "type": "string" + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" }, - "path": { - "description": "Path is the path to the file containing the values for the Helm parameter", + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", - "type": "boolean" - }, - "parameters": { - "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", - "items": { - "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", - "properties": { - "forceString": { - "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", "type": "boolean" }, - "name": { - "description": "Name is the name of the Helm parameter", + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", "type": "string" }, - "value": { - "description": "Value is the value for the Helm parameter", + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", "type": "string" } }, "type": "object" }, - "type": "array" - }, - "passCredentials": { - "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", - "type": "boolean" - }, - "releaseName": { - "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", - "type": "string" - }, - "skipCrds": { - "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", - "type": "boolean" - }, - "valueFiles": { - "description": "ValuesFiles is a list of Helm value files to use when generating a template", - "items": { + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", "type": "string" }, - "type": "array" - }, - "values": { - "description": "Values specifies Helm values to be passed to helm template, typically defined as a block", - "type": "string" + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } }, - "version": { - "description": "Version is the Helm version to use for templating (\"3\")", - "type": "string" - } + "required": [ + "repoURL" + ], + "type": "object" }, - "type": "object", - "additionalProperties": false + "type": "array" }, - "kustomize": { - "description": "Kustomize holds kustomize specific options", + "syncOptions": { + "description": "SyncOptions provide per-sync sync-options, e.g. Validate=false", + "items": { + "type": "string" + }, + "type": "array" + }, + "syncStrategy": { + "description": "SyncStrategy describes how to perform the sync", "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" + "apply": { + "description": "Apply will perform a `kubectl apply` to perform the sync.", + "properties": { + "force": { + "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times.", + "type": "boolean" + } }, - "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", "type": "object" }, - "commonLabels": { - "additionalProperties": { - "type": "string" + "hook": { + "description": "Hook will submit any referenced resources to perform the sync. This is the default strategy", + "properties": { + "force": { + "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times.", + "type": "boolean" + } }, - "description": "CommonLabels is a list of additional labels to add to rendered manifests", "type": "object" - }, - "forceCommonAnnotations": { - "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", - "type": "boolean" - }, - "forceCommonLabels": { - "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", - "type": "boolean" - }, - "images": { - "description": "Images is a list of Kustomize image override specifications", - "items": { - "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", - "type": "string" - }, - "type": "array" - }, - "namePrefix": { - "description": "NamePrefix is a prefix appended to resources for Kustomize apps", - "type": "string" - }, - "nameSuffix": { - "description": "NameSuffix is a suffix appended to resources for Kustomize apps", - "type": "string" - }, - "version": { - "description": "Version controls which version of Kustomize to use for rendering manifests", - "type": "string" } }, - "type": "object", - "additionalProperties": false - }, - "path": { - "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "spec": { + "description": "ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.", + "properties": { + "destination": { + "description": "Destination is a reference to the target Kubernetes server and namespace", + "properties": { + "name": { + "description": "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", "type": "string" }, - "plugin": { - "description": "ConfigManagementPlugin holds config management plugin specific options", - "properties": { - "env": { - "description": "Env is a list of environment variable entries", - "items": { - "description": "EnvEntry represents an entry in the application's environment", - "properties": { - "name": { - "description": "Name is the name of the variable, usually expressed in uppercase", - "type": "string" - }, - "value": { - "description": "Value is the value of the variable", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - }, - "repoURL": { - "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "namespace": { + "description": "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace", "type": "string" }, - "targetRevision": { - "description": "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", + "server": { + "description": "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", "type": "string" } }, - "required": [ - "repoURL" - ], "type": "object", "additionalProperties": false }, - "syncPolicy": { - "description": "SyncPolicy controls when and how a sync will be performed", - "properties": { - "automated": { - "description": "Automated will keep an application synced to the target revision", - "properties": { - "allowEmpty": { - "description": "AllowEmpty allows apps have zero live resources (default: false)", - "type": "boolean" + "ignoreDifferences": { + "description": "IgnoreDifferences is a list of resources and their fields which should be ignored during comparison", + "items": { + "description": "ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.", + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" }, - "prune": { - "description": "Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)", - "type": "boolean" + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" }, - "selfHeal": { - "description": "SelfHeal specifes whether to revert resources back to their desired state upon modification in the cluster (default: false)", - "type": "boolean" - } + "type": "array" }, - "type": "object", - "additionalProperties": false - }, - "retry": { - "description": "Retry controls failed sync retry behavior", - "properties": { - "backoff": { - "description": "Backoff controls how to backoff on subsequent retries of failed syncs", - "properties": { - "duration": { - "description": "Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. \"2m\", \"1h\")", - "type": "string" - }, - "factor": { - "description": "Factor is a factor to multiply the base duration after each failed retry", - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "description": "MaxDuration is the maximum amount of time allowed for the backoff strategy", - "type": "string" - } - }, - "type": "object", - "additionalProperties": false + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "description": "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the\ndesired state defined in the SCM and won't be displayed in diffs", + "items": { + "type": "string" }, - "limit": { - "description": "Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.", - "format": "int64", - "type": "integer" - } + "type": "array" }, - "type": "object", - "additionalProperties": false - }, - "syncOptions": { - "description": "Options allow you to specify whole app sync-options", - "items": { + "name": { "type": "string" }, - "type": "array" - } + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" }, - "type": "object", - "additionalProperties": false - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object", - "additionalProperties": false - }, - "status": { - "description": "ApplicationStatus contains status information for the application", - "properties": { - "conditions": { - "description": "Conditions is a list of currently observed application conditions", + "type": "array" + }, + "info": { + "description": "Info contains a list of information (URLs, email addresses, and plain text) that relates to the application", "items": { - "description": "ApplicationCondition contains details about an application condition, which is usally an error or warning", "properties": { - "lastTransitionTime": { - "description": "LastTransitionTime is the time the condition was last observed", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "Message contains human-readable message indicating details about condition", + "name": { "type": "string" }, - "type": { - "description": "Type is an application condition type", + "value": { "type": "string" } }, "required": [ - "message", - "type" + "name", + "value" ], "type": "object" }, "type": "array" }, - "health": { - "description": "Health contains information about the application's current health status", + "project": { + "description": "Project is a reference to the project this application belongs to.\nThe empty string means that application belongs to the 'default' project.", + "type": "string" + }, + "revisionHistoryLimit": { + "description": "RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.\nThis should only be changed in exceptional circumstances.\nSetting to zero will store no history. This will reduce storage used.\nIncreasing will increase the space used to store the history, so we do not recommend increasing it.\nDefault is 10.", + "format": "int64", + "type": "integer" + }, + "source": { + "description": "Source is a reference to the location of the application's manifests or chart", "properties": { - "message": { - "description": "Message is a human-readable informational message describing the health status", + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", "type": "string" }, - "status": { - "description": "Status holds the status code of the application or resource", - "type": "string" - } - }, - "type": "object" - }, - "history": { - "description": "History contains information about the application's sync history", - "items": { - "description": "RevisionHistory contains history information about a previous sync", - "properties": { - "deployStartedAt": { - "description": "DeployStartedAt holds the time the sync operation started", - "format": "date-time", - "type": "string" - }, - "deployedAt": { - "description": "DeployedAt holds the time the sync operation completed", - "format": "date-time", - "type": "string" - }, - "id": { - "description": "ID is an auto incrementing identifier of the RevisionHistory", - "format": "int64", - "type": "integer" - }, - "revision": { - "description": "Revision holds the revision the sync was performed against", - "type": "string" - }, - "source": { - "description": "Source is a reference to the application source used for the sync operation", - "properties": { - "chart": { - "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { "type": "string" }, - "directory": { - "description": "Directory holds path/directory specific options", + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", "properties": { - "exclude": { - "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "name": { + "description": "Name is the name of the Helm parameter", "type": "string" }, - "include": { - "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", "type": "string" }, - "jsonnet": { - "description": "Jsonnet holds options specific to Jsonnet", + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { "properties": { - "extVars": { - "description": "ExtVars is a list of Jsonnet External Variables", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object", + "additionalProperties": false + }, + "sourceHydrator": { + "description": "SourceHydrator provides a way to push hydrated manifests back to git before syncing them to the cluster.", + "properties": { + "drySource": { + "description": "DrySource specifies where the dry \"don't repeat yourself\" manifest source lives.", + "properties": { + "path": { + "description": "Path is a directory path within the Git repository where the manifests are located", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the git repository that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to hydrate", + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object", + "additionalProperties": false + }, + "hydrateTo": { + "description": "HydrateTo specifies an optional \"staging\" location to push hydrated manifests to. An external system would then\nhave to move manifests to the SyncSource, e.g. by pull request.", + "properties": { + "targetBranch": { + "description": "TargetBranch is the branch to which hydrated manifests should be committed", + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object", + "additionalProperties": false + }, + "syncSource": { + "description": "SyncSource specifies where to sync hydrated manifests from.", + "properties": { + "path": { + "description": "Path is a directory path within the git repository where hydrated manifests should be committed to and synced\nfrom. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.", + "type": "string" + }, + "targetBranch": { + "description": "TargetBranch is the branch to which hydrated manifests should be committed", + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object", + "additionalProperties": false + }, + "sources": { + "description": "Sources is a reference to the location of the application's manifests or chart", + "items": { + "description": "ApplicationSource contains all required information about the source of an application", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "description": "SyncPolicy controls when and how a sync will be performed", + "properties": { + "automated": { + "description": "Automated will keep an application synced to the target revision", + "properties": { + "allowEmpty": { + "description": "AllowEmpty allows apps have zero live resources (default: false)", + "type": "boolean" + }, + "prune": { + "description": "Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)", + "type": "boolean" + }, + "selfHeal": { + "description": "SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "managedNamespaceMetadata": { + "description": "ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "retry": { + "description": "Retry controls failed sync retry behavior", + "properties": { + "backoff": { + "description": "Backoff controls how to backoff on subsequent retries of failed syncs", + "properties": { + "duration": { + "description": "Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. \"2m\", \"1h\")", + "type": "string" + }, + "factor": { + "description": "Factor is a factor to multiply the base duration after each failed retry", + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "description": "MaxDuration is the maximum amount of time allowed for the backoff strategy", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "limit": { + "description": "Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "syncOptions": { + "description": "Options allow you to specify whole app sync-options", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "destination", + "project" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ApplicationStatus contains status information for the application", + "properties": { + "conditions": { + "description": "Conditions is a list of currently observed application conditions", + "items": { + "description": "ApplicationCondition contains details about an application condition, which is usually an error or warning", + "properties": { + "lastTransitionTime": { + "description": "LastTransitionTime is the time the condition was last observed", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message contains human-readable message indicating details about condition", + "type": "string" + }, + "type": { + "description": "Type is an application condition type", + "type": "string" + } + }, + "required": [ + "message", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "controllerNamespace": { + "description": "ControllerNamespace indicates the namespace in which the application controller is located", + "type": "string" + }, + "health": { + "description": "Health contains information about the application's current health status", + "properties": { + "lastTransitionTime": { + "description": "LastTransitionTime is the time the HealthStatus was set or updated", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is a human-readable informational message describing the health status", + "type": "string" + }, + "status": { + "description": "Status holds the status code of the application or resource", + "type": "string" + } + }, + "type": "object" + }, + "history": { + "description": "History contains information about the application's sync history", + "items": { + "description": "RevisionHistory contains history information about a previous sync", + "properties": { + "deployStartedAt": { + "description": "DeployStartedAt holds the time the sync operation started", + "format": "date-time", + "type": "string" + }, + "deployedAt": { + "description": "DeployedAt holds the time the sync operation completed", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "ID is an auto incrementing identifier of the RevisionHistory", + "format": "int64", + "type": "integer" + }, + "initiatedBy": { + "description": "InitiatedBy contains information about who initiated the operations", + "properties": { + "automated": { + "description": "Automated is set to true if operation was initiated automatically by the application controller.", + "type": "boolean" + }, + "username": { + "description": "Username contains the name of a user who started operation", + "type": "string" + } + }, + "type": "object" + }, + "revision": { + "description": "Revision holds the revision the sync was performed against", + "type": "string" + }, + "revisions": { + "description": "Revisions holds the revision of each source in sources field the sync was performed against", + "items": { + "type": "string" + }, + "type": "array" + }, + "source": { + "description": "Source is a reference to the application source used for the sync operation", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sources": { + "description": "Sources is a reference to the application sources used for the sync operation", + "items": { + "description": "ApplicationSource contains all required information about the source of an application", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "deployedAt", + "id" + ], + "type": "object" + }, + "type": "array" + }, + "observedAt": { + "description": "ObservedAt indicates when the application state was updated without querying latest git state\nDeprecated: controller no longer updates ObservedAt field", + "format": "date-time", + "type": "string" + }, + "operationState": { + "description": "OperationState contains information about any ongoing operations, such as a sync", + "properties": { + "finishedAt": { + "description": "FinishedAt contains time of operation completion", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message holds any pertinent messages when attempting to perform operation (typically errors).", + "type": "string" + }, + "operation": { + "description": "Operation is the original requested operation", + "properties": { + "info": { + "description": "Info is a list of informational items for this operation", + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "initiatedBy": { + "description": "InitiatedBy contains information about who initiated the operations", + "properties": { + "automated": { + "description": "Automated is set to true if operation was initiated automatically by the application controller.", + "type": "boolean" + }, + "username": { + "description": "Username contains the name of a user who started operation", + "type": "string" + } + }, + "type": "object" + }, + "retry": { + "description": "Retry controls the strategy to apply if a sync fails", + "properties": { + "backoff": { + "description": "Backoff controls how to backoff on subsequent retries of failed syncs", + "properties": { + "duration": { + "description": "Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. \"2m\", \"1h\")", + "type": "string" + }, + "factor": { + "description": "Factor is a factor to multiply the base duration after each failed retry", + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "description": "MaxDuration is the maximum amount of time allowed for the backoff strategy", + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "description": "Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "sync": { + "description": "Sync contains parameters for the operation", + "properties": { + "autoHealAttemptsCount": { + "description": "SelfHealAttemptsCount contains the number of auto-heal attempts", + "format": "int64", + "type": "integer" + }, + "dryRun": { + "description": "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync", + "type": "boolean" + }, + "manifests": { + "description": "Manifests is an optional field that overrides sync source with a local directory for development", + "items": { + "type": "string" + }, + "type": "array" + }, + "prune": { + "description": "Prune specifies to delete resources from the cluster that are no longer tracked in git", + "type": "boolean" + }, + "resources": { + "description": "Resources describes which resources shall be part of the sync", + "items": { + "description": "SyncOperationResource contains resources to sync.", + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "revision": { + "description": "Revision is the revision (Git) or chart version (Helm) which to sync the application to\nIf omitted, will use the revision specified in app spec.", + "type": "string" + }, + "revisions": { + "description": "Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to\nIf omitted, will use the revision specified in app spec.", + "items": { + "type": "string" + }, + "type": "array" + }, + "source": { + "description": "Source overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sources": { + "description": "Sources overrides the source definition set in the application.\nThis is typically set in a Rollback operation and is nil during a Sync operation", + "items": { + "description": "ApplicationSource contains all required information about the source of an application", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" }, - "name": { - "type": "string" + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" }, - "value": { + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { "type": "string" - } + }, + "type": "array" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "description": "Additional library search dirs", - "items": { - "type": "string" + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } }, - "type": "array" + "type": "object" }, - "tlas": { - "description": "TLAS is a list of Jsonnet Top-level Arguments", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" }, - "name": { + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { "type": "string" }, - "value": { + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { "type": "string" - } + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } }, - "type": "array" + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" } }, + "required": [ + "repoURL" + ], "type": "object" }, - "recurse": { - "description": "Recurse specifies whether to scan a directory recursively for manifests", - "type": "boolean" + "type": "array" + }, + "syncOptions": { + "description": "SyncOptions provide per-sync sync-options, e.g. Validate=false", + "items": { + "type": "string" + }, + "type": "array" + }, + "syncStrategy": { + "description": "SyncStrategy describes how to perform the sync", + "properties": { + "apply": { + "description": "Apply will perform a `kubectl apply` to perform the sync.", + "properties": { + "force": { + "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times.", + "type": "boolean" + } + }, + "type": "object" + }, + "hook": { + "description": "Hook will submit any referenced resources to perform the sync. This is the default strategy", + "properties": { + "force": { + "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`.\nThe --force flag deletes and re-create the resource, when PATCH encounters conflict and has\nretried for 5 times.", + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "phase": { + "description": "Phase is the current phase of the operation", + "type": "string" + }, + "retryCount": { + "description": "RetryCount contains time of operation retries", + "format": "int64", + "type": "integer" + }, + "startedAt": { + "description": "StartedAt contains time of operation start", + "format": "date-time", + "type": "string" + }, + "syncResult": { + "description": "SyncResult is the result of a Sync operation", + "properties": { + "managedNamespaceMetadata": { + "description": "ManagedNamespaceMetadata contains the current sync state of managed namespace metadata", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "resources": { + "description": "Resources contains a list of sync result items for each individual resource in a sync operation", + "items": { + "description": "ResourceResult holds the operation result details of a specific resource", + "properties": { + "group": { + "description": "Group specifies the API group of the resource", + "type": "string" + }, + "hookPhase": { + "description": "HookPhase contains the state of any operation associated with this resource OR hook\nThis can also contain values for non-hook resources.", + "type": "string" + }, + "hookType": { + "description": "HookType specifies the type of the hook. Empty for non-hook resources", + "type": "string" + }, + "kind": { + "description": "Kind specifies the API kind of the resource", + "type": "string" + }, + "message": { + "description": "Message contains an informational or error message for the last sync OR operation", + "type": "string" + }, + "name": { + "description": "Name specifies the name of the resource", + "type": "string" + }, + "namespace": { + "description": "Namespace specifies the target namespace of the resource", + "type": "string" + }, + "status": { + "description": "Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks", + "type": "string" + }, + "syncPhase": { + "description": "SyncPhase indicates the particular phase of the sync that this result was acquired in", + "type": "string" + }, + "version": { + "description": "Version specifies the API version of the resource", + "type": "string" } }, + "required": [ + "group", + "kind", + "name", + "namespace", + "version" + ], "type": "object" }, - "helm": { - "description": "Helm holds helm specific options", - "properties": { - "fileParameters": { - "description": "FileParameters are file parameters to the helm template", - "items": { - "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "type": "array" + }, + "revision": { + "description": "Revision holds the revision this sync operation was performed to", + "type": "string" + }, + "revisions": { + "description": "Revisions holds the revision this sync operation was performed for respective indexed source in sources field", + "items": { + "type": "string" + }, + "type": "array" + }, + "source": { + "description": "Source records the application source information of the sync, used for comparing auto-sync", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", "properties": { - "name": { - "description": "Name is the name of the Helm parameter", - "type": "string" + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" }, - "path": { - "description": "Path is the path to the file containing the values for the Helm parameter", - "type": "string" + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" } }, "type": "object" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", - "type": "boolean" + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } }, - "parameters": { - "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", - "items": { - "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", - "properties": { - "forceString": { - "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", - "type": "boolean" + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } }, - "name": { - "description": "Name is the name of the Helm parameter", - "type": "string" + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } }, - "value": { - "description": "Value is the value for the Helm parameter", - "type": "string" - } + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "passCredentials": { - "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", - "type": "boolean" - }, - "releaseName": { - "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", - "type": "string" - }, - "skipCrds": { - "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", - "type": "boolean" - }, - "valueFiles": { - "description": "ValuesFiles is a list of Helm value files to use when generating a template", - "items": { + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", "type": "string" }, - "type": "array" - }, - "values": { - "description": "Values specifies Helm values to be passed to helm template, typically defined as a block", - "type": "string" - }, - "version": { - "description": "Version is the Helm version to use for templating (\"3\")", - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "description": "Kustomize holds kustomize specific options", - "properties": { - "commonAnnotations": { - "additionalProperties": { + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", "type": "string" }, - "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", "type": "string" }, - "description": "CommonLabels is a list of additional labels to add to rendered manifests", - "type": "object" - }, - "forceCommonAnnotations": { - "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", - "type": "boolean" - }, - "forceCommonLabels": { - "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", - "type": "boolean" - }, - "images": { - "description": "Images is a list of Kustomize image override specifications", - "items": { - "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", "type": "string" }, - "type": "array" - }, - "namePrefix": { - "description": "NamePrefix is a prefix appended to resources for Kustomize apps", - "type": "string" - }, - "nameSuffix": { - "description": "NameSuffix is a suffix appended to resources for Kustomize apps", - "type": "string" - }, - "version": { - "description": "Version controls which version of Kustomize to use for rendering manifests", - "type": "string" - } - }, - "type": "object" - }, - "path": { - "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", - "type": "string" - }, - "plugin": { - "description": "ConfigManagementPlugin holds config management plugin specific options", - "properties": { - "env": { - "description": "Env is a list of environment variable entries", - "items": { - "description": "EnvEntry represents an entry in the application's environment", - "properties": { - "name": { - "description": "Name is the name of the variable, usually expressed in uppercase", - "type": "string" + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } }, - "value": { - "description": "Value is the value of the variable", - "type": "string" - } + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "repoURL": { - "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", - "type": "string" - }, - "targetRevision": { - "description": "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", - "type": "string" - } - }, - "required": [ - "repoURL" - ], - "type": "object" - } - }, - "required": [ - "deployedAt", - "id", - "revision" - ], - "type": "object" - }, - "type": "array" - }, - "observedAt": { - "description": "ObservedAt indicates when the application state was updated without querying latest git state Deprecated: controller no longer updates ObservedAt field", - "format": "date-time", - "type": "string" - }, - "operationState": { - "description": "OperationState contains information about any ongoing operations, such as a sync", - "properties": { - "finishedAt": { - "description": "FinishedAt contains time of operation completion", - "format": "date-time", - "type": "string" - }, - "message": { - "description": "Message holds any pertinent messages when attempting to perform operation (typically errors).", - "type": "string" - }, - "operation": { - "description": "Operation is the original requested operation", - "properties": { - "info": { - "description": "Info is a list of informational items for this operation", - "items": { - "properties": { - "name": { - "type": "string" + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "initiatedBy": { - "description": "InitiatedBy contains information about who initiated the operations", - "properties": { - "automated": { - "description": "Automated is set to true if operation was initiated automatically by the application controller.", - "type": "boolean" + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" }, - "username": { - "description": "Username contains the name of a user who started operation", + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", "type": "string" - } - }, - "type": "object" - }, - "retry": { - "description": "Retry controls the strategy to apply if a sync fails", - "properties": { - "backoff": { - "description": "Backoff controls how to backoff on subsequent retries of failed syncs", + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", "properties": { - "duration": { - "description": "Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. \"2m\", \"1h\")", - "type": "string" - }, - "factor": { - "description": "Factor is a factor to multiply the base duration after each failed retry", - "format": "int64", - "type": "integer" + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" }, - "maxDuration": { - "description": "MaxDuration is the maximum amount of time allowed for the backoff strategy", + "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, - "limit": { - "description": "Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.", - "format": "int64", - "type": "integer" + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" } }, + "required": [ + "repoURL" + ], "type": "object" }, - "sync": { - "description": "Sync contains parameters for the operation", - "properties": { - "dryRun": { - "description": "DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync", - "type": "boolean" - }, - "manifests": { - "description": "Manifests is an optional field that overrides sync source with a local directory for development", - "items": { + "sources": { + "description": "Source records the application source information of the sync, used for comparing auto-sync", + "items": { + "description": "ApplicationSource contains all required information about the source of an application", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", "type": "string" }, - "type": "array" - }, - "prune": { - "description": "Prune specifies to delete resources from the cluster that are no longer tracked in git", - "type": "boolean" - }, - "resources": { - "description": "Resources describes which resources shall be part of the sync", - "items": { - "description": "SyncOperationResource contains resources to sync.", + "directory": { + "description": "Directory holds path/directory specific options", "properties": { - "group": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", "type": "string" }, - "kind": { + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", "type": "string" }, - "name": { + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", "type": "string" }, "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", "type": "string" } }, - "required": [ - "kind", - "name" - ], "type": "object" }, - "type": "array" - }, - "revision": { - "description": "Revision is the revision (Git) or chart version (Helm) which to sync the application to If omitted, will use the revision specified in app spec.", - "type": "string" - }, - "source": { - "description": "Source overrides the source definition set in the application. This is typically set in a Rollback operation and is nil during a Sync operation", - "properties": { - "chart": { - "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", - "type": "string" - }, - "directory": { - "description": "Directory holds path/directory specific options", - "properties": { - "exclude": { - "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { "type": "string" }, - "include": { - "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { "type": "string" }, - "jsonnet": { - "description": "Jsonnet holds options specific to Jsonnet", + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", + "type": "object" + }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", + "type": "string" + }, + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", + "type": "string" + }, + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", + "type": "string" + }, + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { "properties": { - "extVars": { - "description": "ExtVars is a list of Jsonnet External Variables", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "options": { + "additionalProperties": { + "type": "boolean" }, - "type": "array" + "type": "object" }, - "libs": { - "description": "Additional library search dirs", - "items": { - "type": "string" - }, - "type": "array" + "patch": { + "type": "string" }, - "tlas": { - "description": "TLAS is a list of Jsonnet Top-level Arguments", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } }, - "type": "array" + "type": "object" } }, "type": "object" }, - "recurse": { - "description": "Recurse specifies whether to scan a directory recursively for manifests", - "type": "boolean" - } + "type": "array" }, - "type": "object" - }, - "helm": { - "description": "Helm holds helm specific options", - "properties": { - "fileParameters": { - "description": "FileParameters are file parameters to the helm template", - "items": { - "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", - "properties": { - "name": { - "description": "Name is the name of the Helm parameter", - "type": "string" - }, - "path": { - "description": "Path is the path to the file containing the values for the Helm parameter", - "type": "string" - } + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true }, - "type": "object" + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } }, - "type": "array" + "required": [ + "count", + "name" + ], + "type": "object" }, - "ignoreMissingValueFiles": { - "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", - "type": "boolean" + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } + }, + "type": "object" + }, + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, - "parameters": { - "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", - "items": { - "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", - "properties": { - "forceString": { - "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", - "type": "boolean" - }, - "name": { - "description": "Name is the name of the Helm parameter", + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { "type": "string" }, - "value": { - "description": "Value is the value for the Helm parameter", + "type": "array" + }, + "map": { + "additionalProperties": { "type": "string" - } + }, + "description": "Map is the value of a map type parameter.", + "type": "object" }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", - "type": "boolean" - }, - "releaseName": { - "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", - "type": "string" - }, - "skipCrds": { - "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", - "type": "boolean" - }, - "valueFiles": { - "description": "ValuesFiles is a list of Helm value files to use when generating a template", - "items": { - "type": "string" + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } }, - "type": "array" - }, - "values": { - "description": "Values specifies Helm values to be passed to helm template, typically defined as a block", - "type": "string" + "type": "object" }, - "version": { - "description": "Version is the Helm version to use for templating (\"3\")", - "type": "string" - } - }, - "type": "object" + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "revision" + ], + "type": "object" + } + }, + "required": [ + "operation", + "phase", + "startedAt" + ], + "type": "object" + }, + "reconciledAt": { + "description": "ReconciledAt indicates when the application state was reconciled using the latest git version", + "format": "date-time", + "type": "string" + }, + "resourceHealthSource": { + "description": "ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree", + "type": "string" + }, + "resources": { + "description": "Resources is a list of Kubernetes resources managed by this application", + "items": { + "description": "ResourceStatus holds the current synchronization and health status of a Kubernetes resource.", + "properties": { + "group": { + "description": "Group represents the API group of the resource (e.g., \"apps\" for Deployments).", + "type": "string" + }, + "health": { + "description": "Health indicates the health status of the resource (e.g., Healthy, Degraded, Progressing).", + "properties": { + "lastTransitionTime": { + "description": "LastTransitionTime is the time the HealthStatus was set or updated", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is a human-readable informational message describing the health status", + "type": "string" + }, + "status": { + "description": "Status holds the status code of the application or resource", + "type": "string" + } + }, + "type": "object" + }, + "hook": { + "description": "Hook is true if the resource is used as a lifecycle hook in an Argo CD application.", + "type": "boolean" + }, + "kind": { + "description": "Kind specifies the type of the resource (e.g., \"Deployment\", \"Service\").", + "type": "string" + }, + "name": { + "description": "Name is the unique name of the resource within the namespace.", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the Kubernetes namespace where the resource is located.", + "type": "string" + }, + "requiresDeletionConfirmation": { + "description": "RequiresDeletionConfirmation is true if the resource requires explicit user confirmation before deletion.", + "type": "boolean" + }, + "requiresPruning": { + "description": "RequiresPruning is true if the resource needs to be pruned (deleted) as part of synchronization.", + "type": "boolean" + }, + "status": { + "description": "Status represents the synchronization state of the resource (e.g., Synced, OutOfSync).", + "type": "string" + }, + "syncWave": { + "description": "SyncWave determines the order in which resources are applied during a sync operation.\nLower values are applied first.", + "format": "int64", + "type": "integer" + }, + "version": { + "description": "Version indicates the API version of the resource (e.g., \"v1\", \"v1beta1\").", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "sourceHydrator": { + "description": "SourceHydrator stores information about the current state of source hydration", + "properties": { + "currentOperation": { + "description": "CurrentOperation holds the status of the hydrate operation", + "properties": { + "drySHA": { + "description": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation", + "type": "string" + }, + "finishedAt": { + "description": "FinishedAt indicates when the hydrate operation finished", + "format": "date-time", + "type": "string" + }, + "hydratedSHA": { + "description": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation", + "type": "string" + }, + "message": { + "description": "Message contains a message describing the current status of the hydrate operation", + "type": "string" + }, + "phase": { + "description": "Phase indicates the status of the hydrate operation", + "enum": [ + "Hydrating", + "Failed", + "Hydrated" + ], + "type": "string" + }, + "sourceHydrator": { + "description": "SourceHydrator holds the hydrator config used for the hydrate operation", + "properties": { + "drySource": { + "description": "DrySource specifies where the dry \"don't repeat yourself\" manifest source lives.", + "properties": { + "path": { + "description": "Path is a directory path within the Git repository where the manifests are located", + "type": "string" }, - "kustomize": { - "description": "Kustomize holds kustomize specific options", - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "description": "CommonLabels is a list of additional labels to add to rendered manifests", - "type": "object" - }, - "forceCommonAnnotations": { - "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", - "type": "boolean" - }, - "forceCommonLabels": { - "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", - "type": "boolean" - }, - "images": { - "description": "Images is a list of Kustomize image override specifications", - "items": { - "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", - "type": "string" - }, - "type": "array" - }, - "namePrefix": { - "description": "NamePrefix is a prefix appended to resources for Kustomize apps", - "type": "string" - }, - "nameSuffix": { - "description": "NameSuffix is a suffix appended to resources for Kustomize apps", - "type": "string" - }, - "version": { - "description": "Version controls which version of Kustomize to use for rendering manifests", - "type": "string" - } - }, - "type": "object" + "repoURL": { + "description": "RepoURL is the URL to the git repository that contains the application manifests", + "type": "string" }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to hydrate", + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "description": "HydrateTo specifies an optional \"staging\" location to push hydrated manifests to. An external system would then\nhave to move manifests to the SyncSource, e.g. by pull request.", + "properties": { + "targetBranch": { + "description": "TargetBranch is the branch to which hydrated manifests should be committed", + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "description": "SyncSource specifies where to sync hydrated manifests from.", + "properties": { "path": { - "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "description": "Path is a directory path within the git repository where hydrated manifests should be committed to and synced\nfrom. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.", "type": "string" }, - "plugin": { - "description": "ConfigManagementPlugin holds config management plugin specific options", - "properties": { - "env": { - "description": "Env is a list of environment variable entries", - "items": { - "description": "EnvEntry represents an entry in the application's environment", - "properties": { - "name": { - "description": "Name is the name of the variable, usually expressed in uppercase", - "type": "string" - }, - "value": { - "description": "Value is the value of the variable", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" + "targetBranch": { + "description": "TargetBranch is the branch to which hydrated manifests should be committed", + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "startedAt": { + "description": "StartedAt indicates when the hydrate operation started", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "message", + "phase" + ], + "type": "object" + }, + "lastSuccessfulOperation": { + "description": "LastSuccessfulOperation holds info about the most recent successful hydration", + "properties": { + "drySHA": { + "description": "DrySHA holds the resolved revision (sha) of the dry source as of the most recent reconciliation", + "type": "string" + }, + "hydratedSHA": { + "description": "HydratedSHA holds the resolved revision (sha) of the hydrated source as of the most recent reconciliation", + "type": "string" + }, + "sourceHydrator": { + "description": "SourceHydrator holds the hydrator config used for the hydrate operation", + "properties": { + "drySource": { + "description": "DrySource specifies where the dry \"don't repeat yourself\" manifest source lives.", + "properties": { + "path": { + "description": "Path is a directory path within the Git repository where the manifests are located", + "type": "string" }, "repoURL": { - "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "description": "RepoURL is the URL to the git repository that contains the application manifests", "type": "string" }, "targetRevision": { - "description": "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", + "description": "TargetRevision defines the revision of the source to hydrate", "type": "string" } }, "required": [ - "repoURL" + "path", + "repoURL", + "targetRevision" ], "type": "object" }, - "syncOptions": { - "description": "SyncOptions provide per-sync sync-options, e.g. Validate=false", - "items": { - "type": "string" + "hydrateTo": { + "description": "HydrateTo specifies an optional \"staging\" location to push hydrated manifests to. An external system would then\nhave to move manifests to the SyncSource, e.g. by pull request.", + "properties": { + "targetBranch": { + "description": "TargetBranch is the branch to which hydrated manifests should be committed", + "type": "string" + } }, - "type": "array" + "required": [ + "targetBranch" + ], + "type": "object" }, - "syncStrategy": { - "description": "SyncStrategy describes how to perform the sync", + "syncSource": { + "description": "SyncSource specifies where to sync hydrated manifests from.", "properties": { - "apply": { - "description": "Apply will perform a `kubectl apply` to perform the sync.", - "properties": { - "force": { - "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times.", - "type": "boolean" - } - }, - "type": "object" + "path": { + "description": "Path is a directory path within the git repository where hydrated manifests should be committed to and synced\nfrom. If hydrateTo is set, this is just the path from which hydrated manifests will be synced.", + "type": "string" }, - "hook": { - "description": "Hook will submit any referenced resources to perform the sync. This is the default strategy", - "properties": { - "force": { - "description": "Force indicates whether or not to supply the --force flag to `kubectl apply`. The --force flag deletes and re-create the resource, when PATCH encounters conflict and has retried for 5 times.", - "type": "boolean" - } - }, - "type": "object" + "targetBranch": { + "description": "TargetBranch is the branch to which hydrated manifests should be committed", + "type": "string" } }, + "required": [ + "path", + "targetBranch" + ], "type": "object" } }, + "required": [ + "drySource", + "syncSource" + ], "type": "object" } }, "type": "object" + } + }, + "type": "object" + }, + "sourceType": { + "description": "SourceType specifies the type of this application", + "type": "string" + }, + "sourceTypes": { + "description": "SourceTypes specifies the type of the sources included in the application", + "items": { + "description": "ApplicationSourceType specifies the type of the application's source", + "type": "string" + }, + "type": "array" + }, + "summary": { + "description": "Summary contains a list of URLs and container images used by this application", + "properties": { + "externalURLs": { + "description": "ExternalURLs holds all external URLs of application child resources.", + "items": { + "type": "string" + }, + "type": "array" }, - "phase": { - "description": "Phase is the current phase of the operation", - "type": "string" - }, - "retryCount": { - "description": "RetryCount contains time of operation retries", - "format": "int64", - "type": "integer" - }, - "startedAt": { - "description": "StartedAt contains time of operation start", - "format": "date-time", - "type": "string" - }, - "syncResult": { - "description": "SyncResult is the result of a Sync operation", + "images": { + "description": "Images holds all images of application child resources.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "sync": { + "description": "Sync contains information about the application's current sync status", + "properties": { + "comparedTo": { + "description": "ComparedTo contains information about what has been compared", "properties": { - "resources": { - "description": "Resources contains a list of sync result items for each individual resource in a sync operation", + "destination": { + "description": "Destination is a reference to the application's destination used for comparison", + "properties": { + "name": { + "description": "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", + "type": "string" + }, + "namespace": { + "description": "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace", + "type": "string" + }, + "server": { + "description": "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "description": "IgnoreDifferences is a reference to the application's ignored differences used for comparison", "items": { - "description": "ResourceResult holds the operation result details of a specific resource", + "description": "ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.", "properties": { - "group": { - "description": "Group specifies the API group of the resource", - "type": "string" - }, - "hookPhase": { - "description": "HookPhase contains the state of any operation associated with this resource OR hook This can also contain values for non-hook resources.", - "type": "string" - }, - "hookType": { - "description": "HookType specifies the type of the hook. Empty for non-hook resources", + "group": { "type": "string" }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, "kind": { - "description": "Kind specifies the API kind of the resource", "type": "string" }, - "message": { - "description": "Message contains an informational or error message for the last sync OR operation", - "type": "string" + "managedFieldsManagers": { + "description": "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the\ndesired state defined in the SCM and won't be displayed in diffs", + "items": { + "type": "string" + }, + "type": "array" }, "name": { - "description": "Name specifies the name of the resource", "type": "string" }, "namespace": { - "description": "Namespace specifies the target namespace of the resource", - "type": "string" - }, - "status": { - "description": "Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks", - "type": "string" - }, - "syncPhase": { - "description": "SyncPhase indicates the particular phase of the sync that this result was acquired in", - "type": "string" - }, - "version": { - "description": "Version specifies the API version of the resource", "type": "string" } }, "required": [ - "group", - "kind", - "name", - "namespace", - "version" + "kind" ], "type": "object" }, "type": "array" }, - "revision": { - "description": "Revision holds the revision this sync operation was performed to", - "type": "string" - }, "source": { - "description": "Source records the application source information of the sync, used for comparing auto-sync", + "description": "Source is a reference to the application's source used for comparison", "properties": { "chart": { "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", @@ -1784,6 +5698,13 @@ "helm": { "description": "Helm holds helm specific options", "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "description": "FileParameters are file parameters to the helm template", "items": { @@ -1806,6 +5727,14 @@ "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", "type": "boolean" }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, "parameters": { "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", "items": { @@ -1840,6 +5769,14 @@ "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", "type": "boolean" }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, "valueFiles": { "description": "ValuesFiles is a list of Helm value files to use when generating a template", "items": { @@ -1848,9 +5785,14 @@ "type": "array" }, "values": { - "description": "Values specifies Helm values to be passed to helm template, typically defined as a block", + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", "type": "string" }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "description": "Version is the Helm version to use for templating (\"3\")", "type": "string" @@ -1861,6 +5803,13 @@ "kustomize": { "description": "Kustomize holds kustomize specific options", "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" @@ -1868,6 +5817,10 @@ "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", "type": "object" }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" @@ -1875,6 +5828,13 @@ "description": "CommonLabels is a list of additional labels to add to rendered manifests", "type": "object" }, + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", "type": "boolean" @@ -1883,6 +5843,10 @@ "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", "type": "boolean" }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, "images": { "description": "Images is a list of Kustomize image override specifications", "items": { @@ -1891,6 +5855,18 @@ }, "type": "array" }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, "namePrefix": { "description": "NamePrefix is a prefix appended to resources for Kustomize apps", "type": "string" @@ -1899,440 +5875,625 @@ "description": "NameSuffix is a suffix appended to resources for Kustomize apps", "type": "string" }, - "version": { - "description": "Version controls which version of Kustomize to use for rendering manifests", - "type": "string" - } - }, - "type": "object" - }, - "path": { - "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", - "type": "string" - }, - "plugin": { - "description": "ConfigManagementPlugin holds config management plugin specific options", - "properties": { - "env": { - "description": "Env is a list of environment variable entries", - "items": { - "description": "EnvEntry represents an entry in the application's environment", - "properties": { - "name": { - "description": "Name is the name of the variable, usually expressed in uppercase", - "type": "string" - }, - "value": { - "description": "Value is the value of the variable", - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "repoURL": { - "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", - "type": "string" - }, - "targetRevision": { - "description": "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", - "type": "string" - } - }, - "required": [ - "repoURL" - ], - "type": "object" - } - }, - "required": [ - "revision" - ], - "type": "object" - } - }, - "required": [ - "operation", - "phase", - "startedAt" - ], - "type": "object" - }, - "reconciledAt": { - "description": "ReconciledAt indicates when the application state was reconciled using the latest git version", - "format": "date-time", - "type": "string" - }, - "resources": { - "description": "Resources is a list of Kubernetes resources managed by this application", - "items": { - "description": "ResourceStatus holds the current sync and health status of a resource TODO: describe members of this type", - "properties": { - "group": { - "type": "string" - }, - "health": { - "description": "HealthStatus contains information about the currently observed health state of an application or resource", - "properties": { - "message": { - "description": "Message is a human-readable informational message describing the health status", - "type": "string" - }, - "status": { - "description": "Status holds the status code of the application or resource", - "type": "string" - } - }, - "type": "object" - }, - "hook": { - "type": "boolean" - }, - "kind": { - "type": "string" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "requiresPruning": { - "type": "boolean" - }, - "status": { - "description": "SyncStatusCode is a type which represents possible comparison results", - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "sourceType": { - "description": "SourceType specifies the type of this application", - "type": "string" - }, - "summary": { - "description": "Summary contains a list of URLs and container images used by this application", - "properties": { - "externalURLs": { - "description": "ExternalURLs holds all external URLs of application child resources.", - "items": { - "type": "string" - }, - "type": "array" - }, - "images": { - "description": "Images holds all images of application child resources.", - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - }, - "sync": { - "description": "Sync contains information about the application's current sync status", - "properties": { - "comparedTo": { - "description": "ComparedTo contains information about what has been compared", - "properties": { - "destination": { - "description": "Destination is a reference to the application's destination used for comparison", - "properties": { - "name": { - "description": "Name is an alternate way of specifying the target cluster by its symbolic name", - "type": "string" - }, - "namespace": { - "description": "Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace", - "type": "string" - }, - "server": { - "description": "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API", - "type": "string" - } - }, - "type": "object" - }, - "source": { - "description": "Source is a reference to the application's source used for comparison", - "properties": { - "chart": { - "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", - "type": "string" - }, - "directory": { - "description": "Directory holds path/directory specific options", - "properties": { - "exclude": { - "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", - "type": "string" - }, - "include": { - "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", "type": "string" }, - "jsonnet": { - "description": "Jsonnet holds options specific to Jsonnet", - "properties": { - "extVars": { - "description": "ExtVars is a list of Jsonnet External Variables", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" }, - "required": [ - "name", - "value" - ], "type": "object" }, - "type": "array" - }, - "libs": { - "description": "Additional library search dirs", - "items": { + "patch": { "type": "string" }, - "type": "array" - }, - "tlas": { - "description": "TLAS is a list of Jsonnet Top-level Arguments", - "items": { - "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "path": { + "type": "string" + }, + "target": { "properties": { - "code": { - "type": "boolean" + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" }, "name": { "type": "string" }, - "value": { + "namespace": { + "type": "string" + }, + "version": { "type": "string" } }, - "required": [ - "name", - "value" - ], "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true }, - "type": "array" - } + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "recurse": { - "description": "Recurse specifies whether to scan a directory recursively for manifests", - "type": "boolean" + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" } }, "type": "object" }, - "helm": { - "description": "Helm holds helm specific options", + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", "properties": { - "fileParameters": { - "description": "FileParameters are file parameters to the helm template", + "env": { + "description": "Env is a list of environment variable entries", "items": { - "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "description": "EnvEntry represents an entry in the application's environment", "properties": { "name": { - "description": "Name is the name of the Helm parameter", + "description": "Name is the name of the variable, usually expressed in uppercase", "type": "string" }, - "path": { - "description": "Path is the path to the file containing the values for the Helm parameter", + "value": { + "description": "Value is the value of the variable", + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sources": { + "description": "Sources is a reference to the application's multiple sources used for comparison", + "items": { + "description": "ApplicationSource contains all required information about the source of an application", + "properties": { + "chart": { + "description": "Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.", + "type": "string" + }, + "directory": { + "description": "Directory holds path/directory specific options", + "properties": { + "exclude": { + "description": "Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation", + "type": "string" + }, + "include": { + "description": "Include contains a glob pattern to match paths against that should be explicitly included during manifest generation", + "type": "string" + }, + "jsonnet": { + "description": "Jsonnet holds options specific to Jsonnet", + "properties": { + "extVars": { + "description": "ExtVars is a list of Jsonnet External Variables", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "description": "Additional library search dirs", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "description": "TLAS is a list of Jsonnet Top-level Arguments", + "items": { + "description": "JsonnetVar represents a variable to be passed to jsonnet during manifest generation", + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" } }, "type": "object" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", - "type": "boolean" - }, - "parameters": { - "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", - "items": { - "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", - "properties": { - "forceString": { - "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", - "type": "boolean" - }, - "name": { - "description": "Name is the name of the Helm parameter", - "type": "string" - }, - "value": { - "description": "Value is the value for the Helm parameter", - "type": "string" - } + "recurse": { + "description": "Recurse specifies whether to scan a directory recursively for manifests", + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "description": "Helm holds helm specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "description": "FileParameters are file parameters to the helm template", + "items": { + "description": "HelmFileParameter is a file parameter that's passed to helm template during manifest generation", + "properties": { + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "path": { + "description": "Path is the path to the file containing the values for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "description": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values", + "type": "boolean" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", + "type": "string" + }, + "namespace": { + "description": "Namespace is an optional namespace to template with. If left empty, defaults to the app's destination namespace.", + "type": "string" + }, + "parameters": { + "description": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation", + "items": { + "description": "HelmParameter is a parameter that's passed to helm template during manifest generation", + "properties": { + "forceString": { + "description": "ForceString determines whether to tell Helm to interpret booleans and numbers as strings", + "type": "boolean" + }, + "name": { + "description": "Name is the name of the Helm parameter", + "type": "string" + }, + "value": { + "description": "Value is the value for the Helm parameter", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", + "type": "boolean" + }, + "releaseName": { + "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", + "type": "string" + }, + "skipCrds": { + "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", + "type": "boolean" + }, + "skipSchemaValidation": { + "description": "SkipSchemaValidation skips JSON schema validation (Helm's --skip-schema-validation)", + "type": "boolean" + }, + "skipTests": { + "description": "SkipTests skips test manifest installation step (Helm's --skip-tests).", + "type": "boolean" + }, + "valueFiles": { + "description": "ValuesFiles is a list of Helm value files to use when generating a template", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.", + "type": "string" + }, + "valuesObject": { + "description": "ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.", + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "description": "Version is the Helm version to use for templating (\"3\")", + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "description": "Kustomize holds kustomize specific options", + "properties": { + "apiVersions": { + "description": "APIVersions specifies the Kubernetes resource API versions to pass to Helm when templating manifests. By default,\nArgo CD uses the API versions of the target cluster. The format is [group/]version/kind.", + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "description": "CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values", + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" }, + "description": "CommonLabels is a list of additional labels to add to rendered manifests", "type": "object" }, - "type": "array" - }, - "passCredentials": { - "description": "PassCredentials pass credentials to all domains (Helm's --pass-credentials)", - "type": "boolean" - }, - "releaseName": { - "description": "ReleaseName is the Helm release name to use. If omitted it will use the application name", - "type": "string" - }, - "skipCrds": { - "description": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)", - "type": "boolean" - }, - "valueFiles": { - "description": "ValuesFiles is a list of Helm value files to use when generating a template", - "items": { + "components": { + "description": "Components specifies a list of kustomize components to add to the kustomization before building", + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", + "type": "boolean" + }, + "forceCommonLabels": { + "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", + "type": "boolean" + }, + "ignoreMissingComponents": { + "description": "IgnoreMissingComponents prevents kustomize from failing when components do not exist locally by not appending them to kustomization file", + "type": "boolean" + }, + "images": { + "description": "Images is a list of Kustomize image override specifications", + "items": { + "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "description": "KubeVersion specifies the Kubernetes API version to pass to Helm when templating manifests. By default, Argo CD\nuses the Kubernetes version of the target cluster.", "type": "string" }, - "type": "array" - }, - "values": { - "description": "Values specifies Helm values to be passed to helm template, typically defined as a block", - "type": "string" - }, - "version": { - "description": "Version is the Helm version to use for templating (\"3\")", - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "description": "Kustomize holds kustomize specific options", - "properties": { - "commonAnnotations": { - "additionalProperties": { + "labelIncludeTemplates": { + "description": "LabelIncludeTemplates specifies whether to apply common labels to resource templates or not", + "type": "boolean" + }, + "labelWithoutSelector": { + "description": "LabelWithoutSelector specifies whether to apply common labels to resource selectors or not", + "type": "boolean" + }, + "namePrefix": { + "description": "NamePrefix is a prefix appended to resources for Kustomize apps", "type": "string" }, - "description": "CommonAnnotations is a list of additional annotations to add to rendered manifests", - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "nameSuffix": { + "description": "NameSuffix is a suffix appended to resources for Kustomize apps", "type": "string" }, - "description": "CommonLabels is a list of additional labels to add to rendered manifests", - "type": "object" - }, - "forceCommonAnnotations": { - "description": "ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps", - "type": "boolean" - }, - "forceCommonLabels": { - "description": "ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps", - "type": "boolean" - }, - "images": { - "description": "Images is a list of Kustomize image override specifications", - "items": { - "description": "KustomizeImage represents a Kustomize image definition in the format [old_image_name=]:", + "namespace": { + "description": "Namespace sets the namespace that Kustomize adds to all resources", "type": "string" }, - "type": "array" - }, - "namePrefix": { - "description": "NamePrefix is a prefix appended to resources for Kustomize apps", - "type": "string" - }, - "nameSuffix": { - "description": "NameSuffix is a suffix appended to resources for Kustomize apps", - "type": "string" + "patches": { + "description": "Patches is a list of Kustomize patches", + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "description": "Replicas is a list of Kustomize Replicas override specifications", + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Number of replicas", + "x-kubernetes-int-or-string": true + }, + "name": { + "description": "Name of Deployment or StatefulSet", + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "description": "Version controls which version of Kustomize to use for rendering manifests", + "type": "string" + } }, - "version": { - "description": "Version controls which version of Kustomize to use for rendering manifests", - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "path": { - "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", - "type": "string" - }, - "plugin": { - "description": "ConfigManagementPlugin holds config management plugin specific options", - "properties": { - "env": { - "description": "Env is a list of environment variable entries", - "items": { - "description": "EnvEntry represents an entry in the application's environment", - "properties": { - "name": { - "description": "Name is the name of the variable, usually expressed in uppercase", - "type": "string" + "name": { + "description": "Name is used to refer to a source and is displayed in the UI. It is used in multi-source Applications.", + "type": "string" + }, + "path": { + "description": "Path is a directory path within the Git repository, and is only valid for applications sourced from Git.", + "type": "string" + }, + "plugin": { + "description": "Plugin holds config management plugin specific options", + "properties": { + "env": { + "description": "Env is a list of environment variable entries", + "items": { + "description": "EnvEntry represents an entry in the application's environment", + "properties": { + "name": { + "description": "Name is the name of the variable, usually expressed in uppercase", + "type": "string" + }, + "value": { + "description": "Value is the value of the variable", + "type": "string" + } }, - "value": { - "description": "Value is the value of the variable", - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "description": "Array is the value of an array type parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "description": "Map is the value of a map type parameter.", + "type": "object" + }, + "name": { + "description": "Name is the name identifying a parameter.", + "type": "string" + }, + "string": { + "description": "String_ is the value of a string type parameter.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } }, - "name": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "repoURL": { - "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", - "type": "string" + "ref": { + "description": "Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.", + "type": "string" + }, + "repoURL": { + "description": "RepoURL is the URL to the repository (Git or Helm) that contains the application manifests", + "type": "string" + }, + "targetRevision": { + "description": "TargetRevision defines the revision of the source to sync the application to.\nIn case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.\nIn case of Helm, this is a semver tag for the Chart's version.", + "type": "string" + } }, - "targetRevision": { - "description": "TargetRevision defines the revision of the source to sync the application to. In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version.", - "type": "string" - } + "required": [ + "repoURL" + ], + "type": "object" }, - "required": [ - "repoURL" - ], - "type": "object" + "type": "array" } }, "required": [ - "destination", - "source" + "destination" ], "type": "object" }, @@ -2340,6 +6501,13 @@ "description": "Revision contains information about the revision the comparison has been performed to", "type": "string" }, + "revisions": { + "description": "Revisions contains information about the revisions of multiple sources the comparison has been performed to", + "items": { + "type": "string" + }, + "type": "array" + }, "status": { "description": "Status is the sync state of the comparison", "type": "string" diff --git a/master-standalone-strict/applicationset-argoproj-v1alpha1.json b/master-standalone-strict/applicationset-argoproj-v1alpha1.json index e980884..39c3dd6 100644 --- a/master-standalone-strict/applicationset-argoproj-v1alpha1.json +++ b/master-standalone-strict/applicationset-argoproj-v1alpha1.json @@ -11,6 +11,9 @@ }, "spec": { "properties": { + "applyNestedSelectors": { + "type": "boolean" + }, "generators": { "items": { "properties": { @@ -34,7 +37,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -43,7 +47,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -52,7 +57,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "name": { "type": "string" @@ -248,6 +254,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -265,6 +277,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -291,6 +309,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -300,6 +324,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -308,42 +336,147 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, "version": { "type": "string" } }, "type": "object" }, + "name": { + "type": "string" + }, "path": { "type": "string" }, @@ -369,10 +502,39 @@ }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -385,442 +547,429 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" + "targetBranch": { + "type": "string" } }, + "required": [ + "targetBranch" + ], "type": "object" }, - "syncOptions": { - "items": { - "type": "string" + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } }, - "type": "array" + "required": [ + "path", + "targetBranch" + ], + "type": "object" } }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - }, - "values": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "required": [ - "configMapRef" - ], - "type": "object" - }, - "clusters": { - "properties": { - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, + "required": [ + "drySource", + "syncSource" + ], "type": "object" }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } - }, - "type": "object" - }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { + "sources": { "items": { "properties": { - "name": { + "chart": { "type": "string" }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" + "libs": { + "items": { + "type": "string" + }, + "type": "array" }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } - }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" + "type": "array" } }, "type": "object" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" + "recurse": { + "type": "boolean" + } }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" + "ignoreMissingValueFiles": { + "type": "boolean" }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { + "kubeVersion": { "type": "string" }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "namespace": { "type": "string" }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { "type": "string" }, - "type": "array" - }, - "namePrefix": { - "type": "string" + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } }, - "nameSuffix": { - "type": "string" + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } }, - "version": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } }, - "name": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "repoURL": { - "type": "string" + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } }, - "targetRevision": { - "type": "string" - } + "required": [ + "repoURL" + ], + "type": "object" }, - "required": [ - "repoURL" - ], - "type": "object" + "type": "array" }, "syncPolicy": { "properties": { @@ -838,6 +987,23 @@ }, "type": "object" }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, "retry": { "properties": { "backoff": { @@ -874,8 +1040,7 @@ }, "required": [ "destination", - "project", - "source" + "project" ], "type": "object" } @@ -893,50 +1058,53 @@ "type": "object" } }, + "required": [ + "configMapRef" + ], "type": "object" }, - "git": { + "clusters": { "properties": { - "directories": { - "items": { - "properties": { - "exclude": { - "type": "boolean" - }, - "path": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" + "flatList": { + "type": "boolean" }, - "files": { - "items": { - "properties": { - "path": { - "type": "string" - } + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "required": [ - "path" - ], - "type": "object" + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } }, - "type": "array" - }, - "repoURL": { - "type": "string" - }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" - }, - "revision": { - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "template": { "properties": { @@ -1125,6 +1293,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -1142,6 +1316,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -1168,6 +1348,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -1177,6 +1363,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -1185,42 +1375,147 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, "version": { "type": "string" } }, "type": "object" }, + "name": { + "type": "string" + }, "path": { "type": "string" }, @@ -1246,10 +1541,39 @@ }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -1262,408 +1586,429 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" + "targetBranch": { + "type": "string" } }, + "required": [ + "targetBranch" + ], "type": "object" }, - "syncOptions": { - "items": { - "type": "string" + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } }, - "type": "array" + "required": [ + "path", + "targetBranch" + ], + "type": "object" } }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "required": [ - "repoURL", - "revision" - ], - "type": "object" - }, - "list": { - "properties": { - "elements": { - "items": { - "x-kubernetes-preserve-unknown-fields": true - }, - "type": "array" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, + "required": [ + "drySource", + "syncSource" + ], "type": "object" }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } - }, - "type": "object" - }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { + "sources": { "items": { "properties": { - "name": { + "chart": { "type": "string" }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" + "libs": { + "items": { + "type": "string" + }, + "type": "array" }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } - }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" + "type": "array" } }, "type": "object" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" + "recurse": { + "type": "boolean" + } }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { "type": "string" }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { + "namespace": { "type": "string" }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { "type": "string" }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { "type": "string" }, - "type": "array" - }, - "namePrefix": { - "type": "string" + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } }, - "nameSuffix": { - "type": "string" + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } }, - "version": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } }, - "name": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "repoURL": { - "type": "string" + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } }, - "targetRevision": { - "type": "string" - } + "required": [ + "repoURL" + ], + "type": "object" }, - "required": [ - "repoURL" - ], - "type": "object" + "type": "array" }, "syncPolicy": { "properties": { @@ -1681,6 +2026,23 @@ }, "type": "object" }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, "retry": { "properties": { "backoff": { @@ -1717,8 +2079,7 @@ }, "required": [ "destination", - "project", - "source" + "project" ], "type": "object" } @@ -1728,340 +2089,424 @@ "spec" ], "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" } }, - "required": [ - "elements" - ], "type": "object" }, - "matrix": { + "git": { "properties": { - "generators": { + "directories": { "items": { "properties": { - "clusterDecisionResource": { - "properties": { - "configMapRef": { + "exclude": { + "type": "boolean" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "files": { + "items": { + "properties": { + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "pathParamPrefix": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "revision": { + "type": "string" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { "type": "string" }, - "labelSelector": { + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { "properties": { - "matchExpressions": { + "group": { + "type": "string" + }, + "jqPathExpressions": { "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "type": "string" }, "type": "array" }, - "matchLabels": { - "additionalProperties": { + "jsonPointers": { + "items": { "type": "string" }, - "type": "object" + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" } }, + "required": [ + "kind" + ], "type": "object" }, - "name": { - "type": "string" - }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" - }, - "template": { + "type": "array" + }, + "info": { + "items": { "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" + "name": { + "type": "string" }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" }, - "namespace": { + "type": "array" + }, + "libs": { + "items": { "type": "string" }, - "server": { - "type": "string" - } + "type": "array" }, - "type": "object" - }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" }, - "type": "array" - }, - "jsonPointers": { - "items": { + "name": { "type": "string" }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { + "value": { "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" + } }, - "namespace": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "kind" - ], - "type": "object" + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } }, - "type": "array" + "type": "object" }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" }, - "required": [ - "name", - "value" - ], - "type": "object" + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "type": "array" + "type": "object" }, - "project": { + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { "type": "string" }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" }, - "source": { + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { "properties": { - "chart": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { "type": "string" }, - "directory": { + "path": { + "type": "string" + }, + "target": { "properties": { - "exclude": { + "annotationSelector": { "type": "string" }, - "include": { + "group": { "type": "string" }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } - }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { + "kind": { "type": "string" }, - "version": { + "labelSelector": { "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { - "type": "string" - }, - "type": "array" }, - "namePrefix": { + "name": { "type": "string" }, - "nameSuffix": { + "namespace": { "type": "string" }, "version": { @@ -2069,876 +2514,1007 @@ } }, "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" }, - "name": { + { "type": "string" } - }, - "type": "object" + ], + "x-kubernetes-int-or-string": true }, - "repoURL": { + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { "type": "string" }, - "targetRevision": { + "value": { "type": "string" } }, "required": [ - "repoURL" + "name", + "value" ], "type": "object" }, - "syncPolicy": { + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } + "array": { + "items": { + "type": "string" }, - "type": "object" + "type": "array" }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } + "map": { + "additionalProperties": { + "type": "string" }, "type": "object" }, - "syncOptions": { - "items": { - "type": "string" - }, - "type": "array" + "name": { + "type": "string" + }, + "string": { + "type": "string" } }, "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } + }, + "type": "array" + } + }, + "type": "object" }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - }, - "values": { - "additionalProperties": { + "ref": { "type": "string" }, - "type": "object" - } + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" }, - "required": [ - "configMapRef" - ], - "type": "object" - }, - "clusters": { - "properties": { - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { + "repoURL": { "type": "string" }, - "type": "object" - } + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" }, - "type": "object" + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } }, - "template": { + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { "properties": { - "metadata": { + "chart": { + "type": "string" + }, + "directory": { "properties": { - "annotations": { - "additionalProperties": { - "type": "string" + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } }, "type": "object" }, - "finalizers": { + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { "items": { "type": "string" }, "type": "array" }, - "labels": { - "additionalProperties": { - "type": "string" + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" }, - "type": "object" + "type": "array" }, - "name": { + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { "type": "string" }, "namespace": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" } }, "type": "object" }, - "spec": { + "kustomize": { "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" }, "type": "object" }, - "ignoreDifferences": { + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { "items": { "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" + "options": { + "additionalProperties": { + "type": "boolean" }, - "type": "array" + "type": "object" }, - "kind": { + "patch": { "type": "string" }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { + "path": { "type": "string" }, - "namespace": { - "type": "string" + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" } }, - "required": [ - "kind" - ], "type": "object" }, "type": "array" }, - "info": { + "replicas": { "items": { "properties": { - "name": { - "type": "string" + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true }, - "value": { + "name": { "type": "string" } }, "required": [ - "name", - "value" + "count", + "name" ], "type": "object" }, "type": "array" }, - "project": { + "version": { "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" }, - "type": "object" + "value": { + "type": "string" + } }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { "type": "string" }, - "version": { - "type": "string" - } + "type": "array" }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { - "type": "string" - }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { + "map": { + "additionalProperties": { "type": "string" }, - "version": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } + "name": { + "type": "string" }, - "type": "object" - }, - "repoURL": { - "type": "string" + "string": { + "type": "string" + } }, - "targetRevision": { - "type": "string" - } + "type": "object" }, - "required": [ - "repoURL" - ], - "type": "object" - }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } - }, - "type": "object" - }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "syncOptions": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" + "type": "array" } }, - "required": [ - "destination", - "project", - "source" - ], "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" } }, "required": [ - "metadata", - "spec" + "repoURL" ], "type": "object" }, - "values": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } + "type": "array" }, - "type": "object" - }, - "git": { - "properties": { - "directories": { - "items": { + "syncPolicy": { + "properties": { + "automated": { "properties": { - "exclude": { + "allowEmpty": { "type": "boolean" }, - "path": { - "type": "string" + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" } }, - "required": [ - "path" - ], "type": "object" }, - "type": "array" - }, - "files": { - "items": { + "managedNamespaceMetadata": { "properties": { - "path": { - "type": "string" + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" } }, - "required": [ - "path" - ], "type": "object" }, - "type": "array" + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } }, - "repoURL": { + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "repoURL", + "revision" + ], + "type": "object" + }, + "list": { + "properties": { + "elements": { + "items": { + "x-kubernetes-preserve-unknown-fields": true + }, + "type": "array" + }, + "elementsYaml": { + "type": "string" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { "type": "string" }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" }, - "revision": { + "type": "array" + }, + "labels": { + "additionalProperties": { "type": "string" }, - "template": { + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" }, - "type": "object" + "type": "array" }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } - }, - "type": "object" - }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" }, - "type": "array" - }, - "jsonPointers": { - "items": { + "name": { "type": "string" }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { + "value": { "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { + "libs": { + "items": { "type": "string" }, - "directory": { + "type": "array" + }, + "tlas": { + "items": { "properties": { - "exclude": { - "type": "string" + "code": { + "type": "boolean" }, - "include": { + "name": { "type": "string" }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" + "value": { + "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" }, "type": "object" }, - "kustomize": { + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "annotationSelector": { + "type": "string" }, - "forceCommonAnnotations": { - "type": "boolean" + "group": { + "type": "string" }, - "forceCommonLabels": { - "type": "boolean" + "kind": { + "type": "string" }, - "images": { - "items": { - "type": "string" - }, - "type": "array" + "labelSelector": { + "type": "string" }, - "namePrefix": { + "name": { "type": "string" }, - "nameSuffix": { + "namespace": { "type": "string" }, "version": { @@ -2946,218 +3522,281 @@ } }, "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" }, - "name": { + { "type": "string" } - }, - "type": "object" - }, - "repoURL": { - "type": "string" + ], + "x-kubernetes-int-or-string": true }, - "targetRevision": { + "name": { "type": "string" } }, "required": [ - "repoURL" + "count", + "name" ], "type": "object" }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } - }, - "type": "object" - }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } - }, - "type": "object" + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" }, - "syncOptions": { + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { "items": { "type": "string" }, "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" } }, "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } + }, + "type": "array" + } + }, + "type": "object" }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" }, - "required": [ - "repoURL", - "revision" - ], - "type": "object" - }, - "list": { - "properties": { - "elements": { - "items": { - "x-kubernetes-preserve-unknown-fields": true + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" }, - "type": "array" + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } }, - "template": { + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { "properties": { - "metadata": { + "chart": { + "type": "string" + }, + "directory": { "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "exclude": { + "type": "string" }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" + "include": { + "type": "string" }, - "labels": { - "additionalProperties": { - "type": "string" + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } }, "type": "object" }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" + "recurse": { + "type": "boolean" } }, "type": "object" }, - "spec": { + "helm": { "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } + "apiVersions": { + "items": { + "type": "string" }, - "type": "object" + "type": "array" }, - "ignoreDifferences": { + "fileParameters": { "items": { "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" - }, "name": { "type": "string" }, - "namespace": { + "path": { "type": "string" } }, - "required": [ - "kind" - ], "type": "object" }, "type": "array" }, - "info": { + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { "items": { "properties": { + "forceString": { + "type": "boolean" + }, "name": { "type": "string" }, @@ -3165,442 +3804,392 @@ "type": "string" } }, - "required": [ - "name", - "value" - ], "type": "object" }, "type": "array" }, - "project": { + "passCredentials": { + "type": "boolean" + }, + "releaseName": { "type": "string" }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" + "skipCrds": { + "type": "boolean" }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { "type": "boolean" - } + }, + "type": "object" }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } - }, - "type": "object" + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" + "group": { + "type": "string" }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { + "kind": { "type": "string" }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { + "labelSelector": { "type": "string" }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "name": { "type": "string" }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { + "namespace": { "type": "string" }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" + "version": { + "type": "string" + } }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" + "type": "object" + } }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" }, - "type": "array" - }, - "name": { - "type": "string" - } + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true }, - "type": "object" - }, - "repoURL": { - "type": "string" + "name": { + "type": "string" + } }, - "targetRevision": { - "type": "string" - } + "required": [ + "count", + "name" + ], + "type": "object" }, - "required": [ - "repoURL" - ], - "type": "object" + "type": "array" }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } - }, - "type": "object" - }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "syncOptions": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" + "version": { + "type": "string" } }, - "required": [ - "destination", - "project", - "source" - ], "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "required": [ - "elements" - ], - "type": "object" - }, - "matrix": { - "x-kubernetes-preserve-unknown-fields": true - }, - "merge": { - "x-kubernetes-preserve-unknown-fields": true - }, - "pullRequest": { - "properties": { - "bitbucketServer": { - "properties": { - "api": { + }, + "name": { "type": "string" }, - "basicAuth": { + "path": { + "type": "string" + }, + "plugin": { "properties": { - "passwordRef": { - "properties": { - "key": { - "type": "string" + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "secretName": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "key", - "secretName" - ], - "type": "object" + "type": "array" }, - "username": { + "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, - "required": [ - "passwordRef", - "username" - ], "type": "object" }, - "project": { + "ref": { "type": "string" }, - "repo": { + "repoURL": { + "type": "string" + }, + "targetRevision": { "type": "string" } }, "required": [ - "api", - "project", - "repo" + "repoURL" ], "type": "object" }, - "filters": { - "items": { + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { "properties": { - "branchMatch": { - "type": "string" + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" } }, "type": "object" }, - "type": "array" - }, - "gitea": { - "properties": { - "api": { - "type": "string" - }, - "insecure": { - "type": "boolean" - }, - "owner": { - "type": "string" - }, - "repo": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { "type": "string" }, - "secretName": { + "type": "object" + }, + "labels": { + "additionalProperties": { "type": "string" - } + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" }, - "required": [ - "key", - "secretName" - ], - "type": "object" - } + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" }, - "required": [ - "api", - "owner", - "repo" - ], - "type": "object" - }, - "github": { - "properties": { - "api": { + "syncOptions": { + "items": { "type": "string" }, - "labels": { - "items": { - "type": "string" - }, - "type": "array" - }, - "owner": { - "type": "string" - }, - "repo": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "matrix": { + "properties": { + "generators": { + "items": { + "properties": { + "clusterDecisionResource": { + "properties": { + "configMapRef": { + "type": "string" + }, + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "secretName": { - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" }, - "required": [ - "key", - "secretName" - ], "type": "object" } }, - "required": [ - "owner", - "repo" - ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" }, "requeueAfterSeconds": { "format": "int64", @@ -3793,6 +4382,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -3810,6 +4405,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -3836,6 +4437,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -3845,6 +4452,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -3853,42 +4464,147 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, "version": { "type": "string" } }, "type": "object" }, + "name": { + "type": "string" + }, "path": { "type": "string" }, @@ -3914,10 +4630,39 @@ }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -3930,292 +4675,564 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" + "targetBranch": { + "type": "string" } }, + "required": [ + "targetBranch" + ], "type": "object" }, - "syncOptions": { - "items": { - "type": "string" + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } }, - "type": "array" + "required": [ + "path", + "targetBranch" + ], + "type": "object" } }, + "required": [ + "drySource", + "syncSource" + ], "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "scmProvider": { - "properties": { - "bitbucket": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "appPasswordRef": { - "properties": { - "key": { - "type": "string" }, - "secretName": { - "type": "string" + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" } }, "required": [ - "key", - "secretName" + "destination", + "project" ], "type": "object" - }, - "owner": { - "type": "string" - }, - "user": { - "type": "string" } }, "required": [ - "appPasswordRef", - "owner", - "user" + "metadata", + "spec" ], "type": "object" }, - "bitbucketServer": { + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "configMapRef" + ], + "type": "object" + }, + "clusters": { + "properties": { + "flatList": { + "type": "boolean" + }, + "selector": { "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "basicAuth": { - "properties": { - "passwordRef": { - "properties": { - "key": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { "type": "string" }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" + } }, - "username": { - "type": "string" - } + "required": [ + "key", + "operator" + ], + "type": "object" }, - "required": [ - "passwordRef", - "username" - ], - "type": "object" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "project": { - "type": "string" - } - }, - "required": [ - "api", - "project" - ], - "type": "object" - }, - "cloneProtocol": { - "type": "string" - }, - "filters": { - "items": { - "properties": { - "branchMatch": { - "type": "string" - }, - "labelMatch": { - "type": "string" - }, - "pathsDoNotExist": { - "items": { - "type": "string" - }, - "type": "array" - }, - "pathsExist": { - "items": { - "type": "string" - }, - "type": "array" - }, - "repositoryMatch": { + "matchLabels": { + "additionalProperties": { "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "gitea": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "insecure": { - "type": "boolean" - }, - "owner": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - } - }, - "required": [ - "api", - "owner" - ], - "type": "object" - }, - "github": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "organization": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - } - }, - "required": [ - "organization" - ], - "type": "object" - }, - "gitlab": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "group": { - "type": "string" - }, - "includeSubgroups": { - "type": "boolean" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } }, - "required": [ - "key", - "secretName" - ], "type": "object" } }, - "required": [ - "group" - ], - "type": "object" - }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "template": { "properties": { @@ -4404,6 +5421,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -4421,6 +5444,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -4447,6 +5476,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -4456,6 +5491,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -4464,71 +5503,205 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, - "version": { + "namespace": { "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { + }, + "patches": { "items": { "properties": { - "name": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { "type": "string" }, - "value": { + "path": { "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" } }, - "required": [ - "name", - "value" - ], "type": "object" }, "type": "array" }, - "name": { - "type": "string" + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -4541,61 +5714,501 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { "type": "string" }, - "factor": { - "format": "int64", - "type": "integer" + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" }, - "maxDuration": { + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { "type": "string" - } + }, + "type": "array" }, - "type": "object" + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } }, - "limit": { - "format": "int64", - "type": "integer" - } + "type": "object" }, - "type": "object" - }, - "syncOptions": { - "items": { + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { "type": "string" }, - "type": "array" - } + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], "type": "object" } }, @@ -4604,577 +6217,178 @@ "spec" ], "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { + "values": { + "additionalProperties": { "type": "string" }, - "server": { - "type": "string" - } - }, - "type": "object" + "type": "object" + } }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" + "type": "object" + }, + "git": { + "properties": { + "directories": { + "items": { + "properties": { + "exclude": { + "type": "boolean" }, - "type": "array" - }, - "jsonPointers": { - "items": { + "path": { "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" + } }, - "managedFieldsManagers": { - "items": { + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "files": { + "items": { + "properties": { + "path": { "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" + } }, - "namespace": { - "type": "string" - } + "required": [ + "path" + ], + "type": "object" }, - "required": [ - "kind" - ], - "type": "object" + "type": "array" }, - "type": "array" - }, - "info": { - "items": { + "pathParamPrefix": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "revision": { + "type": "string" + }, + "template": { "properties": { - "name": { - "type": "string" + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" }, - "type": "array" - }, - "libs": { - "items": { + "namespace": { "type": "string" }, - "type": "array" + "server": { + "type": "string" + } }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" }, - "name": { + "type": "array" + }, + "jsonPointers": { + "items": { "type": "string" }, - "value": { + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { "type": "string" - } + }, + "type": "array" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } - }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } }, - "path": { - "type": "string" - } + "required": [ + "kind" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" + "type": "array" }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "project": { "type": "string" }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { - "type": "string" + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { + "source": { "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "repoURL": { - "type": "string" - }, - "targetRevision": { - "type": "string" - } - }, - "required": [ - "repoURL" - ], - "type": "object" - }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } - }, - "type": "object" - }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "syncOptions": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "required": [ - "generators" - ], - "type": "object" - }, - "merge": { - "properties": { - "generators": { - "items": { - "properties": { - "clusterDecisionResource": { - "properties": { - "configMapRef": { - "type": "string" - }, - "labelSelector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } - }, - "type": "object" - }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { + "chart": { "type": "string" }, "directory": { @@ -5246,6 +6460,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -5263,6 +6483,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -5289,6 +6515,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -5298,6 +6530,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -5306,42 +6542,147 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, - "forceCommonAnnotations": { - "type": "boolean" + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, "version": { "type": "string" } }, "type": "object" }, + "name": { + "type": "string" + }, "path": { "type": "string" }, @@ -5367,10 +6708,39 @@ }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -5383,475 +6753,479 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" + "targetBranch": { + "type": "string" } }, + "required": [ + "targetBranch" + ], "type": "object" }, - "syncOptions": { - "items": { - "type": "string" + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - }, - "values": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "required": [ - "configMapRef" - ], - "type": "object" - }, - "clusters": { - "properties": { - "selector": { - "properties": { - "matchExpressions": { - "items": { - "properties": { - "key": { - "type": "string" - }, - "operator": { - "type": "string" - }, - "values": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "required": [ - "key", - "operator" - ], - "type": "object" - }, - "type": "array" - }, - "matchLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - } - }, - "type": "object" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" + "required": [ + "path", + "targetBranch" + ], + "type": "object" } }, + "required": [ + "drySource", + "syncSource" + ], "type": "object" }, - "ignoreDifferences": { + "sources": { "items": { "properties": { - "group": { + "chart": { "type": "string" }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } }, - "type": "array" + "type": "object" }, - "kind": { - "type": "string" + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" }, - "managedFieldsManagers": { - "items": { - "type": "string" + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } }, - "type": "array" + "type": "object" }, "name": { "type": "string" }, - "namespace": { + "path": { "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { "type": "string" }, - "value": { + "repoURL": { + "type": "string" + }, + "targetRevision": { "type": "string" } }, "required": [ - "name", - "value" + "repoURL" ], "type": "object" }, "type": "array" }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { + "syncPolicy": { "properties": { - "chart": { - "type": "string" - }, - "directory": { + "automated": { "properties": { - "exclude": { - "type": "string" + "allowEmpty": { + "type": "boolean" }, - "include": { - "type": "string" + "prune": { + "type": "boolean" }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" }, "type": "object" }, - "recurse": { - "type": "boolean" + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" } }, "type": "object" }, - "helm": { + "retry": { "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } + "backoff": { + "properties": { + "duration": { + "type": "string" }, - "type": "object" + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { - "type": "string" - }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "repoURL": { - "type": "string" - }, - "targetRevision": { - "type": "string" - } - }, - "required": [ - "repoURL" - ], - "type": "object" - }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } - }, - "type": "object" - }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" + "type": "object" }, "limit": { "format": "int64", @@ -5872,8 +7246,7 @@ }, "required": [ "destination", - "project", - "source" + "project" ], "type": "object" } @@ -5891,49 +7264,21 @@ "type": "object" } }, + "required": [ + "repoURL", + "revision" + ], "type": "object" }, - "git": { + "list": { "properties": { - "directories": { - "items": { - "properties": { - "exclude": { - "type": "boolean" - }, - "path": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" - }, - "type": "array" - }, - "files": { + "elements": { "items": { - "properties": { - "path": { - "type": "string" - } - }, - "required": [ - "path" - ], - "type": "object" + "x-kubernetes-preserve-unknown-fields": true }, "type": "array" }, - "repoURL": { - "type": "string" - }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" - }, - "revision": { + "elementsYaml": { "type": "string" }, "template": { @@ -6123,6 +7468,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -6140,6 +7491,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -6166,6 +7523,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -6175,6 +7538,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -6183,71 +7550,205 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, - "version": { + "namespace": { "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { + }, + "patches": { "items": { "properties": { - "name": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { "type": "string" }, - "value": { + "path": { "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -6260,421 +7761,459 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" + "targetBranch": { + "type": "string" } }, + "required": [ + "targetBranch" + ], "type": "object" }, - "syncOptions": { - "items": { - "type": "string" + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "required": [ - "repoURL", - "revision" - ], - "type": "object" - }, - "list": { - "properties": { - "elements": { - "items": { - "x-kubernetes-preserve-unknown-fields": true - }, - "type": "array" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" + "required": [ + "path", + "targetBranch" + ], + "type": "object" } }, + "required": [ + "drySource", + "syncSource" + ], "type": "object" }, - "ignoreDifferences": { + "sources": { "items": { "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { + "chart": { "type": "string" }, - "managedFieldsManagers": { - "items": { - "type": "string" + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } }, - "type": "array" + "type": "object" }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" }, - "required": [ - "name", - "value" - ], - "type": "object" + "path": { + "type": "string" + } }, - "type": "array" + "type": "object" }, - "libs": { - "items": { - "type": "string" + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "type": "array" + "type": "object" }, - "tlas": { - "items": { - "properties": { - "code": { + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { "type": "boolean" }, - "name": { - "type": "string" + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true }, - "required": [ - "name", - "value" - ], - "type": "object" + "name": { + "type": "string" + } }, - "type": "array" - } + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" }, - "type": "object" + "version": { + "type": "string" + } }, - "recurse": { - "type": "boolean" - } + "type": "object" }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "path": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "type": "object" - }, - "type": "array" + "type": "array" + } }, - "passCredentials": { + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { "type": "boolean" }, - "releaseName": { - "type": "string" - }, - "skipCrds": { + "prune": { "type": "boolean" }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" + "selfHeal": { + "type": "boolean" } }, "type": "object" }, - "kustomize": { + "managedNamespaceMetadata": { "properties": { - "commonAnnotations": { + "annotations": { "additionalProperties": { "type": "string" }, "type": "object" }, - "commonLabels": { + "labels": { "additionalProperties": { "type": "string" }, "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { - "type": "string" - }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "repoURL": { - "type": "string" - }, - "targetRevision": { - "type": "string" - } - }, - "required": [ - "repoURL" - ], - "type": "object" - }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" } }, "type": "object" @@ -6715,8 +8254,7 @@ }, "required": [ "destination", - "project", - "source" + "project" ], "type": "object" } @@ -6728,9 +8266,6 @@ "type": "object" } }, - "required": [ - "elements" - ], "type": "object" }, "matrix": { @@ -6739,139 +8274,28 @@ "merge": { "x-kubernetes-preserve-unknown-fields": true }, - "pullRequest": { + "plugin": { "properties": { - "bitbucketServer": { - "properties": { - "api": { - "type": "string" - }, - "basicAuth": { - "properties": { - "passwordRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - }, - "username": { - "type": "string" - } - }, - "required": [ - "passwordRef", - "username" - ], - "type": "object" - }, - "project": { - "type": "string" - }, - "repo": { - "type": "string" - } - }, - "required": [ - "api", - "project", - "repo" - ], - "type": "object" - }, - "filters": { - "items": { - "properties": { - "branchMatch": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "gitea": { + "configMapRef": { "properties": { - "api": { - "type": "string" - }, - "insecure": { - "type": "boolean" - }, - "owner": { - "type": "string" - }, - "repo": { + "name": { "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" } }, "required": [ - "api", - "owner", - "repo" + "name" ], "type": "object" }, - "github": { + "input": { "properties": { - "api": { - "type": "string" - }, - "labels": { - "items": { - "type": "string" - }, - "type": "array" - }, - "owner": { - "type": "string" - }, - "repo": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } + "parameters": { + "additionalProperties": { + "x-kubernetes-preserve-unknown-fields": true }, - "required": [ - "key", - "secretName" - ], "type": "object" } }, - "required": [ - "owner", - "repo" - ], "type": "object" }, "requeueAfterSeconds": { @@ -7065,6 +8489,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -7082,6 +8512,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -7108,6 +8544,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -7117,6 +8559,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -7125,71 +8571,205 @@ }, "kustomize": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "commonAnnotations": { "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, - "version": { + "namespace": { "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { + }, + "patches": { "items": { "properties": { - "name": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { "type": "string" }, - "value": { + "path": { "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -7202,198 +8782,542 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" + "targetBranch": { + "type": "string" } }, + "required": [ + "targetBranch" + ], "type": "object" }, - "syncOptions": { - "items": { - "type": "string" + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "type": "object" - }, - "scmProvider": { - "properties": { - "bitbucket": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "appPasswordRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - }, - "owner": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "required": [ - "appPasswordRef", - "owner", - "user" - ], - "type": "object" - }, - "bitbucketServer": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "basicAuth": { - "properties": { - "passwordRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" + "required": [ + "path", + "targetBranch" + ], + "type": "object" } }, "required": [ - "key", - "secretName" + "drySource", + "syncSource" ], "type": "object" }, - "username": { - "type": "string" - } - }, - "required": [ - "passwordRef", - "username" - ], - "type": "object" - }, - "project": { - "type": "string" - } - }, - "required": [ - "api", - "project" - ], - "type": "object" - }, - "cloneProtocol": { - "type": "string" - }, - "filters": { - "items": { - "properties": { - "branchMatch": { - "type": "string" - }, - "labelMatch": { - "type": "string" - }, - "pathsDoNotExist": { - "items": { - "type": "string" - }, - "type": "array" - }, - "pathsExist": { - "items": { - "type": "string" + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" }, - "type": "array" + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } }, - "repositoryMatch": { - "type": "string" - } - }, - "type": "object" + "required": [ + "destination", + "project" + ], + "type": "object" + } }, - "type": "array" + "required": [ + "metadata", + "spec" + ], + "type": "object" }, - "gitea": { + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "configMapRef" + ], + "type": "object" + }, + "pullRequest": { + "properties": { + "azuredevops": { "properties": { - "allBranches": { - "type": "boolean" - }, "api": { "type": "string" }, - "insecure": { - "type": "boolean" + "labels": { + "items": { + "type": "string" + }, + "type": "array" }, - "owner": { + "organization": { + "type": "string" + }, + "project": { + "type": "string" + }, + "repo": { "type": "string" }, "tokenRef": { @@ -7413,20 +9337,236 @@ } }, "required": [ - "api", - "owner" + "organization", + "project", + "repo" ], "type": "object" }, - "github": { + "bitbucket": { "properties": { - "allBranches": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + } + }, + "required": [ + "owner", + "repo" + ], + "type": "object" + }, + "bitbucketServer": { + "properties": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "project": { + "type": "string" + }, + "repo": { + "type": "string" + } + }, + "required": [ + "api", + "project", + "repo" + ], + "type": "object" + }, + "filters": { + "items": { + "properties": { + "branchMatch": { + "type": "string" + }, + "targetBranchMatch": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "gitea": { + "properties": { + "api": { + "type": "string" + }, + "insecure": { "type": "boolean" }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "api", + "owner", + "repo" + ], + "type": "object" + }, + "github": { + "properties": { "api": { "type": "string" }, - "organization": { + "appSecretName": { + "type": "string" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "owner": { + "type": "string" + }, + "repo": { "type": "string" }, "tokenRef": { @@ -7446,24 +9586,46 @@ } }, "required": [ - "organization" + "owner", + "repo" ], "type": "object" }, "gitlab": { "properties": { - "allBranches": { - "type": "boolean" - }, "api": { "type": "string" }, - "group": { - "type": "string" + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" }, - "includeSubgroups": { + "insecure": { "type": "boolean" }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "pullRequestState": { + "type": "string" + }, "tokenRef": { "properties": { "key": { @@ -7481,7 +9643,7 @@ } }, "required": [ - "group" + "project" ], "type": "object" }, @@ -7676,6 +9838,12 @@ }, "helm": { "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, "fileParameters": { "items": { "properties": { @@ -7693,6 +9861,12 @@ "ignoreMissingValueFiles": { "type": "boolean" }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, "parameters": { "items": { "properties": { @@ -7719,6 +9893,12 @@ "skipCrds": { "type": "boolean" }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, "valueFiles": { "items": { "type": "string" @@ -7728,6 +9908,10 @@ "values": { "type": "string" }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "version": { "type": "string" } @@ -7736,42 +9920,147 @@ }, "kustomize": { "properties": { - "commonAnnotations": { - "additionalProperties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { "type": "string" }, "type": "object" }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, "commonLabels": { "additionalProperties": { "type": "string" }, "type": "object" }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, "forceCommonAnnotations": { "type": "boolean" }, "forceCommonLabels": { "type": "boolean" }, + "ignoreMissingComponents": { + "type": "boolean" + }, "images": { "items": { "type": "string" }, "type": "array" }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, "namePrefix": { "type": "string" }, "nameSuffix": { "type": "string" }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, "version": { "type": "string" } }, "type": "object" }, + "name": { + "type": "string" + }, "path": { "type": "string" }, @@ -7797,10 +10086,39 @@ }, "name": { "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" }, + "ref": { + "type": "string" + }, "repoURL": { "type": "string" }, @@ -7813,1504 +10131,16045 @@ ], "type": "object" }, - "syncPolicy": { + "sourceHydrator": { "properties": { - "automated": { + "drySource": { "properties": { - "allowEmpty": { - "type": "boolean" + "path": { + "type": "string" }, - "prune": { - "type": "boolean" + "repoURL": { + "type": "string" }, - "selfHeal": { - "type": "boolean" + "targetRevision": { + "type": "string" } }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], "type": "object" }, - "retry": { + "hydrateTo": { "properties": { - "backoff": { - "properties": { - "duration": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { "type": "string" }, - "factor": { - "format": "int64", - "type": "integer" + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" }, - "maxDuration": { + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { "type": "string" - } + }, + "type": "array" }, - "type": "object" + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } }, - "limit": { - "format": "int64", - "type": "integer" - } + "type": "object" }, - "type": "object" - }, - "syncOptions": { - "items": { + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { "type": "string" }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } }, "required": [ "metadata", "spec" ], "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - }, - "mergeKeys": { - "items": { - "type": "string" - }, - "type": "array" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { + "values": { + "additionalProperties": { "type": "string" }, - "server": { - "type": "string" - } - }, - "type": "object" + "type": "object" + } }, - "ignoreDifferences": { - "items": { + "type": "object" + }, + "scmProvider": { + "properties": { + "awsCodeCommit": { "properties": { - "group": { + "allBranches": { + "type": "boolean" + }, + "region": { "type": "string" }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" + "role": { + "type": "string" }, - "jsonPointers": { + "tagFilters": { "items": { - "type": "string" + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" }, "type": "array" + } + }, + "type": "object" + }, + "azureDevOps": { + "properties": { + "accessTokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" }, - "kind": { - "type": "string" + "allBranches": { + "type": "boolean" }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" + "api": { + "type": "string" }, - "name": { + "organization": { "type": "string" }, - "namespace": { + "teamProject": { "type": "string" } }, "required": [ - "kind" + "accessTokenRef", + "organization", + "teamProject" ], "type": "object" }, - "type": "array" - }, - "info": { - "items": { + "bitbucket": { "properties": { - "name": { + "allBranches": { + "type": "boolean" + }, + "appPasswordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "owner": { "type": "string" }, - "value": { + "user": { "type": "string" } }, "required": [ - "name", - "value" + "appPasswordRef", + "owner", + "user" ], "type": "object" }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } + "bitbucketServer": { + "properties": { + "allBranches": { + "type": "boolean" }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { "properties": { - "name": { + "key": { "type": "string" }, - "path": { + "secretName": { "type": "string" } }, + "required": [ + "key", + "secretName" + ], "type": "object" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" + "username": { + "type": "string" + } }, - "parameters": { - "items": { + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { "properties": { - "forceString": { - "type": "boolean" - }, - "name": { + "key": { "type": "string" }, - "value": { + "secretName": { "type": "string" } }, + "required": [ + "key", + "secretName" + ], "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" + } }, - "valueFiles": { - "items": { + "required": [ + "tokenRef" + ], + "type": "object" + }, + "caRef": { + "properties": { + "configMapName": { "type": "string" }, - "type": "array" - }, - "values": { - "type": "string" + "key": { + "type": "string" + } }, - "version": { - "type": "string" - } + "required": [ + "configMapName", + "key" + ], + "type": "object" }, - "type": "object" + "insecure": { + "type": "boolean" + }, + "project": { + "type": "string" + } }, - "kustomize": { + "required": [ + "api", + "project" + ], + "type": "object" + }, + "cloneProtocol": { + "type": "string" + }, + "filters": { + "items": { "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" + "branchMatch": { + "type": "string" }, - "forceCommonLabels": { - "type": "boolean" + "labelMatch": { + "type": "string" }, - "images": { + "pathsDoNotExist": { "items": { "type": "string" }, "type": "array" }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { + "pathsExist": { "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "string" }, "type": "array" }, - "name": { + "repositoryMatch": { "type": "string" } }, "type": "object" }, - "repoURL": { - "type": "string" - }, - "targetRevision": { - "type": "string" - } + "type": "array" }, - "required": [ - "repoURL" - ], - "type": "object" - }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" + "gitea": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "owner": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } }, - "selfHeal": { - "type": "boolean" - } + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "api", + "owner" + ], + "type": "object" + }, + "github": { + "properties": { + "allBranches": { + "type": "boolean" }, - "type": "object" + "api": { + "type": "string" + }, + "appSecretName": { + "type": "string" + }, + "organization": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } + "required": [ + "organization" + ], + "type": "object" + }, + "gitlab": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" }, - "type": "object" + "key": { + "type": "string" + } }, - "limit": { - "format": "int64", - "type": "integer" - } + "required": [ + "configMapName", + "key" + ], + "type": "object" }, - "type": "object" - }, - "syncOptions": { - "items": { + "group": { "type": "string" }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "required": [ - "generators", - "mergeKeys" - ], - "type": "object" - }, - "pullRequest": { - "properties": { - "bitbucketServer": { - "properties": { - "api": { - "type": "string" - }, - "basicAuth": { - "properties": { - "passwordRef": { - "properties": { - "key": { - "type": "string" + "includeSharedProjects": { + "type": "boolean" + }, + "includeSubgroups": { + "type": "boolean" + }, + "insecure": { + "type": "boolean" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "topic": { + "type": "string" + } }, - "secretName": { - "type": "string" - } + "required": [ + "group" + ], + "type": "object" }, - "required": [ - "key", - "secretName" - ], - "type": "object" - }, - "username": { - "type": "string" - } - }, - "required": [ - "passwordRef", - "username" - ], - "type": "object" - }, - "project": { - "type": "string" - }, - "repo": { - "type": "string" - } - }, - "required": [ - "api", - "project", - "repo" - ], - "type": "object" - }, - "filters": { - "items": { - "properties": { - "branchMatch": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "gitea": { - "properties": { - "api": { - "type": "string" - }, - "insecure": { - "type": "boolean" - }, - "owner": { - "type": "string" - }, - "repo": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - } - }, - "required": [ - "api", - "owner", - "repo" - ], - "type": "object" - }, - "github": { - "properties": { - "api": { - "type": "string" - }, - "labels": { - "items": { - "type": "string" - }, - "type": "array" - }, - "owner": { - "type": "string" - }, - "repo": { - "type": "string" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - } - }, - "required": [ - "owner", - "repo" - ], - "type": "object" - }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" }, - "type": "object" - }, - "ignoreDifferences": { - "items": { + "template": { "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { - "type": "string" + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" + "type": "object" }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" }, - "type": "array" - }, - "libs": { - "items": { + "namespace": { "type": "string" }, - "type": "array" + "server": { + "type": "string" + } }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { "type": "string" }, - "value": { - "type": "string" - } + "type": "array" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } - }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } }, - "path": { - "type": "string" - } + "required": [ + "kind" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" + "type": "array" }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { + "project": { "type": "string" }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { - "type": "string" + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { + "source": { "properties": { - "name": { + "chart": { "type": "string" }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "name": { - "type": "string" - } - }, - "type": "object" - }, - "repoURL": { - "type": "string" - }, - "targetRevision": { - "type": "string" - } - }, - "required": [ - "repoURL" - ], - "type": "object" - }, - "syncPolicy": { - "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } - }, - "type": "object" - }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "syncOptions": { - "items": { - "type": "string" - }, - "type": "array" - } - }, - "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } - }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "type": "object" + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + } + }, + "required": [ + "generators" + ], + "type": "object" + }, + "merge": { + "properties": { + "generators": { + "items": { + "properties": { + "clusterDecisionResource": { + "properties": { + "configMapRef": { + "type": "string" + }, + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "configMapRef" + ], + "type": "object" + }, + "clusters": { + "properties": { + "flatList": { + "type": "boolean" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "git": { + "properties": { + "directories": { + "items": { + "properties": { + "exclude": { + "type": "boolean" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "files": { + "items": { + "properties": { + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array" + }, + "pathParamPrefix": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "revision": { + "type": "string" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "repoURL", + "revision" + ], + "type": "object" + }, + "list": { + "properties": { + "elements": { + "items": { + "x-kubernetes-preserve-unknown-fields": true + }, + "type": "array" + }, + "elementsYaml": { + "type": "string" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "matrix": { + "x-kubernetes-preserve-unknown-fields": true + }, + "merge": { + "x-kubernetes-preserve-unknown-fields": true + }, + "plugin": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "input": { + "properties": { + "parameters": { + "additionalProperties": { + "x-kubernetes-preserve-unknown-fields": true + }, + "type": "object" + } + }, + "type": "object" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "configMapRef" + ], + "type": "object" + }, + "pullRequest": { + "properties": { + "azuredevops": { + "properties": { + "api": { + "type": "string" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "organization": { + "type": "string" + }, + "project": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "organization", + "project", + "repo" + ], + "type": "object" + }, + "bitbucket": { + "properties": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + } + }, + "required": [ + "owner", + "repo" + ], + "type": "object" + }, + "bitbucketServer": { + "properties": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "project": { + "type": "string" + }, + "repo": { + "type": "string" + } + }, + "required": [ + "api", + "project", + "repo" + ], + "type": "object" + }, + "filters": { + "items": { + "properties": { + "branchMatch": { + "type": "string" + }, + "targetBranchMatch": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "gitea": { + "properties": { + "api": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "api", + "owner", + "repo" + ], + "type": "object" + }, + "github": { + "properties": { + "api": { + "type": "string" + }, + "appSecretName": { + "type": "string" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "owner", + "repo" + ], + "type": "object" + }, + "gitlab": { + "properties": { + "api": { + "type": "string" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "pullRequestState": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "project" + ], + "type": "object" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "scmProvider": { + "properties": { + "awsCodeCommit": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "region": { + "type": "string" + }, + "role": { + "type": "string" + }, + "tagFilters": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "azureDevOps": { + "properties": { + "accessTokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "organization": { + "type": "string" + }, + "teamProject": { + "type": "string" + } + }, + "required": [ + "accessTokenRef", + "organization", + "teamProject" + ], + "type": "object" + }, + "bitbucket": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "appPasswordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "owner": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "required": [ + "appPasswordRef", + "owner", + "user" + ], + "type": "object" + }, + "bitbucketServer": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "project": { + "type": "string" + } + }, + "required": [ + "api", + "project" + ], + "type": "object" + }, + "cloneProtocol": { + "type": "string" + }, + "filters": { + "items": { + "properties": { + "branchMatch": { + "type": "string" + }, + "labelMatch": { + "type": "string" + }, + "pathsDoNotExist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pathsExist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "repositoryMatch": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "gitea": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "owner": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "api", + "owner" + ], + "type": "object" + }, + "github": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "appSecretName": { + "type": "string" + }, + "organization": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "organization" + ], + "type": "object" + }, + "gitlab": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "group": { + "type": "string" + }, + "includeSharedProjects": { + "type": "boolean" + }, + "includeSubgroups": { + "type": "boolean" + }, + "insecure": { + "type": "boolean" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "topic": { + "type": "string" + } + }, + "required": [ + "group" + ], + "type": "object" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + }, + "mergeKeys": { + "items": { + "type": "string" + }, + "type": "array" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + } + }, + "required": [ + "generators", + "mergeKeys" + ], + "type": "object" + }, + "plugin": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "input": { + "properties": { + "parameters": { + "additionalProperties": { + "x-kubernetes-preserve-unknown-fields": true + }, + "type": "object" + } + }, + "type": "object" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "configMapRef" + ], + "type": "object" + }, + "pullRequest": { + "properties": { + "azuredevops": { + "properties": { + "api": { + "type": "string" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "organization": { + "type": "string" + }, + "project": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "organization", + "project", + "repo" + ], + "type": "object" + }, + "bitbucket": { + "properties": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + } + }, + "required": [ + "owner", + "repo" + ], + "type": "object" + }, + "bitbucketServer": { + "properties": { + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "project": { + "type": "string" + }, + "repo": { + "type": "string" + } + }, + "required": [ + "api", + "project", + "repo" + ], + "type": "object" + }, + "filters": { + "items": { + "properties": { + "branchMatch": { + "type": "string" + }, + "targetBranchMatch": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "gitea": { + "properties": { + "api": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "api", + "owner", + "repo" + ], + "type": "object" + }, + "github": { + "properties": { + "api": { + "type": "string" + }, + "appSecretName": { + "type": "string" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "owner": { + "type": "string" + }, + "repo": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "owner", + "repo" + ], + "type": "object" + }, + "gitlab": { + "properties": { + "api": { + "type": "string" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "pullRequestState": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "project" + ], + "type": "object" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { + "properties": { + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" + }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "required": [ + "destination", + "project" + ], + "type": "object" + } + }, + "required": [ + "metadata", + "spec" + ], + "type": "object" + }, + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" }, "scmProvider": { "properties": { + "awsCodeCommit": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "region": { + "type": "string" + }, + "role": { + "type": "string" + }, + "tagFilters": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "azureDevOps": { + "properties": { + "accessTokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "organization": { + "type": "string" + }, + "teamProject": { + "type": "string" + } + }, + "required": [ + "accessTokenRef", + "organization", + "teamProject" + ], + "type": "object" + }, "bitbucket": { "properties": { "allBranches": { "type": "boolean" }, - "appPasswordRef": { + "appPasswordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "owner": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "required": [ + "appPasswordRef", + "owner", + "user" + ], + "type": "object" + }, + "bitbucketServer": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "basicAuth": { + "properties": { + "passwordRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "username": { + "type": "string" + } + }, + "required": [ + "passwordRef", + "username" + ], + "type": "object" + }, + "bearerToken": { + "properties": { + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "tokenRef" + ], + "type": "object" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "insecure": { + "type": "boolean" + }, + "project": { + "type": "string" + } + }, + "required": [ + "api", + "project" + ], + "type": "object" + }, + "cloneProtocol": { + "type": "string" + }, + "filters": { + "items": { + "properties": { + "branchMatch": { + "type": "string" + }, + "labelMatch": { + "type": "string" + }, + "pathsDoNotExist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "pathsExist": { + "items": { + "type": "string" + }, + "type": "array" + }, + "repositoryMatch": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "gitea": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "owner": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "api", + "owner" + ], + "type": "object" + }, + "github": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "appSecretName": { + "type": "string" + }, + "organization": { + "type": "string" + }, + "tokenRef": { + "properties": { + "key": { + "type": "string" + }, + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + } + }, + "required": [ + "organization" + ], + "type": "object" + }, + "gitlab": { + "properties": { + "allBranches": { + "type": "boolean" + }, + "api": { + "type": "string" + }, + "caRef": { + "properties": { + "configMapName": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "required": [ + "configMapName", + "key" + ], + "type": "object" + }, + "group": { + "type": "string" + }, + "includeSharedProjects": { + "type": "boolean" + }, + "includeSubgroups": { + "type": "boolean" + }, + "insecure": { + "type": "boolean" + }, + "tokenRef": { "properties": { "key": { "type": "string" }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" - }, - "owner": { - "type": "string" - }, - "user": { - "type": "string" - } - }, - "required": [ - "appPasswordRef", - "owner", - "user" - ], - "type": "object" - }, - "bitbucketServer": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "basicAuth": { - "properties": { - "passwordRef": { + "secretName": { + "type": "string" + } + }, + "required": [ + "key", + "secretName" + ], + "type": "object" + }, + "topic": { + "type": "string" + } + }, + "required": [ + "group" + ], + "type": "object" + }, + "requeueAfterSeconds": { + "format": "int64", + "type": "integer" + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object" + }, + "ignoreDifferences": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { + "type": "string" + }, + "managedFieldsManagers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind" + ], + "type": "object" + }, + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object" + }, + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } + }, + "required": [ + "targetBranch" + ], + "type": "object" + }, + "syncSource": { + "properties": { + "path": { + "type": "string" + }, + "targetBranch": { + "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object" + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object" + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } + }, + "required": [ + "repoURL" + ], + "type": "object" + }, + "type": "array" + }, + "syncPolicy": { "properties": { - "key": { - "type": "string" + "automated": { + "properties": { + "allowEmpty": { + "type": "boolean" + }, + "prune": { + "type": "boolean" + }, + "selfHeal": { + "type": "boolean" + } + }, + "type": "object" }, - "secretName": { - "type": "string" + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "retry": { + "properties": { + "backoff": { + "properties": { + "duration": { + "type": "string" + }, + "factor": { + "format": "int64", + "type": "integer" + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "limit": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "syncOptions": { + "items": { + "type": "string" + }, + "type": "array" } }, - "required": [ - "key", - "secretName" - ], "type": "object" - }, - "username": { - "type": "string" } }, "required": [ - "passwordRef", - "username" + "destination", + "project" ], "type": "object" - }, - "project": { - "type": "string" } }, "required": [ - "api", - "project" + "metadata", + "spec" ], "type": "object" }, - "cloneProtocol": { - "type": "string" - }, - "filters": { + "values": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { "items": { "properties": { - "branchMatch": { + "key": { "type": "string" }, - "labelMatch": { + "operator": { "type": "string" }, - "pathsDoNotExist": { - "items": { - "type": "string" - }, - "type": "array" - }, - "pathsExist": { + "values": { "items": { "type": "string" }, - "type": "array" - }, - "repositoryMatch": { - "type": "string" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, + "required": [ + "key", + "operator" + ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, - "gitea": { + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array" + }, + "goTemplate": { + "type": "boolean" + }, + "goTemplateOptions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "ignoreApplicationDifferences": { + "items": { + "properties": { + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "preservedFields": { + "properties": { + "annotations": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "strategy": { + "properties": { + "rollingSync": { + "properties": { + "steps": { + "items": { "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "insecure": { - "type": "boolean" - }, - "owner": { - "type": "string" + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" }, - "tokenRef": { - "properties": { - "key": { - "type": "string" + "maxUpdate": { + "anyOf": [ + { + "type": "integer" }, - "secretName": { + { "type": "string" } - }, - "required": [ - "key", - "secretName" ], - "type": "object" + "x-kubernetes-int-or-string": true } }, - "required": [ - "api", - "owner" - ], "type": "object" }, - "github": { + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "type": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "syncPolicy": { + "properties": { + "applicationsSync": { + "enum": [ + "create-only", + "create-update", + "create-delete", + "sync" + ], + "type": "string" + }, + "preserveResourcesOnDeletion": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "template": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "spec": { + "properties": { + "destination": { + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "server": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "ignoreDifferences": { + "items": { "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { + "group": { "type": "string" }, - "organization": { + "jqPathExpressions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "jsonPointers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kind": { "type": "string" }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } + "managedFieldsManagers": { + "items": { + "type": "string" }, - "required": [ - "key", - "secretName" - ], - "type": "object" + "type": "array" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" } }, "required": [ - "organization" + "kind" ], "type": "object" }, - "gitlab": { - "properties": { - "allBranches": { - "type": "boolean" - }, - "api": { - "type": "string" - }, - "group": { - "type": "string" - }, - "includeSubgroups": { - "type": "boolean" - }, - "tokenRef": { - "properties": { - "key": { - "type": "string" - }, - "secretName": { - "type": "string" - } - }, - "required": [ - "key", - "secretName" - ], - "type": "object" + "type": "array" + }, + "info": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" } }, "required": [ - "group" + "name", + "value" ], "type": "object" }, - "requeueAfterSeconds": { - "format": "int64", - "type": "integer" - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } + "type": "array" + }, + "project": { + "type": "string" + }, + "revisionHistoryLimit": { + "format": "int64", + "type": "integer" + }, + "source": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" }, - "type": "object" - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - }, - "server": { - "type": "string" - } - }, - "type": "object" - }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { - "type": "string" - }, - "type": "array" - }, - "jsonPointers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" - }, - "directory": { - "properties": { - "exclude": { - "type": "string" - }, - "include": { - "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "libs": { - "items": { - "type": "string" - }, - "type": "array" - }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - } - }, - "type": "object" - }, - "recurse": { - "type": "boolean" - } - }, - "type": "object" - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, - "passCredentials": { + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { "type": "boolean" }, - "releaseName": { + "name": { "type": "string" }, - "skipCrds": { + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { "type": "boolean" }, - "valueFiles": { - "items": { - "type": "string" - }, - "type": "array" - }, - "values": { + "name": { "type": "string" }, - "version": { + "value": { "type": "string" } }, + "required": [ + "name", + "value" + ], "type": "object" }, - "kustomize": { + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" + "annotationSelector": { + "type": "string" }, - "forceCommonAnnotations": { - "type": "boolean" + "group": { + "type": "string" }, - "forceCommonLabels": { - "type": "boolean" + "kind": { + "type": "string" }, - "images": { - "items": { - "type": "string" - }, - "type": "array" + "labelSelector": { + "type": "string" }, - "namePrefix": { + "name": { "type": "string" }, - "nameSuffix": { + "namespace": { "type": "string" }, "version": { @@ -9318,460 +26177,547 @@ } }, "type": "object" - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" }, - "name": { + { "type": "string" } - }, - "type": "object" + ], + "x-kubernetes-int-or-string": true }, - "repoURL": { + "name": { + "type": "string" + } + }, + "required": [ + "count", + "name" + ], + "type": "object" + }, + "type": "array" + }, + "version": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { "type": "string" }, - "targetRevision": { + "value": { "type": "string" } }, "required": [ - "repoURL" + "name", + "value" ], "type": "object" }, - "syncPolicy": { + "type": "array" + }, + "name": { + "type": "string" + }, + "parameters": { + "items": { "properties": { - "automated": { - "properties": { - "allowEmpty": { - "type": "boolean" - }, - "prune": { - "type": "boolean" - }, - "selfHeal": { - "type": "boolean" - } + "array": { + "items": { + "type": "string" }, - "type": "object" + "type": "array" }, - "retry": { - "properties": { - "backoff": { - "properties": { - "duration": { - "type": "string" - }, - "factor": { - "format": "int64", - "type": "integer" - }, - "maxDuration": { - "type": "string" - } - }, - "type": "object" - }, - "limit": { - "format": "int64", - "type": "integer" - } + "map": { + "additionalProperties": { + "type": "string" }, "type": "object" }, - "syncOptions": { - "items": { - "type": "string" - }, - "type": "array" + "name": { + "type": "string" + }, + "string": { + "type": "string" } }, "type": "object" - } - }, - "required": [ - "destination", - "project", - "source" - ], - "type": "object" - } + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false }, - "required": [ - "metadata", - "spec" - ], - "type": "object" - } - }, - "type": "object" - } - }, - "type": "object" - }, - "type": "array" - }, - "syncPolicy": { - "properties": { - "preserveResourcesOnDeletion": { - "type": "boolean" - } - }, - "type": "object", - "additionalProperties": false - }, - "template": { - "properties": { - "metadata": { - "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "finalizers": { - "items": { - "type": "string" - }, - "type": "array" - }, - "labels": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "name": { - "type": "string" - }, - "namespace": { - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - }, - "spec": { - "properties": { - "destination": { - "properties": { - "name": { + "ref": { "type": "string" }, - "namespace": { + "repoURL": { "type": "string" }, - "server": { + "targetRevision": { "type": "string" } }, + "required": [ + "repoURL" + ], "type": "object", "additionalProperties": false }, - "ignoreDifferences": { - "items": { - "properties": { - "group": { - "type": "string" - }, - "jqPathExpressions": { - "items": { + "sourceHydrator": { + "properties": { + "drySource": { + "properties": { + "path": { "type": "string" }, - "type": "array" - }, - "jsonPointers": { - "items": { + "repoURL": { "type": "string" }, - "type": "array" - }, - "kind": { - "type": "string" - }, - "managedFieldsManagers": { - "items": { + "targetRevision": { "type": "string" - }, - "type": "array" - }, - "name": { - "type": "string" + } }, - "namespace": { - "type": "string" - } + "required": [ + "path", + "repoURL", + "targetRevision" + ], + "type": "object", + "additionalProperties": false }, - "required": [ - "kind" - ], - "type": "object" - }, - "type": "array" - }, - "info": { - "items": { - "properties": { - "name": { - "type": "string" + "hydrateTo": { + "properties": { + "targetBranch": { + "type": "string" + } }, - "value": { - "type": "string" - } - }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" - }, - "project": { - "type": "string" - }, - "revisionHistoryLimit": { - "format": "int64", - "type": "integer" - }, - "source": { - "properties": { - "chart": { - "type": "string" + "required": [ + "targetBranch" + ], + "type": "object", + "additionalProperties": false }, - "directory": { + "syncSource": { "properties": { - "exclude": { + "path": { "type": "string" }, - "include": { + "targetBranch": { "type": "string" - }, - "jsonnet": { - "properties": { - "extVars": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" + } + }, + "required": [ + "path", + "targetBranch" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "drySource", + "syncSource" + ], + "type": "object", + "additionalProperties": false + }, + "sources": { + "items": { + "properties": { + "chart": { + "type": "string" + }, + "directory": { + "properties": { + "exclude": { + "type": "string" + }, + "include": { + "type": "string" + }, + "jsonnet": { + "properties": { + "extVars": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "name", + "value" + ], + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" + "type": "array" }, - "type": "array" + "libs": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tlas": { + "items": { + "properties": { + "code": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + } }, - "libs": { - "items": { - "type": "string" + "type": "object" + }, + "recurse": { + "type": "boolean" + } + }, + "type": "object" + }, + "helm": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "fileParameters": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "path": { + "type": "string" + } }, - "type": "array" + "type": "object" }, - "tlas": { - "items": { - "properties": { - "code": { - "type": "boolean" - }, - "name": { - "type": "string" - }, - "value": { - "type": "string" - } + "type": "array" + }, + "ignoreMissingValueFiles": { + "type": "boolean" + }, + "kubeVersion": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "forceString": { + "type": "boolean" }, - "required": [ - "name", - "value" - ], - "type": "object" + "name": { + "type": "string" + }, + "value": { + "type": "string" + } }, - "type": "array" - } + "type": "object" + }, + "type": "array" }, - "type": "object", - "additionalProperties": false + "passCredentials": { + "type": "boolean" + }, + "releaseName": { + "type": "string" + }, + "skipCrds": { + "type": "boolean" + }, + "skipSchemaValidation": { + "type": "boolean" + }, + "skipTests": { + "type": "boolean" + }, + "valueFiles": { + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "type": "string" + }, + "valuesObject": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "version": { + "type": "string" + } }, - "recurse": { - "type": "boolean" - } + "type": "object" }, - "type": "object", - "additionalProperties": false - }, - "helm": { - "properties": { - "fileParameters": { - "items": { - "properties": { - "name": { - "type": "string" - }, - "path": { - "type": "string" - } + "kustomize": { + "properties": { + "apiVersions": { + "items": { + "type": "string" + }, + "type": "array" + }, + "commonAnnotations": { + "additionalProperties": { + "type": "string" }, "type": "object" }, - "type": "array" - }, - "ignoreMissingValueFiles": { - "type": "boolean" - }, - "parameters": { - "items": { - "properties": { - "forceString": { - "type": "boolean" + "commonAnnotationsEnvsubst": { + "type": "boolean" + }, + "commonLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "components": { + "items": { + "type": "string" + }, + "type": "array" + }, + "forceCommonAnnotations": { + "type": "boolean" + }, + "forceCommonLabels": { + "type": "boolean" + }, + "ignoreMissingComponents": { + "type": "boolean" + }, + "images": { + "items": { + "type": "string" + }, + "type": "array" + }, + "kubeVersion": { + "type": "string" + }, + "labelIncludeTemplates": { + "type": "boolean" + }, + "labelWithoutSelector": { + "type": "boolean" + }, + "namePrefix": { + "type": "string" + }, + "nameSuffix": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "patches": { + "items": { + "properties": { + "options": { + "additionalProperties": { + "type": "boolean" + }, + "type": "object" + }, + "patch": { + "type": "string" + }, + "path": { + "type": "string" + }, + "target": { + "properties": { + "annotationSelector": { + "type": "string" + }, + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "labelSelector": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "type": "object" + } }, - "name": { - "type": "string" + "type": "object" + }, + "type": "array" + }, + "replicas": { + "items": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "name": { + "type": "string" + } }, - "value": { - "type": "string" - } + "required": [ + "count", + "name" + ], + "type": "object" }, - "type": "object" + "type": "array" }, - "type": "array" - }, - "passCredentials": { - "type": "boolean" - }, - "releaseName": { - "type": "string" - }, - "skipCrds": { - "type": "boolean" - }, - "valueFiles": { - "items": { + "version": { "type": "string" - }, - "type": "array" - }, - "values": { - "type": "string" + } }, - "version": { - "type": "string" - } + "type": "object" }, - "type": "object", - "additionalProperties": false - }, - "kustomize": { - "properties": { - "commonAnnotations": { - "additionalProperties": { - "type": "string" - }, - "type": "object" - }, - "commonLabels": { - "additionalProperties": { - "type": "string" + "name": { + "type": "string" + }, + "path": { + "type": "string" + }, + "plugin": { + "properties": { + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" }, - "type": "object" - }, - "forceCommonAnnotations": { - "type": "boolean" - }, - "forceCommonLabels": { - "type": "boolean" - }, - "images": { - "items": { + "name": { "type": "string" }, - "type": "array" - }, - "namePrefix": { - "type": "string" - }, - "nameSuffix": { - "type": "string" - }, - "version": { - "type": "string" - } - }, - "type": "object", - "additionalProperties": false - }, - "path": { - "type": "string" - }, - "plugin": { - "properties": { - "env": { - "items": { - "properties": { - "name": { - "type": "string" + "parameters": { + "items": { + "properties": { + "array": { + "items": { + "type": "string" + }, + "type": "array" + }, + "map": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "string": { + "type": "string" + } }, - "value": { - "type": "string" - } + "type": "object" }, - "required": [ - "name", - "value" - ], - "type": "object" - }, - "type": "array" + "type": "array" + } }, - "name": { - "type": "string" - } + "type": "object" }, - "type": "object", - "additionalProperties": false - }, - "repoURL": { - "type": "string" + "ref": { + "type": "string" + }, + "repoURL": { + "type": "string" + }, + "targetRevision": { + "type": "string" + } }, - "targetRevision": { - "type": "string" - } + "required": [ + "repoURL" + ], + "type": "object" }, - "required": [ - "repoURL" - ], - "type": "object", - "additionalProperties": false + "type": "array" }, "syncPolicy": { "properties": { @@ -9790,6 +26736,24 @@ "type": "object", "additionalProperties": false }, + "managedNamespaceMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, "retry": { "properties": { "backoff": { @@ -9829,8 +26793,7 @@ }, "required": [ "destination", - "project", - "source" + "project" ], "type": "object", "additionalProperties": false @@ -9842,6 +26805,9 @@ ], "type": "object", "additionalProperties": false + }, + "templatePatch": { + "type": "string" } }, "required": [ @@ -9853,6 +26819,43 @@ }, "status": { "properties": { + "applicationStatus": { + "items": { + "properties": { + "application": { + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "type": "string" + }, + "step": { + "type": "string" + }, + "targetRevisions": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "application", + "message", + "status", + "step", + "targetRevisions" + ], + "type": "object" + }, + "type": "array" + }, "conditions": { "items": { "properties": { @@ -9882,6 +26885,60 @@ "type": "object" }, "type": "array" + }, + "resources": { + "items": { + "properties": { + "group": { + "type": "string" + }, + "health": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "status": { + "type": "string" + } + }, + "type": "object" + }, + "hook": { + "type": "boolean" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "requiresDeletionConfirmation": { + "type": "boolean" + }, + "requiresPruning": { + "type": "boolean" + }, + "status": { + "type": "string" + }, + "syncWave": { + "format": "int64", + "type": "integer" + }, + "version": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, "type": "object" diff --git a/master-standalone-strict/appproject-argoproj-v1alpha1.json b/master-standalone-strict/appproject-argoproj-v1alpha1.json index 1950916..bc92781 100644 --- a/master-standalone-strict/appproject-argoproj-v1alpha1.json +++ b/master-standalone-strict/appproject-argoproj-v1alpha1.json @@ -1,12 +1,12 @@ { - "description": "AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)", + "description": "AppProject provides a logical grouping of applications, providing controls for:\n* where the apps may deploy to (cluster whitelist)\n* what may be deployed (repository whitelist, resource whitelist/blacklist)\n* who can access these applications (roles, OIDC group claims bindings)\n* and what they can do (RBAC policies)\n* automation access to these roles (JWT tokens)", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -18,7 +18,7 @@ "clusterResourceBlacklist": { "description": "ClusterResourceBlacklist contains list of blacklisted cluster level resources", "items": { - "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", + "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types", "properties": { "group": { "type": "string" @@ -38,7 +38,7 @@ "clusterResourceWhitelist": { "description": "ClusterResourceWhitelist contains list of whitelisted cluster level resources", "items": { - "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", + "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types", "properties": { "group": { "type": "string" @@ -59,21 +59,47 @@ "description": "Description contains optional project description", "type": "string" }, + "destinationServiceAccounts": { + "description": "DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination.", + "items": { + "description": "ApplicationDestinationServiceAccount holds information about the service account to be impersonated for the application sync operation.", + "properties": { + "defaultServiceAccount": { + "description": "DefaultServiceAccount to be used for impersonation during the sync operation", + "type": "string" + }, + "namespace": { + "description": "Namespace specifies the target namespace for the application's resources.", + "type": "string" + }, + "server": { + "description": "Server specifies the URL of the target cluster's Kubernetes control plane API.", + "type": "string" + } + }, + "required": [ + "defaultServiceAccount", + "server" + ], + "type": "object" + }, + "type": "array" + }, "destinations": { "description": "Destinations contains list of destinations available for deployment", "items": { "description": "ApplicationDestination holds information about the application's destination", "properties": { "name": { - "description": "Name is an alternate way of specifying the target cluster by its symbolic name", + "description": "Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.", "type": "string" }, "namespace": { - "description": "Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace", + "description": "Namespace specifies the target namespace for the application's resources.\nThe namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace", "type": "string" }, "server": { - "description": "Server specifies the URL of the target cluster and must be set to the Kubernetes control plane API", + "description": "Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.", "type": "string" } }, @@ -84,7 +110,7 @@ "namespaceResourceBlacklist": { "description": "NamespaceResourceBlacklist contains list of blacklisted namespace level resources", "items": { - "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", + "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types", "properties": { "group": { "type": "string" @@ -104,7 +130,7 @@ "namespaceResourceWhitelist": { "description": "NamespaceResourceWhitelist contains list of whitelisted namespace level resources", "items": { - "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", + "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying\nconcepts during lookup stages without having partially valid types", "properties": { "group": { "type": "string" @@ -151,6 +177,10 @@ "type": "object", "additionalProperties": false }, + "permitOnlyProjectScopedClusters": { + "description": "PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped", + "type": "boolean" + }, "roles": { "description": "Roles are user defined RBAC roles associated with this project", "items": { @@ -227,6 +257,13 @@ }, "type": "array" }, + "sourceNamespaces": { + "description": "SourceNamespaces defines the namespaces application resources are allowed to be created in", + "items": { + "type": "string" + }, + "type": "array" + }, "sourceRepos": { "description": "SourceRepos contains list of repository URLs which can be used for deployment", "items": { @@ -239,6 +276,10 @@ "items": { "description": "SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps", "properties": { + "andOperator": { + "description": "UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator", + "type": "boolean" + }, "applications": { "description": "Applications contains a list of applications that the window will apply to", "items": { diff --git a/master-standalone-strict/authorizationpolicy-security-v1.json b/master-standalone-strict/authorizationpolicy-security-v1.json new file mode 100644 index 0000000..585a543 --- /dev/null +++ b/master-standalone-strict/authorizationpolicy-security-v1.json @@ -0,0 +1,492 @@ +{ + "properties": { + "spec": { + "description": "Configuration for access control on workloads. See more details at: https://istio.io/docs/reference/config/security/authorization-policy.html", + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "provider" + ] + } + ] + } + }, + { + "required": [ + "provider" + ] + } + ], + "properties": { + "action": { + "description": "Optional.\n\nValid Options: ALLOW, DENY, AUDIT, CUSTOM", + "enum": [ + "ALLOW", + "DENY", + "AUDIT", + "CUSTOM" + ], + "type": "string" + }, + "provider": { + "description": "Specifies detailed configuration of the CUSTOM action.", + "properties": { + "name": { + "description": "Specifies the name of the extension provider.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "rules": { + "description": "Optional.", + "items": { + "properties": { + "from": { + "description": "Optional.", + "items": { + "properties": { + "source": { + "description": "Source specifies the source of a request.", + "properties": { + "ipBlocks": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaces": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notIpBlocks": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notNamespaces": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notPrincipals": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notRemoteIpBlocks": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notRequestPrincipals": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notServiceAccounts": { + "description": "Optional.", + "items": { + "maxLength": 320, + "type": "string" + }, + "maxItems": 16, + "type": "array" + }, + "principals": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "remoteIpBlocks": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "requestPrincipals": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "serviceAccounts": { + "description": "Optional.", + "items": { + "maxLength": 320, + "type": "string" + }, + "maxItems": 16, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Cannot set serviceAccounts with namespaces or principals", + "rule": "(has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) &&\n!has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true" + } + ] + } + }, + "type": "object" + }, + "maxItems": 512, + "type": "array" + }, + "to": { + "description": "Optional.", + "items": { + "properties": { + "operation": { + "description": "Operation specifies the operation of a request.", + "properties": { + "hosts": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "methods": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notHosts": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notMethods": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notPaths": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "notPorts": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "paths": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "ports": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "when": { + "description": "Optional.", + "items": { + "properties": { + "key": { + "description": "The name of an Istio attribute.", + "type": "string" + }, + "notValues": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + }, + "values": { + "description": "Optional.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "maxItems": 512, + "type": "array" + }, + "selector": { + "description": "Optional.", + "properties": { + "matchLabels": { + "additionalProperties": { + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] + }, + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] + } + }, + "type": "object", + "additionalProperties": false + }, + "targetRef": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + (has(self.targetRefs) ? 1 : 0) <= 1" + } + ], + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" +} diff --git a/master-standalone-strict/authorizationpolicy-security-v1beta1.json b/master-standalone-strict/authorizationpolicy-security-v1beta1.json index 92b4769..585a543 100644 --- a/master-standalone-strict/authorizationpolicy-security-v1beta1.json +++ b/master-standalone-strict/authorizationpolicy-security-v1beta1.json @@ -22,7 +22,7 @@ ], "properties": { "action": { - "description": "Optional.", + "description": "Optional.\n\nValid Options: ALLOW, DENY, AUDIT, CUSTOM", "enum": [ "ALLOW", "DENY", @@ -102,6 +102,15 @@ }, "type": "array" }, + "notServiceAccounts": { + "description": "Optional.", + "items": { + "maxLength": 320, + "type": "string" + }, + "maxItems": 16, + "type": "array" + }, "principals": { "description": "Optional.", "items": { @@ -122,13 +131,29 @@ "type": "string" }, "type": "array" + }, + "serviceAccounts": { + "description": "Optional.", + "items": { + "maxLength": 320, + "type": "string" + }, + "maxItems": 16, + "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "Cannot set serviceAccounts with namespaces or principals", + "rule": "(has(self.serviceAccounts) || has(self.notServiceAccounts)) ? (!has(self.principals) &&\n!has(self.notPrincipals) && !has(self.namespaces) && !has(self.notNamespaces)) : true" + } + ] } }, "type": "object" }, + "maxItems": 512, "type": "array" }, "to": { @@ -225,6 +250,9 @@ "type": "array" } }, + "required": [ + "key" + ], "type": "object" }, "type": "array" @@ -232,6 +260,7 @@ }, "type": "object" }, + "maxItems": 512, "type": "array" }, "selector": { @@ -239,19 +268,222 @@ "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] }, - "type": "object" + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", "additionalProperties": false + }, + "targetRef": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array" } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or selector can be set", + "rule": "(has(self.selector) ? 1 : 0) + (has(self.targetRef) ? 1 : 0) + (has(self.targetRefs) ? 1 : 0) <= 1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/backup-dynamodb-v1alpha1.json b/master-standalone-strict/backup-dynamodb-v1alpha1.json index d870900..a2f7ede 100644 --- a/master-standalone-strict/backup-dynamodb-v1alpha1.json +++ b/master-standalone-strict/backup-dynamodb-v1alpha1.json @@ -2,11 +2,11 @@ "description": "Backup is the Schema for the Backups API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -20,7 +20,7 @@ "type": "string" }, "tableName": { - "description": "The name of the table.", + "description": "The name of the table. You can also provide the Amazon Resource Name (ARN)\nof the table in this parameter.", "type": "string" } }, @@ -35,14 +35,14 @@ "description": "BackupStatus defines the observed state of Backup", "properties": { "ackResourceMetadata": { - "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource", + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { - "description": "ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an \"adopted\" resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR's Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270", + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { - "description": "OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.", + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { @@ -62,12 +62,12 @@ "type": "string" }, "backupExpiryDateTime": { - "description": "Time at which the automatic on-demand backup created by DynamoDB will expire. This SYSTEM on-demand backup expires automatically 35 days after its creation.", + "description": "Time at which the automatic on-demand backup created by DynamoDB will expire.\nThis SYSTEM on-demand backup expires automatically 35 days after its creation.", "format": "date-time", "type": "string" }, "backupSizeBytes": { - "description": "Size of the backup in bytes.", + "description": "Size of the backup in bytes. DynamoDB updates this value approximately every\nsix hours. Recent changes might not be reflected in this value.", "format": "int64", "type": "integer" }, @@ -76,13 +76,13 @@ "type": "string" }, "backupType": { - "description": "BackupType: \n * USER - You create and manage these using the on-demand backup feature. \n * SYSTEM - If you delete a table with point-in-time recovery enabled, a SYSTEM backup is automatically created and is retained for 35 days (at no additional cost). System backups allow you to restore the deleted table to the state it was in just before the point of deletion. \n * AWS_BACKUP - On-demand backup created by you from AWS Backup service.", + "description": "BackupType:\n\n * USER - You create and manage these using the on-demand backup feature.\n\n * SYSTEM - If you delete a table with point-in-time recovery enabled,\n a SYSTEM backup is automatically created and is retained for 35 days (at\n no additional cost). System backups allow you to restore the deleted table\n to the state it was in just before the point of deletion.\n\n * AWS_BACKUP - On-demand backup created by you from Backup service.", "type": "string" }, "conditions": { - "description": "All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource", + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", diff --git a/master-standalone-strict/cacheparametergroup-elasticache-v1alpha1.json b/master-standalone-strict/cacheparametergroup-elasticache-v1alpha1.json index 29cbf2e..dec6a90 100644 --- a/master-standalone-strict/cacheparametergroup-elasticache-v1alpha1.json +++ b/master-standalone-strict/cacheparametergroup-elasticache-v1alpha1.json @@ -2,21 +2,21 @@ "description": "CacheParameterGroup is the Schema for the CacheParameterGroups API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "CacheParameterGroupSpec defines the desired state of CacheParameterGroup. \n Represents the output of a CreateCacheParameterGroup operation.", + "description": "CacheParameterGroupSpec defines the desired state of CacheParameterGroup.\n\nRepresents the output of a CreateCacheParameterGroup operation.", "properties": { "cacheParameterGroupFamily": { - "description": "The name of the cache parameter group family that the cache parameter group can be used with. \n Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x |", + "description": "The name of the cache parameter group family that the cache parameter group\ncan be used with.\n\nValid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 |\nredis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x | redis7", "type": "string" }, "cacheParameterGroupName": { @@ -28,7 +28,7 @@ "type": "string" }, "parameterNameValues": { - "description": "An array of parameter names and values for the parameter update. You must supply at least one parameter name and value; subsequent arguments are optional. A maximum of 20 parameters may be modified per request.", + "description": "An array of parameter names and values for the parameter update. You must\nsupply at least one parameter name and value; subsequent arguments are optional.\nA maximum of 20 parameters may be modified per request.", "items": { "description": "Describes a name-value pair that is used to update the value of a parameter.", "properties": { @@ -44,9 +44,9 @@ "type": "array" }, "tags": { - "description": "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + "description": "A list of tags to be added to this resource. A tag is a key-value pair. A\ntag key must be accompanied by a tag value, although null is accepted.", "items": { - "description": "A tag that can be added to an ElastiCache cluster or replication group. Tags are composed of a Key/Value pair. You can use tags to categorize and track all your ElastiCache resources, with the exception of global replication group. When you add or remove tags on replication groups, those actions will be replicated to all nodes in the replication group. A tag with a null Value is permitted.", + "description": "A tag that can be added to an ElastiCache cluster or replication group. Tags\nare composed of a Key/Value pair. You can use tags to categorize and track\nall your ElastiCache resources, with the exception of global replication\ngroup. When you add or remove tags on replication groups, those actions will\nbe replicated to all nodes in the replication group. A tag with a null Value\nis permitted.", "properties": { "key": { "type": "string" @@ -72,14 +72,14 @@ "description": "CacheParameterGroupStatus defines the observed state of CacheParameterGroup", "properties": { "ackResourceMetadata": { - "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource", + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { - "description": "ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an \"adopted\" resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR's Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270", + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { - "description": "OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.", + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { @@ -94,9 +94,9 @@ "type": "object" }, "conditions": { - "description": "All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource", + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", @@ -129,9 +129,9 @@ "type": "array" }, "events": { - "description": "A list of events. Each element in the list contains detailed information about one event.", + "description": "A list of events. Each element in the list contains detailed information\nabout one event.", "items": { - "description": "Represents a single occurrence of something interesting within the system. Some examples of events are creating a cluster, adding or removing a cache node, or rebooting a node.", + "description": "Represents a single occurrence of something interesting within the system.\nSome examples of events are creating a cluster, adding or removing a cache\nnode, or rebooting a node.", "properties": { "date": { "format": "date-time", @@ -158,7 +158,7 @@ "parameters": { "description": "A list of Parameter instances.", "items": { - "description": "Describes an individual setting that controls some aspect of ElastiCache behavior.", + "description": "Describes an individual setting that controls some aspect of ElastiCache\nbehavior.", "properties": { "allowedValues": { "type": "string" diff --git a/master-standalone-strict/cachesubnetgroup-elasticache-v1alpha1.json b/master-standalone-strict/cachesubnetgroup-elasticache-v1alpha1.json index 3fd1a99..3988a21 100644 --- a/master-standalone-strict/cachesubnetgroup-elasticache-v1alpha1.json +++ b/master-standalone-strict/cachesubnetgroup-elasticache-v1alpha1.json @@ -2,25 +2,25 @@ "description": "CacheSubnetGroup is the Schema for the CacheSubnetGroups API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup. \n Represents the output of one of the following operations: \n * CreateCacheSubnetGroup \n * ModifyCacheSubnetGroup", + "description": "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup.\n\nRepresents the output of one of the following operations:\n\n - CreateCacheSubnetGroup\n\n - ModifyCacheSubnetGroup", "properties": { "cacheSubnetGroupDescription": { "description": "A description for the cache subnet group.", "type": "string" }, "cacheSubnetGroupName": { - "description": "A name for the cache subnet group. This value is stored as a lowercase string. \n Constraints: Must contain no more than 255 alphanumeric characters or hyphens. \n Example: mysubnetgroup", + "description": "A name for the cache subnet group. This value is stored as a lowercase string.\n\nConstraints: Must contain no more than 255 alphanumeric characters or hyphens.\n\nExample: mysubnetgroup", "type": "string" }, "subnetIDs": { @@ -30,10 +30,31 @@ }, "type": "array" }, + "subnetRefs": { + "items": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, "tags": { - "description": "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + "description": "A list of tags to be added to this resource. A tag is a key-value pair. A\ntag key must be accompanied by a tag value, although null is accepted.", "items": { - "description": "A tag that can be added to an ElastiCache cluster or replication group. Tags are composed of a Key/Value pair. You can use tags to categorize and track all your ElastiCache resources, with the exception of global replication group. When you add or remove tags on replication groups, those actions will be replicated to all nodes in the replication group. A tag with a null Value is permitted.", + "description": "A tag that can be added to an ElastiCache cluster or replication group. Tags\nare composed of a Key/Value pair. You can use tags to categorize and track\nall your ElastiCache resources, with the exception of global replication\ngroup. When you add or remove tags on replication groups, those actions will\nbe replicated to all nodes in the replication group. A tag with a null Value\nis permitted.", "properties": { "key": { "type": "string" @@ -49,8 +70,7 @@ }, "required": [ "cacheSubnetGroupDescription", - "cacheSubnetGroupName", - "subnetIDs" + "cacheSubnetGroupName" ], "type": "object", "additionalProperties": false @@ -59,14 +79,14 @@ "description": "CacheSubnetGroupStatus defines the observed state of CacheSubnetGroup", "properties": { "ackResourceMetadata": { - "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource", + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { - "description": "ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an \"adopted\" resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR's Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270", + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { - "description": "OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.", + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { @@ -81,9 +101,9 @@ "type": "object" }, "conditions": { - "description": "All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource", + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", @@ -116,9 +136,9 @@ "type": "array" }, "events": { - "description": "A list of events. Each element in the list contains detailed information about one event.", + "description": "A list of events. Each element in the list contains detailed information\nabout one event.", "items": { - "description": "Represents a single occurrence of something interesting within the system. Some examples of events are creating a cluster, adding or removing a cache node, or rebooting a node.", + "description": "Represents a single occurrence of something interesting within the system.\nSome examples of events are creating a cluster, adding or removing a cache\nnode, or rebooting a node.", "properties": { "date": { "format": "date-time", @@ -141,7 +161,7 @@ "subnets": { "description": "A list of subnets associated with the cache subnet group.", "items": { - "description": "Represents the subnet associated with a cluster. This parameter refers to subnets defined in Amazon Virtual Private Cloud (Amazon VPC) and used with ElastiCache.", + "description": "Represents the subnet associated with a cluster. This parameter refers to\nsubnets defined in Amazon Virtual Private Cloud (Amazon VPC) and used with\nElastiCache.", "properties": { "subnetAvailabilityZone": { "description": "Describes an Availability Zone in which the cluster is launched.", @@ -170,7 +190,7 @@ "type": "array" }, "vpcID": { - "description": "The Amazon Virtual Private Cloud identifier (VPC ID) of the cache subnet group.", + "description": "The Amazon Virtual Private Cloud identifier (VPC ID) of the cache subnet\ngroup.", "type": "string" } }, diff --git a/master-standalone-strict/ciliumclusterwidenetworkpolicy-cilium-v2.json b/master-standalone-strict/ciliumclusterwidenetworkpolicy-cilium-v2.json index 57b2fa4..9cf304c 100644 --- a/master-standalone-strict/ciliumclusterwidenetworkpolicy-cilium-v2.json +++ b/master-standalone-strict/ciliumclusterwidenetworkpolicy-cilium-v2.json @@ -1,18 +1,52 @@ { - "description": "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an modified version of CiliumNetworkPolicy which is cluster scoped rather than namespace scoped.", + "description": "CiliumClusterwideNetworkPolicy is a Kubernetes third-party resource with an\nmodified version of CiliumNetworkPolicy which is cluster scoped rather than\nnamespace scoped.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "anyOf": [ + { + "properties": { + "ingress": {} + }, + "required": [ + "ingress" + ] + }, + { + "properties": { + "ingressDeny": {} + }, + "required": [ + "ingressDeny" + ] + }, + { + "properties": { + "egress": {} + }, + "required": [ + "egress" + ] + }, + { + "properties": { + "egressDeny": {} + }, + "required": [ + "egressDeny" + ] + } + ], "description": "Spec is the desired Cilium specific rule specification.", "oneOf": [ { @@ -34,16 +68,34 @@ ], "properties": { "description": { - "description": "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + "description": "Description is a free form string, it can be used by the creator of\nthe rule to store human readable explanation of the purpose of this\nrule. Rules cannot be identified by comment.", "type": "string" }, "egress": { - "description": "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + "description": "Egress is a list of EgressRule which are enforced at egress.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -54,7 +106,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -62,10 +114,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -73,6 +132,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -81,57 +141,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -141,11 +284,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -154,7 +298,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -163,18 +308,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -193,16 +339,36 @@ "type": "array" }, "toFQDNs": { - "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of `ToFQDN.MatchName`s are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. \n The current implementation has a number of limitations: - The DNS resolution originates from cilium-agent, and not from the pods. Differences between the responses seen by cilium agent and a particular pod will whitelist the incorrect IP. - DNS TTLs are ignored, and cilium-agent will repoll on a short interval (5 seconds). Each change to the DNS data will trigger a policy regeneration. This may result in delayed updates to the policy for an endpoint when the data changes often or the system is under load.", + "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result\nfrom DNS resolution of `ToFQDN.MatchName`s are added to the same\nEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and\nL7 rules within this EgressRule will also apply to these IPs.\nThe DNS -> IP mapping is re-resolved periodically from within the\ncilium-agent, and the IPs in the DNS response are effected in the policy\nfor selected pods as-is (i.e. the list of IPs is not modified in any way).\nNote: An explicit rule to allow for DNS traffic is needed for the pods, as\nToFQDN counts as an egress rule and will enforce egress policy when\nPolicyEnforcment=default.\nNote: If the resolved IPs are IPs within the kubernetes cluster, the\nToFQDN rule will not apply to that IP.\nNote: ToFQDN cannot occur in the same policy as other To* rules.", "items": { + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -212,9 +378,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -248,31 +414,132 @@ }, "type": "array" }, + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is allowed to initiate connections to destination port 8080/tcp", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nconnect to.\n\nExample:\nAny endpoint with the label \"role=frontend\" is allowed to initiate\nconnections to destination port 8080/tcp", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -282,7 +549,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -296,16 +563,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -316,23 +591,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -344,15 +674,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -363,17 +693,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -383,7 +714,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -395,23 +726,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -422,22 +753,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -445,7 +776,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -460,7 +791,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -472,26 +803,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -501,7 +844,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -516,21 +859,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -540,11 +883,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -553,7 +897,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -562,18 +907,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -599,14 +945,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -616,11 +962,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -629,7 +976,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -638,11 +986,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -661,12 +1010,12 @@ "type": "array" }, "egressDeny": { - "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will by denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress.\nAny rule inserted here will be denied regardless of the allowed egress\nrules in the 'egress' field.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is not allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is not allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -677,7 +1026,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -685,10 +1034,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -696,6 +1052,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -704,57 +1061,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -764,11 +1204,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -777,7 +1218,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -786,18 +1228,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -816,9 +1259,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -852,26 +1295,92 @@ }, "type": "array" }, + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is not allowed to initiate connections to destination port 8080/tcp", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to connect\nto.\n\nExample:\nAny endpoint with the label \"role=frontend\" is not allowed to initiate\nconnections to destination port 8080/tcp", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -890,21 +1399,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -914,11 +1423,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -927,7 +1437,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -936,18 +1447,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -973,14 +1485,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -990,11 +1502,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1003,7 +1516,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1012,11 +1526,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -1034,20 +1549,35 @@ }, "type": "array" }, + "enableDefaultDeny": { + "description": "EnableDefaultDeny determines whether this policy configures the\nsubject endpoint(s) to have a default deny mode. If enabled,\nthis causes all traffic not explicitly allowed by a network policy\nto be dropped.\n\nIf not specified, the default is true for each traffic direction\nthat has rules, and false otherwise. For example, if a policy\nonly has Ingress or IngressDeny rules, then the default for\ningress is true and egress is false.\n\nIf multiple policies apply to an endpoint, that endpoint's default deny\nwill be enabled if any policy requests it.\n\nThis is useful for creating broad-based network policies that will not\ncause endpoints to enter default-deny mode.", + "properties": { + "egress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto egress traffic.", + "type": "boolean" + }, + "ingress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto ingress traffic.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, "endpointSelector": { - "description": "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + "description": "EndpointSelector selects all endpoints which should be subject to\nthis rule. EndpointSelector and NodeSelector cannot be both empty and\nare mutually exclusive.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1057,11 +1587,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1070,7 +1601,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1079,70 +1611,172 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "ingress": { - "description": "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + "description": "Ingress is a list of IngressRule which are enforced at ingress.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1152,11 +1786,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1165,7 +1800,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1174,18 +1810,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -1203,22 +1840,117 @@ }, "type": "array" }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1228,11 +1960,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1241,7 +1974,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1250,16 +1984,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -1270,7 +2005,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -1278,10 +2013,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -1289,6 +2031,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -1297,30 +2040,73 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -1330,7 +2116,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -1344,16 +2130,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -1364,23 +2158,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", - "properties": { - "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", - "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", - "type": "string" + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] }, - "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], + "properties": { + "matchName": { + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, + "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", + "type": "string" + }, + "matchPattern": { + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -1392,15 +2241,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -1411,17 +2260,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -1431,7 +2281,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -1443,23 +2293,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -1470,22 +2320,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -1493,7 +2343,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -1508,7 +2358,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -1520,26 +2370,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -1549,7 +2411,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -1569,62 +2431,145 @@ "type": "array" }, "ingressDeny": { - "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will by denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress.\nAny rule inserted here will be denied regardless of the allowed ingress\nrules in the 'ingress' field.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressDenyRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressDenyRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet, FromGroups and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1634,11 +2579,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1647,7 +2593,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1656,18 +2603,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -1685,22 +2633,117 @@ }, "type": "array" }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1710,11 +2753,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1723,7 +2767,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1732,16 +2777,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -1752,7 +2798,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -1760,10 +2806,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -1771,6 +2824,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -1779,25 +2833,33 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -1821,7 +2883,7 @@ "type": "array" }, "labels": { - "description": "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + "description": "Labels is a list of optional strings which can be used to\nre-identify the rule or to store metadata. It is possible to lookup\nor delete strings based on labels. Labels are not required to be\nunique, multiple rules can have overlapping or identical labels.", "items": { "description": "Label is the Cilium's representation of a container label.", "properties": { @@ -1844,19 +2906,19 @@ "type": "array" }, "nodeSelector": { - "description": "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + "description": "NodeSelector selects all nodes which should be subject to this rule.\nEndpointSelector and NodeSelector cannot be both empty and are mutually\nexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1866,11 +2928,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1879,7 +2942,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1888,11 +2952,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, @@ -1902,7 +2967,41 @@ "specs": { "description": "Specs is a list of desired Cilium specific rule specification.", "items": { - "description": "Rule is a policy rule which must be applied to all endpoints which match the labels contained in the endpointSelector \n Each rule is split into an ingress section which contains all rules applicable at ingress, and an egress section applicable at egress. For rule types such as `L4Rule` and `CIDR` which can be applied at both ingress and egress, both ingress and egress side have to either specifically allow the connection or one side has to be omitted. \n Either ingress, egress, or both can be provided. If both ingress and egress are omitted, the rule has no effect.", + "anyOf": [ + { + "properties": { + "ingress": {} + }, + "required": [ + "ingress" + ] + }, + { + "properties": { + "ingressDeny": {} + }, + "required": [ + "ingressDeny" + ] + }, + { + "properties": { + "egress": {} + }, + "required": [ + "egress" + ] + }, + { + "properties": { + "egressDeny": {} + }, + "required": [ + "egressDeny" + ] + } + ], + "description": "Rule is a policy rule which must be applied to all endpoints which match the\nlabels contained in the endpointSelector\n\nEach rule is split into an ingress section which contains all rules\napplicable at ingress, and an egress section applicable at egress. For rule\ntypes such as `L4Rule` and `CIDR` which can be applied at both ingress and\negress, both ingress and egress side have to either specifically allow the\nconnection or one side has to be omitted.\n\nEither ingress, egress, or both can be provided. If both ingress and egress\nare omitted, the rule has no effect.", "oneOf": [ { "properties": { @@ -1923,16 +3022,34 @@ ], "properties": { "description": { - "description": "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + "description": "Description is a free form string, it can be used by the creator of\nthe rule to store human readable explanation of the purpose of this\nrule. Rules cannot be identified by comment.", "type": "string" }, "egress": { - "description": "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + "description": "Egress is a list of EgressRule which are enforced at egress.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -1943,7 +3060,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -1951,10 +3068,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -1962,6 +3086,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -1970,57 +3095,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2030,11 +3238,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2043,7 +3252,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2052,18 +3262,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -2082,16 +3293,36 @@ "type": "array" }, "toFQDNs": { - "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of `ToFQDN.MatchName`s are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. \n The current implementation has a number of limitations: - The DNS resolution originates from cilium-agent, and not from the pods. Differences between the responses seen by cilium agent and a particular pod will whitelist the incorrect IP. - DNS TTLs are ignored, and cilium-agent will repoll on a short interval (5 seconds). Each change to the DNS data will trigger a policy regeneration. This may result in delayed updates to the policy for an endpoint when the data changes often or the system is under load.", + "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result\nfrom DNS resolution of `ToFQDN.MatchName`s are added to the same\nEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and\nL7 rules within this EgressRule will also apply to these IPs.\nThe DNS -> IP mapping is re-resolved periodically from within the\ncilium-agent, and the IPs in the DNS response are effected in the policy\nfor selected pods as-is (i.e. the list of IPs is not modified in any way).\nNote: An explicit rule to allow for DNS traffic is needed for the pods, as\nToFQDN counts as an egress rule and will enforce egress policy when\nPolicyEnforcment=default.\nNote: If the resolved IPs are IPs within the kubernetes cluster, the\nToFQDN rule will not apply to that IP.\nNote: ToFQDN cannot occur in the same policy as other To* rules.", "items": { + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -2101,9 +3332,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -2137,31 +3368,132 @@ }, "type": "array" }, - "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is allowed to initiate connections to destination port 8080/tcp", + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { - "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", - "properties": { - "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", - "type": "string" - }, - "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "toPorts": { + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nconnect to.\n\nExample:\nAny endpoint with the label \"role=frontend\" is allowed to initiate\nconnections to destination port 8080/tcp", + "items": { + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", + "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, + "originatingTLS": { + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", + "properties": { + "certificate": { + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", + "type": "string" + }, + "privateKey": { + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -2171,7 +3503,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -2185,16 +3517,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -2205,23 +3545,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -2233,15 +3628,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -2252,17 +3647,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -2272,7 +3668,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -2284,23 +3680,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -2311,22 +3707,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -2334,7 +3730,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -2349,7 +3745,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -2361,26 +3757,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -2390,7 +3798,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -2405,21 +3813,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2429,11 +3837,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2442,7 +3851,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2451,18 +3861,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -2488,14 +3899,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2505,11 +3916,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2518,7 +3930,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2527,11 +3940,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -2550,12 +3964,12 @@ "type": "array" }, "egressDeny": { - "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will by denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress.\nAny rule inserted here will be denied regardless of the allowed egress\nrules in the 'egress' field.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is not allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is not allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -2566,7 +3980,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -2574,10 +3988,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -2585,6 +4006,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -2593,57 +4015,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", "type": "string" }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2653,11 +4158,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2666,7 +4172,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2675,18 +4182,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -2705,9 +4213,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -2741,26 +4249,92 @@ }, "type": "array" }, + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is not allowed to initiate connections to destination port 8080/tcp", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to connect\nto.\n\nExample:\nAny endpoint with the label \"role=frontend\" is not allowed to initiate\nconnections to destination port 8080/tcp", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -2779,21 +4353,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2803,11 +4377,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2816,7 +4391,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2825,18 +4401,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -2862,14 +4439,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2879,11 +4456,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2892,7 +4470,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2901,11 +4480,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -2923,20 +4503,34 @@ }, "type": "array" }, + "enableDefaultDeny": { + "description": "EnableDefaultDeny determines whether this policy configures the\nsubject endpoint(s) to have a default deny mode. If enabled,\nthis causes all traffic not explicitly allowed by a network policy\nto be dropped.\n\nIf not specified, the default is true for each traffic direction\nthat has rules, and false otherwise. For example, if a policy\nonly has Ingress or IngressDeny rules, then the default for\ningress is true and egress is false.\n\nIf multiple policies apply to an endpoint, that endpoint's default deny\nwill be enabled if any policy requests it.\n\nThis is useful for creating broad-based network policies that will not\ncause endpoints to enter default-deny mode.", + "properties": { + "egress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto egress traffic.", + "type": "boolean" + }, + "ingress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto ingress traffic.", + "type": "boolean" + } + }, + "type": "object" + }, "endpointSelector": { - "description": "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + "description": "EndpointSelector selects all endpoints which should be subject to\nthis rule. EndpointSelector and NodeSelector cannot be both empty and\nare mutually exclusive.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2946,11 +4540,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2959,7 +4554,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2968,69 +4564,287 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "ingress": { - "description": "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + "description": "Ingress is a list of IngressRule which are enforced at ingress.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", "type": "string" }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, - "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "fromEndpoints": { + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "fromEntities": { + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", + "items": { + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", + "enum": [ + "all", + "world", + "cluster", + "host", + "init", + "ingress", + "unmanaged", + "remote-node", + "health", + "none", + "kube-apiserver" + ], + "type": "string" + }, + "type": "array" + }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3040,11 +4854,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3053,7 +4868,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3062,51 +4878,31 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" - }, - "type": "array" - }, - "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", - "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", - "enum": [ - "all", - "world", - "cluster", - "host", - "init", - "ingress", - "unmanaged", - "remote-node", - "health", - "none", - "kube-apiserver" - ], - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3116,11 +4912,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3129,7 +4926,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3138,16 +4936,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -3158,7 +4957,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -3166,10 +4965,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -3177,6 +4983,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -3185,30 +4992,73 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -3218,7 +5068,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -3232,16 +5082,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -3252,23 +5110,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -3280,15 +5193,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -3299,17 +5212,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -3319,7 +5233,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -3331,23 +5245,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -3358,22 +5272,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -3381,7 +5295,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -3396,7 +5310,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -3408,26 +5322,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -3437,7 +5363,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -3457,62 +5383,145 @@ "type": "array" }, "ingressDeny": { - "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will by denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress.\nAny rule inserted here will be denied regardless of the allowed ingress\nrules in the 'ingress' field.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressDenyRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressDenyRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet, FromGroups and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", "type": "string" }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3522,11 +5531,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3535,7 +5545,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3544,18 +5555,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -3573,22 +5585,117 @@ }, "type": "array" }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3598,11 +5705,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3611,7 +5719,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3620,16 +5729,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -3640,7 +5750,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -3648,10 +5758,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -3659,6 +5776,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -3667,25 +5785,33 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -3709,7 +5835,7 @@ "type": "array" }, "labels": { - "description": "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + "description": "Labels is a list of optional strings which can be used to\nre-identify the rule or to store metadata. It is possible to lookup\nor delete strings based on labels. Labels are not required to be\nunique, multiple rules can have overlapping or identical labels.", "items": { "description": "Label is the Cilium's representation of a container label.", "properties": { @@ -3732,19 +5858,19 @@ "type": "array" }, "nodeSelector": { - "description": "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + "description": "NodeSelector selects all nodes which should be subject to this rule.\nEndpointSelector and NodeSelector cannot be both empty and are mutually\nexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3754,11 +5880,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3767,7 +5894,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3776,11 +5904,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -3788,64 +5917,62 @@ "type": "array" }, "status": { - "description": "Status is the status of the Cilium policy rule. \n The reason this field exists in this structure is due a bug in the k8s code-generator that doesn't create a `UpdateStatus` method because the field does not exist in the structure.", + "description": "Status is the status of the Cilium policy rule.\n\nThe reason this field exists in this structure is due a bug in the k8s\ncode-generator that doesn't create a `UpdateStatus` method because the\nfield does not exist in the structure.", "properties": { - "derivativePolicies": { - "additionalProperties": { - "description": "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node.", + "conditions": { + "items": { "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node.", - "type": "object" - }, - "enforcing": { - "description": "Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy.", - "type": "boolean" + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" }, - "error": { - "description": "Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node.", + "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, - "lastUpdated": { - "description": "LastUpdated contains the last time this status was updated", - "format": "date-time", + "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, - "localPolicyRevision": { - "description": "Revision is the policy revision of the repository which first implemented this policy.", - "format": "int64", - "type": "integer" + "status": { + "description": "The status of the condition, one of True, False, or Unknown", + "type": "string" }, - "ok": { - "description": "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node.", - "type": "boolean" + "type": { + "description": "The type of the policy condition", + "type": "string" } }, + "required": [ + "status", + "type" + ], "type": "object" }, - "description": "DerivativePolicies is the status of all policies derived from the Cilium policy", - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "nodes": { + "derivativePolicies": { "additionalProperties": { - "description": "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node.", + "description": "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a\nspecific node.", "properties": { "annotations": { "additionalProperties": { "type": "string" }, - "description": "Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node.", + "description": "Annotations corresponds to the Annotations in the ObjectMeta of the CNP\nthat have been realized on the node for CNP. That is, if a CNP has been\nimported and has been assigned annotation X=Y by the user,\nAnnotations in CiliumNetworkPolicyNodeStatus will be X=Y once the\nCNP that was imported corresponding to Annotation X=Y has been realized on\nthe node.", "type": "object" }, "enforcing": { - "description": "Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy.", + "description": "Enforcing is set to true once all endpoints present at the time the\npolicy has been imported are enforcing this policy.", "type": "boolean" }, "error": { - "description": "Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node.", + "description": "Error describes any error that occurred when parsing or importing the\npolicy, or realizing the policy for the endpoints to which it applies\non the node.", "type": "string" }, "lastUpdated": { @@ -3854,18 +5981,18 @@ "type": "string" }, "localPolicyRevision": { - "description": "Revision is the policy revision of the repository which first implemented this policy.", + "description": "Revision is the policy revision of the repository which first implemented\nthis policy.", "format": "int64", "type": "integer" }, "ok": { - "description": "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node.", + "description": "OK is true when the policy has been parsed and imported successfully\ninto the in-memory policy repository on the node.", "type": "boolean" } }, "type": "object" }, - "description": "Nodes is the Cilium policy status for each node", + "description": "DerivativePolicies is the status of all policies derived from the Cilium\npolicy", "type": "object" } }, diff --git a/master-standalone-strict/ciliumendpoint-cilium-v2.json b/master-standalone-strict/ciliumendpoint-cilium-v2.json index 76ca71a..f811629 100644 --- a/master-standalone-strict/ciliumendpoint-cilium-v2.json +++ b/master-standalone-strict/ciliumendpoint-cilium-v2.json @@ -2,11 +2,11 @@ "description": "CiliumEndpoint is the status of a Cilium policy rule.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -28,12 +28,12 @@ "type": "boolean" }, "error-retry-base": { - "description": "Base error retry back-off time Format: duration", + "description": "Base error retry back-off time\nFormat: duration", "format": "int64", "type": "integer" }, "interval": { - "description": "Regular synchronization interval Format: duration", + "description": "Regular synchronization interval\nFormat: duration", "format": "int64", "type": "integer" } @@ -84,21 +84,25 @@ "description": "Encryption is the encryption configuration of the node", "properties": { "key": { - "description": "Key is the index to the key to use for encryption or 0 if encryption is disabled.", + "description": "Key is the index to the key to use for encryption or 0 if encryption is\ndisabled.", "type": "integer" } }, "type": "object" }, "external-identifiers": { - "description": "ExternalIdentifiers is a set of identifiers to identify the endpoint apart from the pod name. This includes container runtime IDs.", + "description": "ExternalIdentifiers is a set of identifiers to identify the endpoint\napart from the pod name. This includes container runtime IDs.", "properties": { + "cni-attachment-id": { + "description": "ID assigned to this attachment by container runtime", + "type": "string" + }, "container-id": { - "description": "ID assigned by container runtime", + "description": "ID assigned by container runtime (deprecated, may not be unique)", "type": "string" }, "container-name": { - "description": "Name assigned to container", + "description": "Name assigned to container (deprecated, may not be unique)", "type": "string" }, "docker-endpoint-id": { @@ -110,15 +114,15 @@ "type": "string" }, "k8s-namespace": { - "description": "K8s namespace for this endpoint", + "description": "K8s namespace for this endpoint (deprecated, may not be unique)", "type": "string" }, "k8s-pod-name": { - "description": "K8s pod name for this endpoint", + "description": "K8s pod name for this endpoint (deprecated, may not be unique)", "type": "string" }, "pod-name": { - "description": "K8s pod for this endpoint(Deprecated, use K8sPodName and K8sNamespace instead)", + "description": "K8s pod for this endpoint (deprecated, may not be unique)", "type": "string" } }, @@ -172,10 +176,10 @@ "log": { "description": "Log is the list of the last few warning and error log entries", "items": { - "description": "EndpointStatusChange Indication of a change of status \n swagger:model EndpointStatusChange", + "description": "EndpointStatusChange Indication of a change of status\n\nswagger:model EndpointStatusChange", "properties": { "code": { - "description": "Code indicate type of status change Enum: [ok failed]", + "description": "Code indicate type of status change\nEnum: [\"ok\",\"failed\"]", "type": "string" }, "message": { @@ -196,9 +200,9 @@ "type": "array" }, "named-ports": { - "description": "NamedPorts List of named Layer 4 port and protocol pairs which will be used in Network Policy specs. \n swagger:model NamedPorts", + "description": "NamedPorts List of named Layer 4 port and protocol pairs which will be used in Network\nPolicy specs.\n\nswagger:model NamedPorts", "items": { - "description": "Port Layer 4 port / protocol pair \n swagger:model Port", + "description": "Port Layer 4 port / protocol pair\n\nswagger:model Port", "properties": { "name": { "description": "Optional layer 4 port name", @@ -209,7 +213,7 @@ "type": "integer" }, "protocol": { - "description": "Layer 4 protocol Enum: [TCP UDP ICMP ICMPV6 ANY]", + "description": "Layer 4 protocol\nEnum: [\"TCP\",\"UDP\",\"SCTP\",\"ICMP\",\"ICMPV6\",\"ANY\"]", "type": "string" } }, @@ -223,7 +227,7 @@ "addressing": { "description": "IP4/6 addresses assigned to this Endpoint", "items": { - "description": "AddressPair is is a par of IPv4 and/or IPv6 address.", + "description": "AddressPair is a pair of IPv4 and/or IPv6 address.", "properties": { "ipv4": { "type": "string" @@ -237,7 +241,7 @@ "type": "array" }, "node": { - "description": "NodeIP is the IP of the node the endpoint is running on. The IP must be reachable between nodes.", + "description": "NodeIP is the IP of the node the endpoint is running on. The IP must\nbe reachable between nodes.", "type": "string" } }, @@ -247,7 +251,7 @@ "type": "object" }, "policy": { - "description": "EndpointPolicy represents the endpoint's policy by listing all allowed ingress and egress identities in combination with L4 port and protocol.", + "description": "EndpointPolicy represents the endpoint's policy by listing all allowed\ningress and egress identities in combination with L4 port and protocol.", "properties": { "egress": { "description": "EndpointPolicyDirection is the list of allowed identities per direction.", @@ -279,7 +283,7 @@ "type": "array" }, "allowed": { - "description": "AllowedIdentityList is a list of IdentityTuples that species peers that are allowed.", + "description": "AllowedIdentityList is a list of IdentityTuples that species peers that are\nallowed.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { @@ -305,7 +309,7 @@ "type": "array" }, "denied": { - "description": "DenyIdentityList is a list of IdentityTuples that species peers that are denied.", + "description": "DenyIdentityList is a list of IdentityTuples that species peers that are\ndenied.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { @@ -358,6 +362,10 @@ "type": "object" }, "type": "array" + }, + "state": { + "description": "EndpointPolicyState defines the state of the Policy mode: \"enforcing\", \"non-enforcing\", \"disabled\"", + "type": "string" } }, "required": [ @@ -395,7 +403,7 @@ "type": "array" }, "allowed": { - "description": "AllowedIdentityList is a list of IdentityTuples that species peers that are allowed.", + "description": "AllowedIdentityList is a list of IdentityTuples that species peers that are\nallowed.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { @@ -421,7 +429,7 @@ "type": "array" }, "denied": { - "description": "DenyIdentityList is a list of IdentityTuples that species peers that are denied.", + "description": "DenyIdentityList is a list of IdentityTuples that species peers that are\ndenied.", "items": { "description": "IdentityTuple specifies a peer by identity, destination port and protocol.", "properties": { @@ -474,6 +482,10 @@ "type": "object" }, "type": "array" + }, + "state": { + "description": "EndpointPolicyState defines the state of the Policy mode: \"enforcing\", \"non-enforcing\", \"disabled\"", + "type": "string" } }, "required": [ @@ -499,9 +511,6 @@ "invalid" ], "type": "string" - }, - "visibility-policy-status": { - "type": "string" } }, "type": "object" diff --git a/master-standalone-strict/ciliumidentity-cilium-v2.json b/master-standalone-strict/ciliumidentity-cilium-v2.json index 633547b..f6be0a5 100644 --- a/master-standalone-strict/ciliumidentity-cilium-v2.json +++ b/master-standalone-strict/ciliumidentity-cilium-v2.json @@ -1,12 +1,12 @@ { - "description": "CiliumIdentity is a CRD that represents an identity managed by Cilium. It is intended as a backing store for identity allocation, acting as the global coordination backend, and can be used in place of a KVStore (such as etcd). The name of the CRD is the numeric identity and the labels on the CRD object are the the kubernetes sourced labels seen by cilium. This is currently the only label source possible when running under kubernetes. Non-kubernetes labels are filtered but all labels, from all sources, are places in the SecurityLabels field. These also include the source and are used to define the identity. The labels under metav1.ObjectMeta can be used when searching for CiliumIdentity instances that include particular labels. This can be done with invocations such as: kubectl get ciliumid -l 'foo=bar' Each node using a ciliumidentity updates the status field with it's name and a timestamp when it first allocates or uses an identity, and periodically after that. It deletes its entry when no longer using this identity. cilium-operator uses the list of nodes in status to reference count users of this identity, and to expire stale usage.", + "description": "CiliumIdentity is a CRD that represents an identity managed by Cilium.\nIt is intended as a backing store for identity allocation, acting as the\nglobal coordination backend, and can be used in place of a KVStore (such as\netcd).\nThe name of the CRD is the numeric identity and the labels on the CRD object\nare the kubernetes sourced labels seen by cilium. This is currently the\nonly label source possible when running under kubernetes. Non-kubernetes\nlabels are filtered but all labels, from all sources, are places in the\nSecurityLabels field. These also include the source and are used to define\nthe identity.\nThe labels under metav1.ObjectMeta can be used when searching for\nCiliumIdentity instances that include particular labels. This can be done\nwith invocations such as:\n\n\tkubectl get ciliumid -l 'foo=bar'", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { diff --git a/master-standalone-strict/ciliumlocalredirectpolicy-cilium-v2.json b/master-standalone-strict/ciliumlocalredirectpolicy-cilium-v2.json index ba80035..9598798 100644 --- a/master-standalone-strict/ciliumlocalredirectpolicy-cilium-v2.json +++ b/master-standalone-strict/ciliumlocalredirectpolicy-cilium-v2.json @@ -1,12 +1,12 @@ { - "description": "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a specification to redirect traffic locally within a node.", + "description": "CiliumLocalRedirectPolicy is a Kubernetes Custom Resource that contains a\nspecification to redirect traffic locally within a node.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,11 +16,11 @@ "description": "Spec is the desired behavior of the local redirect policy.", "properties": { "description": { - "description": "Description can be used by the creator of the policy to describe the purpose of this policy.", + "description": "Description can be used by the creator of the policy to describe the\npurpose of this policy.", "type": "string" }, "redirectBackend": { - "description": "RedirectBackend specifies backend configuration to redirect traffic to. It can not be empty.", + "description": "RedirectBackend specifies backend configuration to redirect traffic to.\nIt can not be empty.", "properties": { "localEndpointSelector": { "description": "LocalEndpointSelector selects node local pod(s) where traffic is redirected to.", @@ -28,14 +28,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -45,11 +45,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -58,7 +59,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -67,20 +69,21 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "toPorts": { - "description": "ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic is redirected to. When multiple ports are specified, the ports must be named.", + "description": "ToPorts is a list of L4 ports with protocol of node local pod(s) where traffic\nis redirected to.\nWhen multiple ports are specified, the ports must be named.", "items": { "description": "PortInfo specifies L4 port number and name along with the transport protocol", "properties": { "name": { - "description": "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Name is a port name, which must contain at least one [a-z],\nand may also contain [0-9] and '-' anywhere except adjacent to another\n'-' or in the beginning or the end.", "pattern": "^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, @@ -90,7 +93,7 @@ "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. Accepted values: \"TCP\", \"UDP\"", + "description": "Protocol is the L4 protocol.\nAccepted values: \"TCP\", \"UDP\"", "enum": [ "TCP", "UDP" @@ -112,10 +115,16 @@ "toPorts" ], "type": "object", + "x-kubernetes-validations": [ + { + "message": "redirectBackend is immutable", + "rule": "self == oldSelf" + } + ], "additionalProperties": false }, "redirectFrontend": { - "description": "RedirectFrontend specifies frontend configuration to redirect traffic from. It can not be empty.", + "description": "RedirectFrontend specifies frontend configuration to redirect traffic from.\nIt can not be empty.", "oneOf": [ { "properties": { @@ -136,20 +145,20 @@ ], "properties": { "addressMatcher": { - "description": "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be redirected.", + "description": "AddressMatcher is a tuple {IP, port, protocol} that matches traffic to be\nredirected.", "properties": { "ip": { - "description": "IP is a destination ip address for traffic to be redirected. \n Example: When it is set to \"169.254.169.254\", traffic destined to \"169.254.169.254\" is redirected.", + "description": "IP is a destination ip address for traffic to be redirected.\n\nExample:\nWhen it is set to \"169.254.169.254\", traffic destined to\n\"169.254.169.254\" is redirected.", "pattern": "((^\\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))\\s*$)|(^\\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)){3}))|:)))(%.+)?\\s*$))", "type": "string" }, "toPorts": { - "description": "ToPorts is a list of destination L4 ports with protocol for traffic to be redirected. When multiple ports are specified, the ports must be named. \n Example: When set to Port: \"53\" and Protocol: UDP, traffic destined to port '53' with UDP protocol is redirected.", + "description": "ToPorts is a list of destination L4 ports with protocol for traffic\nto be redirected.\nWhen multiple ports are specified, the ports must be named.\n\nExample:\nWhen set to Port: \"53\" and Protocol: UDP, traffic destined to port '53'\nwith UDP protocol is redirected.", "items": { "description": "PortInfo specifies L4 port number and name along with the transport protocol", "properties": { "name": { - "description": "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Name is a port name, which must contain at least one [a-z],\nand may also contain [0-9] and '-' anywhere except adjacent to another\n'-' or in the beginning or the end.", "pattern": "^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, @@ -159,7 +168,7 @@ "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. Accepted values: \"TCP\", \"UDP\"", + "description": "Protocol is the L4 protocol.\nAccepted values: \"TCP\", \"UDP\"", "enum": [ "TCP", "UDP" @@ -184,23 +193,23 @@ "additionalProperties": false }, "serviceMatcher": { - "description": "ServiceMatcher specifies Kubernetes service and port that matches traffic to be redirected.", + "description": "ServiceMatcher specifies Kubernetes service and port that matches\ntraffic to be redirected.", "properties": { "namespace": { - "description": "Namespace is the Kubernetes service namespace. The service namespace must match the namespace of the parent Local Redirect Policy. For Cluster-wide Local Redirect Policy, this can be any namespace.", + "description": "Namespace is the Kubernetes service namespace.\nThe service namespace must match the namespace of the parent Local\nRedirect Policy. For Cluster-wide Local Redirect Policy, this\ncan be any namespace.", "type": "string" }, "serviceName": { - "description": "Name is the name of a destination Kubernetes service that identifies traffic to be redirected. The service type needs to be ClusterIP. \n Example: When this field is populated with 'serviceName:myService', all the traffic destined to the cluster IP of this service at the (specified) service port(s) will be redirected.", + "description": "Name is the name of a destination Kubernetes service that identifies traffic\nto be redirected.\nThe service type needs to be ClusterIP.\n\nExample:\nWhen this field is populated with 'serviceName:myService', all the traffic\ndestined to the cluster IP of this service at the (specified)\nservice port(s) will be redirected.", "type": "string" }, "toPorts": { - "description": "ToPorts is a list of destination service L4 ports with protocol for traffic to be redirected. If not specified, traffic for all the service ports will be redirected. When multiple ports are specified, the ports must be named.", + "description": "ToPorts is a list of destination service L4 ports with protocol for\ntraffic to be redirected. If not specified, traffic for all the service\nports will be redirected.\nWhen multiple ports are specified, the ports must be named.", "items": { "description": "PortInfo specifies L4 port number and name along with the transport protocol", "properties": { "name": { - "description": "Name is a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Name is a port name, which must contain at least one [a-z],\nand may also contain [0-9] and '-' anywhere except adjacent to another\n'-' or in the beginning or the end.", "pattern": "^([0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, @@ -210,7 +219,7 @@ "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. Accepted values: \"TCP\", \"UDP\"", + "description": "Protocol is the L4 protocol.\nAccepted values: \"TCP\", \"UDP\"", "enum": [ "TCP", "UDP" @@ -236,7 +245,24 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "redirectFrontend is immutable", + "rule": "self == oldSelf" + } + ], "additionalProperties": false + }, + "skipRedirectFromBackend": { + "default": false, + "description": "SkipRedirectFromBackend indicates whether traffic matching RedirectFrontend\nfrom RedirectBackend should skip redirection, and hence the traffic will\nbe forwarded as-is.\n\nThe default is false which means traffic matching RedirectFrontend will\nget redirected from all pods, including the RedirectBackend(s).\n\nExample: If RedirectFrontend is configured to \"169.254.169.254:80\" as the traffic\nthat needs to be redirected to backends selected by RedirectBackend, if\nSkipRedirectFromBackend is set to true, traffic going to \"169.254.169.254:80\"\nfrom such backends will not be redirected back to the backends. Instead,\nthe matched traffic from the backends will be forwarded to the original\ndestination \"169.254.169.254:80\".", + "type": "boolean", + "x-kubernetes-validations": [ + { + "message": "skipRedirectFromBackend is immutable", + "rule": "self == oldSelf" + } + ] } }, "required": [ @@ -247,11 +273,10 @@ "additionalProperties": false }, "status": { - "description": "Status is the most recent status of the local redirect policy. It is a read-only field.", + "description": "Status is the most recent status of the local redirect policy.\nIt is a read-only field.", "properties": { "ok": { - "description": "TODO Define status(aditi)", - "type": "object" + "type": "boolean" } }, "type": "object" diff --git a/master-standalone-strict/ciliumnetworkpolicy-cilium-v2.json b/master-standalone-strict/ciliumnetworkpolicy-cilium-v2.json index 2e64087..119af95 100644 --- a/master-standalone-strict/ciliumnetworkpolicy-cilium-v2.json +++ b/master-standalone-strict/ciliumnetworkpolicy-cilium-v2.json @@ -1,18 +1,52 @@ { - "description": "CiliumNetworkPolicy is a Kubernetes third-party resource with an extended version of NetworkPolicy.", + "description": "CiliumNetworkPolicy is a Kubernetes third-party resource with an extended\nversion of NetworkPolicy.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { + "anyOf": [ + { + "properties": { + "ingress": {} + }, + "required": [ + "ingress" + ] + }, + { + "properties": { + "ingressDeny": {} + }, + "required": [ + "ingressDeny" + ] + }, + { + "properties": { + "egress": {} + }, + "required": [ + "egress" + ] + }, + { + "properties": { + "egressDeny": {} + }, + "required": [ + "egressDeny" + ] + } + ], "description": "Spec is the desired Cilium specific rule specification.", "oneOf": [ { @@ -34,16 +68,34 @@ ], "properties": { "description": { - "description": "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + "description": "Description is a free form string, it can be used by the creator of\nthe rule to store human readable explanation of the purpose of this\nrule. Rules cannot be identified by comment.", "type": "string" }, "egress": { - "description": "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + "description": "Egress is a list of EgressRule which are enforced at egress.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -54,7 +106,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -62,10 +114,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -73,6 +132,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -81,57 +141,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -141,11 +284,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -154,7 +298,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -163,18 +308,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -193,16 +339,36 @@ "type": "array" }, "toFQDNs": { - "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of `ToFQDN.MatchName`s are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. \n The current implementation has a number of limitations: - The DNS resolution originates from cilium-agent, and not from the pods. Differences between the responses seen by cilium agent and a particular pod will whitelist the incorrect IP. - DNS TTLs are ignored, and cilium-agent will repoll on a short interval (5 seconds). Each change to the DNS data will trigger a policy regeneration. This may result in delayed updates to the policy for an endpoint when the data changes often or the system is under load.", + "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result\nfrom DNS resolution of `ToFQDN.MatchName`s are added to the same\nEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and\nL7 rules within this EgressRule will also apply to these IPs.\nThe DNS -> IP mapping is re-resolved periodically from within the\ncilium-agent, and the IPs in the DNS response are effected in the policy\nfor selected pods as-is (i.e. the list of IPs is not modified in any way).\nNote: An explicit rule to allow for DNS traffic is needed for the pods, as\nToFQDN counts as an egress rule and will enforce egress policy when\nPolicyEnforcment=default.\nNote: If the resolved IPs are IPs within the kubernetes cluster, the\nToFQDN rule will not apply to that IP.\nNote: ToFQDN cannot occur in the same policy as other To* rules.", "items": { + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -212,9 +378,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -248,31 +414,132 @@ }, "type": "array" }, + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is allowed to initiate connections to destination port 8080/tcp", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nconnect to.\n\nExample:\nAny endpoint with the label \"role=frontend\" is allowed to initiate\nconnections to destination port 8080/tcp", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -282,7 +549,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -296,16 +563,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -316,23 +591,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -344,15 +674,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -363,17 +693,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -383,7 +714,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -395,23 +726,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -422,22 +753,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -445,7 +776,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -460,7 +791,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -472,26 +803,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -501,7 +844,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -516,21 +859,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -540,11 +883,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -553,7 +897,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -562,18 +907,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -599,14 +945,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -616,11 +962,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -629,7 +976,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -638,11 +986,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -661,12 +1010,12 @@ "type": "array" }, "egressDeny": { - "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will by denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress.\nAny rule inserted here will be denied regardless of the allowed egress\nrules in the 'egress' field.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is not allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is not allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -677,7 +1026,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -685,10 +1034,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -696,6 +1052,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -704,57 +1061,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -764,11 +1204,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -777,7 +1218,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -786,18 +1228,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -816,9 +1259,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -852,26 +1295,92 @@ }, "type": "array" }, + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is not allowed to initiate connections to destination port 8080/tcp", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to connect\nto.\n\nExample:\nAny endpoint with the label \"role=frontend\" is not allowed to initiate\nconnections to destination port 8080/tcp", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -890,21 +1399,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -914,11 +1423,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -927,7 +1437,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -936,18 +1447,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -973,14 +1485,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -990,11 +1502,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1003,7 +1516,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1012,11 +1526,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -1034,20 +1549,35 @@ }, "type": "array" }, + "enableDefaultDeny": { + "description": "EnableDefaultDeny determines whether this policy configures the\nsubject endpoint(s) to have a default deny mode. If enabled,\nthis causes all traffic not explicitly allowed by a network policy\nto be dropped.\n\nIf not specified, the default is true for each traffic direction\nthat has rules, and false otherwise. For example, if a policy\nonly has Ingress or IngressDeny rules, then the default for\ningress is true and egress is false.\n\nIf multiple policies apply to an endpoint, that endpoint's default deny\nwill be enabled if any policy requests it.\n\nThis is useful for creating broad-based network policies that will not\ncause endpoints to enter default-deny mode.", + "properties": { + "egress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto egress traffic.", + "type": "boolean" + }, + "ingress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto ingress traffic.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, "endpointSelector": { - "description": "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + "description": "EndpointSelector selects all endpoints which should be subject to\nthis rule. EndpointSelector and NodeSelector cannot be both empty and\nare mutually exclusive.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1057,11 +1587,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1070,7 +1601,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1079,70 +1611,172 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "ingress": { - "description": "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + "description": "Ingress is a list of IngressRule which are enforced at ingress.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1152,11 +1786,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1165,7 +1800,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1174,18 +1810,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -1203,22 +1840,117 @@ }, "type": "array" }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1228,11 +1960,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1241,7 +1974,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1250,16 +1984,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -1270,7 +2005,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -1278,10 +2013,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -1289,6 +2031,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -1297,30 +2040,73 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -1330,7 +2116,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -1344,16 +2130,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -1364,23 +2158,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", - "properties": { - "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", - "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", - "type": "string" + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] }, - "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], + "properties": { + "matchName": { + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, + "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", + "type": "string" + }, + "matchPattern": { + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -1392,15 +2241,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -1411,17 +2260,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -1431,7 +2281,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -1443,23 +2293,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -1470,22 +2320,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -1493,7 +2343,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -1508,7 +2358,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -1520,26 +2370,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -1549,7 +2411,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -1569,62 +2431,145 @@ "type": "array" }, "ingressDeny": { - "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will by denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress.\nAny rule inserted here will be denied regardless of the allowed ingress\nrules in the 'ingress' field.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressDenyRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressDenyRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet, FromGroups and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1634,11 +2579,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1647,7 +2593,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1656,18 +2603,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -1685,22 +2633,117 @@ }, "type": "array" }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1710,11 +2753,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1723,7 +2767,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1732,16 +2777,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -1752,7 +2798,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -1760,10 +2806,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -1771,6 +2824,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -1779,25 +2833,33 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -1821,7 +2883,7 @@ "type": "array" }, "labels": { - "description": "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + "description": "Labels is a list of optional strings which can be used to\nre-identify the rule or to store metadata. It is possible to lookup\nor delete strings based on labels. Labels are not required to be\nunique, multiple rules can have overlapping or identical labels.", "items": { "description": "Label is the Cilium's representation of a container label.", "properties": { @@ -1844,19 +2906,19 @@ "type": "array" }, "nodeSelector": { - "description": "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + "description": "NodeSelector selects all nodes which should be subject to this rule.\nEndpointSelector and NodeSelector cannot be both empty and are mutually\nexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -1866,11 +2928,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -1879,7 +2942,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -1888,11 +2952,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", + "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, @@ -1902,7 +2967,41 @@ "specs": { "description": "Specs is a list of desired Cilium specific rule specification.", "items": { - "description": "Rule is a policy rule which must be applied to all endpoints which match the labels contained in the endpointSelector \n Each rule is split into an ingress section which contains all rules applicable at ingress, and an egress section applicable at egress. For rule types such as `L4Rule` and `CIDR` which can be applied at both ingress and egress, both ingress and egress side have to either specifically allow the connection or one side has to be omitted. \n Either ingress, egress, or both can be provided. If both ingress and egress are omitted, the rule has no effect.", + "anyOf": [ + { + "properties": { + "ingress": {} + }, + "required": [ + "ingress" + ] + }, + { + "properties": { + "ingressDeny": {} + }, + "required": [ + "ingressDeny" + ] + }, + { + "properties": { + "egress": {} + }, + "required": [ + "egress" + ] + }, + { + "properties": { + "egressDeny": {} + }, + "required": [ + "egressDeny" + ] + } + ], + "description": "Rule is a policy rule which must be applied to all endpoints which match the\nlabels contained in the endpointSelector\n\nEach rule is split into an ingress section which contains all rules\napplicable at ingress, and an egress section applicable at egress. For rule\ntypes such as `L4Rule` and `CIDR` which can be applied at both ingress and\negress, both ingress and egress side have to either specifically allow the\nconnection or one side has to be omitted.\n\nEither ingress, egress, or both can be provided. If both ingress and egress\nare omitted, the rule has no effect.", "oneOf": [ { "properties": { @@ -1923,16 +3022,34 @@ ], "properties": { "description": { - "description": "Description is a free form string, it can be used by the creator of the rule to store human readable explanation of the purpose of this rule. Rules cannot be identified by comment.", + "description": "Description is a free form string, it can be used by the creator of\nthe rule to store human readable explanation of the purpose of this\nrule. Rules cannot be identified by comment.", "type": "string" }, "egress": { - "description": "Egress is a list of EgressRule which are enforced at egress. If omitted or empty, this rule does not apply at egress.", + "description": "Egress is a list of EgressRule which are enforced at egress.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -1943,7 +3060,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -1951,10 +3068,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -1962,6 +3086,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -1970,57 +3095,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", + "type": "string" + }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2030,11 +3238,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2043,7 +3252,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2052,18 +3262,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -2082,16 +3293,36 @@ "type": "array" }, "toFQDNs": { - "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result from DNS resolution of `ToFQDN.MatchName`s are added to the same EgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and L7 rules within this EgressRule will also apply to these IPs. The DNS -> IP mapping is re-resolved periodically from within the cilium-agent, and the IPs in the DNS response are effected in the policy for selected pods as-is (i.e. the list of IPs is not modified in any way). Note: An explicit rule to allow for DNS traffic is needed for the pods, as ToFQDN counts as an egress rule and will enforce egress policy when PolicyEnforcment=default. Note: If the resolved IPs are IPs within the kubernetes cluster, the ToFQDN rule will not apply to that IP. Note: ToFQDN cannot occur in the same policy as other To* rules. \n The current implementation has a number of limitations: - The DNS resolution originates from cilium-agent, and not from the pods. Differences between the responses seen by cilium agent and a particular pod will whitelist the incorrect IP. - DNS TTLs are ignored, and cilium-agent will repoll on a short interval (5 seconds). Each change to the DNS data will trigger a policy regeneration. This may result in delayed updates to the policy for an endpoint when the data changes often or the system is under load.", + "description": "ToFQDN allows whitelisting DNS names in place of IPs. The IPs that result\nfrom DNS resolution of `ToFQDN.MatchName`s are added to the same\nEgressRule object as ToCIDRSet entries, and behave accordingly. Any L4 and\nL7 rules within this EgressRule will also apply to these IPs.\nThe DNS -> IP mapping is re-resolved periodically from within the\ncilium-agent, and the IPs in the DNS response are effected in the policy\nfor selected pods as-is (i.e. the list of IPs is not modified in any way).\nNote: An explicit rule to allow for DNS traffic is needed for the pods, as\nToFQDN counts as an egress rule and will enforce egress policy when\nPolicyEnforcment=default.\nNote: If the resolved IPs are IPs within the kubernetes cluster, the\nToFQDN rule will not apply to that IP.\nNote: ToFQDN cannot occur in the same policy as other To* rules.", "items": { + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -2101,9 +3332,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -2137,31 +3368,132 @@ }, "type": "array" }, - "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is allowed to initiate connections to destination port 8080/tcp", + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { - "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", - "properties": { - "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", - "type": "string" - }, - "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "toPorts": { + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nconnect to.\n\nExample:\nAny endpoint with the label \"role=frontend\" is allowed to initiate\nconnections to destination port 8080/tcp", + "items": { + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", + "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, + "originatingTLS": { + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", + "properties": { + "certificate": { + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", + "type": "string" + }, + "privateKey": { + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -2171,7 +3503,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -2185,16 +3517,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -2205,23 +3545,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -2233,15 +3628,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -2252,17 +3647,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -2272,7 +3668,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -2284,23 +3680,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -2311,22 +3707,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -2334,7 +3730,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -2349,7 +3745,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -2361,26 +3757,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -2390,7 +3798,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -2405,21 +3813,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2429,11 +3837,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2442,7 +3851,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2451,18 +3861,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -2488,14 +3899,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2505,11 +3916,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2518,7 +3930,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2527,11 +3940,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -2550,12 +3964,12 @@ "type": "array" }, "egressDeny": { - "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress. Any rule inserted here will by denied regardless of the allowed egress rules in the 'egress' field. If omitted or empty, this rule does not apply at egress.", + "description": "EgressDeny is a list of EgressDenyRule which are enforced at egress.\nAny rule inserted here will be denied regardless of the allowed egress\nrules in the 'egress' field.\nIf omitted or empty, this rule does not apply at egress.", "items": { - "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e. network traffic that originates inside the endpoint and exits the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members of the structure are specified, then all members must match in order for the rule to take effect. The exception to this rule is the ToRequires member; the effects of any Requires field in any rule will apply to all other rules as well. \n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "EgressDenyRule contains all rule types which can be applied at egress, i.e.\nnetwork traffic that originates inside the endpoint and exits the endpoint\nselected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members of the structure are specified, then all members\n must match in order for the rule to take effect. The exception to this\n rule is the ToRequires member; the effects of any Requires field in any\n rule will apply to all other rules as well.\n\n - ToEndpoints, ToCIDR, ToCIDRSet, ToEntities, ToServices and ToGroups are\n mutually exclusive. Only one of these members may be present within an\n individual rule.", "properties": { "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"app=httpd\" is not allowed to initiate type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to connect to.\n\nExample:\nAny endpoint with the label \"app=httpd\" is not allowed to initiate\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -2566,7 +3980,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -2574,10 +3988,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -2585,6 +4006,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -2593,57 +4015,140 @@ "type": "array" }, "toCIDR": { - "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections. Only connections destined for outside of the cluster and not targeting the host will be subject to CIDR rules. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24", + "description": "ToCIDR is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections. Only connections destined for\noutside of the cluster and not targeting the host will be subject\nto CIDR rules. This will match on the destination IP address of\noutgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet\nwith no ExcludeCIDRs is equivalent. Overlaps are allowed between\nToCIDR and ToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "toCIDRSet": { - "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to initiate connections to in addition to connections which are allowed via ToEndpoints, along with a list of subnets contained within their corresponding IP block to which traffic should not be allowed. This will match on the destination IP address of outgoing connections. Adding a prefix into ToCIDR or into ToCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and ToCIDRSet. \n Example: Any endpoint with the label \"app=database-proxy\" is allowed to initiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", + "description": "ToCIDRSet is a list of IP blocks which the endpoint subject to the rule\nis allowed to initiate connections to in addition to connections\nwhich are allowed via ToEndpoints, along with a list of subnets contained\nwithin their corresponding IP block to which traffic should not be\nallowed. This will match on the destination IP address of outgoing\nconnections. Adding a prefix into ToCIDR or into ToCIDRSet with no\nExcludeCIDRs is equivalent. Overlaps are allowed between ToCIDR and\nToCIDRSet.\n\nExample:\nAny endpoint with the label \"app=database-proxy\" is allowed to\ninitiate connections to 10.2.3.0/24 except from IPs in subnet 10.2.3.0/28.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", "type": "string" }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "toEndpoints": { - "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to which the endpoints subject to the rule are allowed to communicate. \n Example: Any endpoint with the label \"role=frontend\" can communicate with any endpoint carrying the label \"role=backend\".", + "description": "ToEndpoints is a list of endpoints identified by an EndpointSelector to\nwhich the endpoints subject to the rule are allowed to communicate.\n\nExample:\nAny endpoint with the label \"role=frontend\" can communicate with any\nendpoint carrying the label \"role=backend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2653,11 +4158,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2666,7 +4172,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2675,18 +4182,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toEntities": { - "description": "ToEntities is a list of special entities to which the endpoint subject to the rule is allowed to initiate connections. Supported entities are `world`, `cluster` and `host`", + "description": "ToEntities is a list of special entities to which the endpoint subject\nto the rule is allowed to initiate connections. Supported entities are\n`world`, `cluster`,`host`,`remote-node`,`kube-apiserver`, `init`,\n`health`,`unmanaged` and `all`.", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -2705,9 +4213,9 @@ "type": "array" }, "toGroups": { - "description": "ToGroups is a directive that allows the integration with multiple outside providers. Currently, only AWS is supported, and the rule can select by multiple sub directives: \n Example: toGroups: - aws: securityGroupsIds: - 'sg-XXXXXXXXXXXXX'", + "description": "ToGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\ntoGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", "items": { - "description": "ToGroups structure to store all kinds of new integrations that needs a new derivative policy.", + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", "properties": { "aws": { "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", @@ -2741,26 +4249,92 @@ }, "type": "array" }, + "toNodes": { + "description": "ToNodes is a list of nodes identified by an\nEndpointSelector to which endpoints subject to the rule is allowed to communicate.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to connect to. \n Example: Any endpoint with the label \"role=frontend\" is not allowed to initiate connections to destination port 8080/tcp", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to connect\nto.\n\nExample:\nAny endpoint with the label \"role=frontend\" is not allowed to initiate\nconnections to destination port 8080/tcp", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -2779,21 +4353,21 @@ "type": "array" }, "toRequires": { - "description": "ToRequires is a list of additional constraints which must be met in order for the selected endpoints to be able to connect to other endpoints. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching ToEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires any endpoint to which it communicates to also carry the label \"team=A\".", + "description": "ToRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be able to connect to other\nendpoints. These additional constraints do no by itself grant access\nprivileges and must always be accompanied with at least one matching\nToEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires any endpoint to which it\ncommunicates to also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2803,11 +4377,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2816,7 +4391,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2825,18 +4401,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "toServices": { - "description": "ToServices is a list of services to which the endpoint subject to the rule is allowed to initiate connections. Currently Cilium only supports toServices for K8s services without selectors. \n Example: Any endpoint with the label \"app=backend-app\" is allowed to initiate connections to all cidrs backing the \"external-service\" service", + "description": "ToServices is a list of services to which the endpoint subject\nto the rule is allowed to initiate connections.\nCurrently Cilium only supports toServices for K8s services.", "items": { - "description": "Service wraps around selectors for services", + "description": "Service selects policy targets that are bundled as part of a\nlogical load-balanced service.\n\nCurrently only Kubernetes-based Services are supported.", "properties": { "k8sService": { "description": "K8sService selects service by name and namespace pair", @@ -2862,14 +4439,14 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2879,11 +4456,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2892,7 +4470,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2901,11 +4480,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "required": [ @@ -2923,20 +4503,34 @@ }, "type": "array" }, + "enableDefaultDeny": { + "description": "EnableDefaultDeny determines whether this policy configures the\nsubject endpoint(s) to have a default deny mode. If enabled,\nthis causes all traffic not explicitly allowed by a network policy\nto be dropped.\n\nIf not specified, the default is true for each traffic direction\nthat has rules, and false otherwise. For example, if a policy\nonly has Ingress or IngressDeny rules, then the default for\ningress is true and egress is false.\n\nIf multiple policies apply to an endpoint, that endpoint's default deny\nwill be enabled if any policy requests it.\n\nThis is useful for creating broad-based network policies that will not\ncause endpoints to enter default-deny mode.", + "properties": { + "egress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto egress traffic.", + "type": "boolean" + }, + "ingress": { + "description": "Whether or not the endpoint should have a default-deny rule applied\nto ingress traffic.", + "type": "boolean" + } + }, + "type": "object" + }, "endpointSelector": { - "description": "EndpointSelector selects all endpoints which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive.", + "description": "EndpointSelector selects all endpoints which should be subject to\nthis rule. EndpointSelector and NodeSelector cannot be both empty and\nare mutually exclusive.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -2946,11 +4540,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -2959,7 +4554,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -2968,69 +4564,287 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "ingress": { - "description": "Ingress is a list of IngressRule which are enforced at ingress. If omitted or empty, this rule does not apply at ingress.", + "description": "Ingress is a list of IngressRule which are enforced at ingress.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { + "authentication": { + "description": "Authentication is the required authentication type for the allowed traffic, if any.", + "properties": { + "mode": { + "description": "Mode is the required authentication mode for the allowed traffic, if any.", + "enum": [ + "disabled", + "required", + "test-always-fail" + ], + "type": "string" + } + }, + "required": [ + "mode" + ], + "type": "object" + }, "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", "type": "string" }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, - "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "fromEndpoints": { + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "fromEntities": { + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", + "items": { + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", + "enum": [ + "all", + "world", + "cluster", + "host", + "init", + "ingress", + "unmanaged", + "remote-node", + "health", + "none", + "kube-apiserver" + ], + "type": "string" + }, + "type": "array" + }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3040,11 +4854,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3053,7 +4868,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3062,51 +4878,31 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" - }, - "type": "array" - }, - "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", - "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", - "enum": [ - "all", - "world", - "cluster", - "host", - "init", - "ingress", - "unmanaged", - "remote-node", - "health", - "none", - "kube-apiserver" - ], - "type": "string" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3116,11 +4912,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3129,7 +4926,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3138,16 +4936,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -3158,7 +4957,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -3166,10 +4965,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -3177,6 +4983,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -3185,30 +4992,73 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can only accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can only accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortRule is a list of ports/protocol combinations with optional Layer 7 rules which must be met.", + "description": "PortRule is a list of ports/protocol combinations with optional Layer 7\nrules which must be met.", "properties": { + "listener": { + "description": "listener specifies the name of a custom Envoy listener to which this traffic should be\nredirected to.", + "properties": { + "envoyConfig": { + "description": "EnvoyConfig is a reference to the CEC or CCEC resource in which\nthe listener is defined.", + "properties": { + "kind": { + "description": "Kind is the resource type being referred to. Defaults to CiliumEnvoyConfig or\nCiliumClusterwideEnvoyConfig for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy,\nrespectively. The only case this is currently explicitly needed is when referring to a\nCiliumClusterwideEnvoyConfig from CiliumNetworkPolicy, as using a namespaced listener\nfrom a cluster scoped policy is not allowed.", + "enum": [ + "CiliumEnvoyConfig", + "CiliumClusterwideEnvoyConfig" + ], + "type": "string" + }, + "name": { + "description": "Name is the resource name of the CiliumEnvoyConfig or CiliumClusterwideEnvoyConfig where\nthe listener is defined in.", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "name": { + "description": "Name is the name of the listener.", + "minLength": 1, + "type": "string" + }, + "priority": { + "description": "Priority for this Listener that is used when multiple rules would apply different\nlisteners to a policy map entry. Behavior of this is implementation dependent.", + "maximum": 100, + "minimum": 1, + "type": "integer" + } + }, + "required": [ + "envoyConfig", + "name" + ], + "type": "object" + }, "originatingTLS": { - "description": "OriginatingTLS is the TLS context for the connections originated by the L7 proxy. For egress policy this specifies the client-side TLS parameters for the upstream connection originating from the L7 proxy to the remote destination. For ingress policy this specifies the client-side TLS parameters for the connection from the L7 proxy to the local endpoint.", + "description": "OriginatingTLS is the TLS context for the connections originated by\nthe L7 proxy. For egress policy this specifies the client-side TLS\nparameters for the upstream connection originating from the L7 proxy\nto the remote destination. For ingress policy this specifies the\nclient-side TLS parameters for the connection from the L7 proxy to\nthe local endpoint.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -3218,7 +5068,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -3232,16 +5082,24 @@ "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -3252,23 +5110,78 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" }, "rules": { - "description": "Rules is a list of additional port level rules which must be met in order for the PortRule to allow the traffic. If omitted or empty, no layer 7 rules are enforced.", + "description": "Rules is a list of additional port level rules which must be met in\norder for the PortRule to allow the traffic. If omitted or empty,\nno layer 7 rules are enforced.", + "oneOf": [ + { + "properties": { + "http": {} + }, + "required": [ + "http" + ] + }, + { + "properties": { + "kafka": {} + }, + "required": [ + "kafka" + ] + }, + { + "properties": { + "dns": {} + }, + "required": [ + "dns" + ] + }, + { + "properties": { + "l7proto": {} + }, + "required": [ + "l7proto" + ] + } + ], "properties": { "dns": { "description": "DNS-specific rules.", "items": { "description": "PortRuleDNS is a list of allowed DNS lookups.", + "oneOf": [ + { + "properties": { + "matchName": {} + }, + "required": [ + "matchName" + ] + }, + { + "properties": { + "matchPattern": {} + }, + "required": [ + "matchPattern" + ] + } + ], "properties": { "matchName": { - "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added when missing.", + "description": "MatchName matches literal DNS names. A trailing \".\" is automatically added\nwhen missing.", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_]+[.]?)+$", "type": "string" }, "matchPattern": { - "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are case insensitive. The wildcards are: - \"*\" matches 0 or more DNS valid characters, and may occur anywhere in the pattern. As a special case a \"*\" as the leftmost character, without a following \".\" matches all subdomains as well as the name to the right. A trailing \".\" is automatically added when missing. \n Examples: `*.cilium.io` matches subomains of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not `*cilium.io` matches cilium.io and all subdomains 1 level below www.cilium.io, blog.cilium.io and cilium.io match, google.com does not sub*.cilium.io matches subdomains of cilium where the subdomain component begins with \"sub\" sub.cilium.io and subdomain.cilium.io match, www.cilium.io, blog.cilium.io, cilium.io and google.com do not", + "description": "MatchPattern allows using wildcards to match DNS names. All wildcards are\ncase insensitive. The wildcards are:\n- \"*\" matches 0 or more DNS valid characters, and may occur anywhere in\nthe pattern. As a special case a \"*\" as the leftmost character, without a\nfollowing \".\" matches all subdomains as well as the name to the right.\nA trailing \".\" is automatically added when missing.\n\nExamples:\n`*.cilium.io` matches subdomains of cilium at that level\n www.cilium.io and blog.cilium.io match, cilium.io and google.com do not\n`*cilium.io` matches cilium.io and all subdomains ends with \"cilium.io\"\n except those containing \".\" separator, subcilium.io and sub-cilium.io match,\n www.cilium.io and blog.cilium.io does not\nsub*.cilium.io matches subdomains of cilium where the subdomain component\nbegins with \"sub\"\n sub.cilium.io and subdomain.cilium.io match, www.cilium.io,\n blog.cilium.io, cilium.io and google.com do not", + "maxLength": 255, "pattern": "^([-a-zA-Z0-9_*]+[.]?)+$", "type": "string" } @@ -3280,15 +5193,15 @@ "http": { "description": "HTTP specific rules.", "items": { - "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect. \n All fields of this type are extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986.", + "description": "PortRuleHTTP is a list of HTTP protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule does not have any\neffect.\n\nAll fields of this type are extended POSIX regex as defined by IEEE Std\n1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax)\nmatched against the path of an incoming request. Currently it can contain\ncharacters disallowed from the conventional \"path\" part of a URL as defined\nby RFC 3986.", "properties": { "headerMatches": { - "description": "HeaderMatches is a list of HTTP headers which must be present and match against the given values. Mismatch field can be used to specify what to do when there is no match.", + "description": "HeaderMatches is a list of HTTP headers which must be\npresent and match against the given values. Mismatch field can be used\nto specify what to do when there is no match.", "items": { - "description": "HeaderMatch extends the HeaderValue for matching requirement of a named header field against an immediate string, a secret value, or a regex. If none of the optional fields is present, then the header value is not matched, only presence of the header is enough.", + "description": "HeaderMatch extends the HeaderValue for matching requirement of a\nnamed header field against an immediate string or a secret value.\nIf none of the optional fields is present, then the\nheader value is not matched, only presence of the header is enough.", "properties": { "mismatch": { - "description": "Mismatch identifies what to do in case there is no match. The default is to drop the request. Otherwise the overall rule is still considered as matching, but the mismatches are logged in the access log.", + "description": "Mismatch identifies what to do in case there is no match. The default is\nto drop the request. Otherwise the overall rule is still considered as\nmatching, but the mismatches are logged in the access log.", "enum": [ "LOG", "ADD", @@ -3299,17 +5212,18 @@ }, "name": { "description": "Name identifies the header.", + "minLength": 1, "type": "string" }, "secret": { - "description": "Secret refers to a secret that contains the value to be matched against. The secret must only contain one entry. If the referred secret does not exist, and there is no \"Value\" specified, the match will fail.", + "description": "Secret refers to a secret that contains the value to be matched against.\nThe secret must only contain one entry. If the referred secret does not\nexist, and there is no \"Value\" specified, the match will fail.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -3319,7 +5233,7 @@ "type": "object" }, "value": { - "description": "Value matches the exact value of the header. Can be specified either alone or together with \"Secret\"; will be used as the header value if the secret can not be found in the latter case.", + "description": "Value matches the exact value of the header. Can be specified either\nalone or together with \"Secret\"; will be used as the header value if the\nsecret can not be found in the latter case.", "type": "string" } }, @@ -3331,23 +5245,23 @@ "type": "array" }, "headers": { - "description": "Headers is a list of HTTP headers which must be present in the request. If omitted or empty, requests are allowed regardless of headers present.", + "description": "Headers is a list of HTTP headers which must be present in the\nrequest. If omitted or empty, requests are allowed regardless of\nheaders present.", "items": { "type": "string" }, "type": "array" }, "host": { - "description": "Host is an extended POSIX regex matched against the host header of a request, e.g. \"foo.com\" \n If omitted or empty, the value of the host header is ignored.", + "description": "Host is an extended POSIX regex matched against the host header of a\nrequest. Examples:\n\n- foo.bar.com will match the host fooXbar.com or foo-bar.com\n- foo\\.bar\\.com will only match the host foo.bar.com\n\nIf omitted or empty, the value of the host header is ignored.", "format": "idn-hostname", "type": "string" }, "method": { - "description": "Method is an extended POSIX regex matched against the method of a request, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ... \n If omitted or empty, all methods are allowed.", + "description": "Method is an extended POSIX regex matched against the method of a\nrequest, e.g. \"GET\", \"POST\", \"PUT\", \"PATCH\", \"DELETE\", ...\n\nIf omitted or empty, all methods are allowed.", "type": "string" }, "path": { - "description": "Path is an extended POSIX regex matched against the path of a request. Currently it can contain characters disallowed from the conventional \"path\" part of a URL as defined by RFC 3986. \n If omitted or empty, all paths are all allowed.", + "description": "Path is an extended POSIX regex matched against the path of a\nrequest. Currently it can contain characters disallowed from the\nconventional \"path\" part of a URL as defined by RFC 3986.\n\nIf omitted or empty, all paths are all allowed.", "type": "string" } }, @@ -3358,22 +5272,22 @@ "kafka": { "description": "Kafka-specific rules.", "items": { - "description": "PortRule is a list of Kafka protocol constraints. All fields are optional, if all fields are empty or missing, the rule will match all Kafka messages.", + "description": "PortRule is a list of Kafka protocol constraints. All fields are\noptional, if all fields are empty or missing, the rule will match all\nKafka messages.", "properties": { "apiKey": { - "description": "APIKey is a case-insensitive string matched against the key of a request, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al Reference: https://kafka.apache.org/protocol#protocol_api_keys \n If omitted or empty, and if Role is not specified, then all keys are allowed.", + "description": "APIKey is a case-insensitive string matched against the key of a\nrequest, e.g. \"produce\", \"fetch\", \"createtopic\", \"deletetopic\", et al\nReference: https://kafka.apache.org/protocol#protocol_api_keys\n\nIf omitted or empty, and if Role is not specified, then all keys are allowed.", "type": "string" }, "apiVersion": { - "description": "APIVersion is the version matched against the api version of the Kafka message. If set, it has to be a string representing a positive integer. \n If omitted or empty, all versions are allowed.", + "description": "APIVersion is the version matched against the api version of the\nKafka message. If set, it has to be a string representing a positive\ninteger.\n\nIf omitted or empty, all versions are allowed.", "type": "string" }, "clientID": { - "description": "ClientID is the client identifier as provided in the request. \n From Kafka protocol documentation: This is a user supplied identifier for the client application. The user can use any identifier they like and it will be used when logging errors, monitoring aggregates, etc. For example, one might want to monitor not just the requests per second overall, but the number coming from each client application (each of which could reside on multiple servers). This id acts as a logical grouping across all requests from a particular client. \n If omitted or empty, all client identifiers are allowed.", + "description": "ClientID is the client identifier as provided in the request.\n\nFrom Kafka protocol documentation:\nThis is a user supplied identifier for the client application. The\nuser can use any identifier they like and it will be used when\nlogging errors, monitoring aggregates, etc. For example, one might\nwant to monitor not just the requests per second overall, but the\nnumber coming from each client application (each of which could\nreside on multiple servers). This id acts as a logical grouping\nacross all requests from a particular client.\n\nIf omitted or empty, all client identifiers are allowed.", "type": "string" }, "role": { - "description": "Role is a case-insensitive string and describes a group of API keys necessary to perform certain higher-level Kafka operations such as \"produce\" or \"consume\". A Role automatically expands into all APIKeys required to perform the specified higher-level operation. \n The following values are supported: - \"produce\": Allow producing to the topics specified in the rule - \"consume\": Allow consuming from the topics specified in the rule \n This field is incompatible with the APIKey field, i.e APIKey and Role cannot both be specified in the same rule. \n If omitted or empty, and if APIKey is not specified, then all keys are allowed.", + "description": "Role is a case-insensitive string and describes a group of API keys\nnecessary to perform certain higher-level Kafka operations such as \"produce\"\nor \"consume\". A Role automatically expands into all APIKeys required\nto perform the specified higher-level operation.\n\nThe following values are supported:\n - \"produce\": Allow producing to the topics specified in the rule\n - \"consume\": Allow consuming from the topics specified in the rule\n\nThis field is incompatible with the APIKey field, i.e APIKey and Role\ncannot both be specified in the same rule.\n\nIf omitted or empty, and if APIKey is not specified, then all keys are\nallowed.", "enum": [ "produce", "consume" @@ -3381,7 +5295,7 @@ "type": "string" }, "topic": { - "description": "Topic is the topic name contained in the message. If a Kafka request contains multiple topics, then all topics must be allowed or the message will be rejected. \n This constraint is ignored if the matched request message type doesn't contain any topic. Maximum size of Topic can be 249 characters as per recent Kafka spec and allowed characters are a-z, A-Z, 0-9, -, . and _. \n Older Kafka versions had longer topic lengths of 255, but in Kafka 0.10 version the length was changed from 255 to 249. For compatibility reasons we are using 255. \n If omitted or empty, all topics are allowed.", + "description": "Topic is the topic name contained in the message. If a Kafka request\ncontains multiple topics, then all topics must be allowed or the\nmessage will be rejected.\n\nThis constraint is ignored if the matched request message type\ndoesn't contain any topic. Maximum size of Topic can be 249\ncharacters as per recent Kafka spec and allowed characters are\na-z, A-Z, 0-9, -, . and _.\n\nOlder Kafka versions had longer topic lengths of 255, but in Kafka 0.10\nversion the length was changed from 255 to 249. For compatibility\nreasons we are using 255.\n\nIf omitted or empty, all topics are allowed.", "maxLength": 255, "type": "string" } @@ -3396,7 +5310,7 @@ "additionalProperties": { "type": "string" }, - "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as protocol constraints. All fields are optional, if all fields are empty or missing, the rule does not have any effect.", + "description": "PortRuleL7 is a list of key-value pairs interpreted by a L7 protocol as\nprotocol constraints. All fields are optional, if all fields are empty or\nmissing, the rule does not have any effect.", "type": "object" }, "type": "array" @@ -3408,26 +5322,38 @@ }, "type": "object" }, + "serverNames": { + "description": "ServerNames is a list of allowed TLS SNI values. If not empty, then\nTLS must be present and one of the provided SNIs must be indicated in the\nTLS handshake.", + "items": { + "description": "ServerName allows using prefix only wildcards to match DNS names.\n\n- \"*\" matches 0 or more DNS valid characters, and may only occur at the\nbeginning of the pattern. As a special case a \"*\" as the leftmost character,\nwithout a following \".\" matches all subdomains as well as the name to the right.\n\nExamples:\n - `*.cilium.io` matches exactly one subdomain of cilium at that level www.cilium.io and blog.cilium.io match, cilium.io and google.com do not.\n - `**.cilium.io` matches more than one subdomain of cilium, e.g. sub1.sub2.cilium.io and sub.cilium.io match, cilium.io do not.", + "maxLength": 255, + "pattern": "^(\\*?\\*\\.)?([-a-zA-Z0-9_]+\\.?)+$", + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, "terminatingTLS": { - "description": "TerminatingTLS is the TLS context for the connection terminated by the L7 proxy. For egress policy this specifies the server-side TLS parameters to be applied on the connections originated from the local endpoint and terminated by the L7 proxy. For ingress policy this specifies the server-side TLS parameters to be applied on the connections originated from a remote source and terminated by the L7 proxy.", + "description": "TerminatingTLS is the TLS context for the connection terminated by\nthe L7 proxy. For egress policy this specifies the server-side TLS\nparameters to be applied on the connections originated from the local\nendpoint and terminated by the L7 proxy. For ingress policy this specifies\nthe server-side TLS parameters to be applied on the connections\noriginated from a remote source and terminated by the L7 proxy.", "properties": { "certificate": { - "description": "Certificate is the file name or k8s secret item name for the certificate chain. If omitted, 'tls.crt' is assumed, if it exists. If given, the item must exist.", + "description": "Certificate is the file name or k8s secret item name for the certificate\nchain. If omitted, 'tls.crt' is assumed, if it exists. If given, the\nitem must exist.", "type": "string" }, "privateKey": { - "description": "PrivateKey is the file name or k8s secret item name for the private key matching the certificate chain. If omitted, 'tls.key' is assumed, if it exists. If given, the item must exist.", + "description": "PrivateKey is the file name or k8s secret item name for the private key\nmatching the certificate chain. If omitted, 'tls.key' is assumed, if it\nexists. If given, the item must exist.", "type": "string" }, "secret": { - "description": "Secret is the secret that contains the certificates and private key for the TLS context. By default, Cilium will search in this secret for the following items: - 'ca.crt' - Which represents the trusted CA to verify remote source. - 'tls.crt' - Which represents the public key certificate. - 'tls.key' - Which represents the private key matching the public key certificate.", + "description": "Secret is the secret that contains the certificates and private key for\nthe TLS context.\nBy default, Cilium will search in this secret for the following items:\n - 'ca.crt' - Which represents the trusted CA to verify remote source.\n - 'tls.crt' - Which represents the public key certificate.\n - 'tls.key' - Which represents the private key matching the public key\n certificate.", "properties": { "name": { "description": "Name is the name of the secret.", "type": "string" }, "namespace": { - "description": "Namespace is the namespace in which the secret exists. Context of use determines the default value if left out (e.g., \"default\").", + "description": "Namespace is the namespace in which the secret exists. Context of use\ndetermines the default value if left out (e.g., \"default\").", "type": "string" } }, @@ -3437,7 +5363,7 @@ "type": "object" }, "trustedCA": { - "description": "TrustedCA is the file name or k8s secret item name for the trusted CA. If omitted, 'ca.crt' is assumed, if it exists. If given, the item must exist.", + "description": "TrustedCA is the file name or k8s secret item name for the trusted CA.\nIf omitted, 'ca.crt' is assumed, if it exists. If given, the item must\nexist.", "type": "string" } }, @@ -3457,62 +5383,145 @@ "type": "array" }, "ingressDeny": { - "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress. Any rule inserted here will by denied regardless of the allowed ingress rules in the 'ingress' field. If omitted or empty, this rule does not apply at ingress.", + "description": "IngressDeny is a list of IngressDenyRule which are enforced at ingress.\nAny rule inserted here will be denied regardless of the allowed ingress\nrules in the 'ingress' field.\nIf omitted or empty, this rule does not apply at ingress.", "items": { - "description": "IngressDenyRule contains all rule types which can be applied at ingress, i.e. network traffic that originates outside of the endpoint and is entering the endpoint selected by the endpointSelector. \n - All members of this structure are optional. If omitted or empty, the member will have no effect on the rule. \n - If multiple members are set, all of them need to match in order for the rule to take effect. The exception to this rule is FromRequires field; the effects of any Requires field in any rule will apply to all other rules as well. \n - FromEndpoints, FromCIDR, FromCIDRSet and FromEntities are mutually exclusive. Only one of these members may be present within an individual rule.", + "description": "IngressDenyRule contains all rule types which can be applied at ingress,\ni.e. network traffic that originates outside of the endpoint and\nis entering the endpoint selected by the endpointSelector.\n\n - All members of this structure are optional. If omitted or empty, the\n member will have no effect on the rule.\n\n - If multiple members are set, all of them need to match in order for\n the rule to take effect. The exception to this rule is FromRequires field;\n the effects of any Requires field in any rule will apply to all other\n rules as well.\n\n - FromEndpoints, FromCIDR, FromCIDRSet, FromGroups and FromEntities are mutually\n exclusive. Only one of these members may be present within an individual\n rule.", "properties": { "fromCIDR": { - "description": "FromCIDR is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from. Only connections which do *not* originate from the cluster or from the local host are subject to CIDR rules. In order to allow in-cluster connectivity, use the FromEndpoints field. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.3.9.1", + "description": "FromCIDR is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from. Only connections which\ndo *not* originate from the cluster or from the local host are subject\nto CIDR rules. In order to allow in-cluster connectivity, use the\nFromEndpoints field. This will match on the source IP address of\nincoming connections. Adding a prefix into FromCIDR or into\nFromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are\nallowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.3.9.1", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" }, "fromCIDRSet": { - "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the rule is allowed to receive connections from in addition to FromEndpoints, along with a list of subnets contained within their corresponding IP block from which traffic should not be allowed. This will match on the source IP address of incoming connections. Adding a prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is equivalent. Overlaps are allowed between FromCIDR and FromCIDRSet. \n Example: Any endpoint with the label \"app=my-legacy-pet\" is allowed to receive connections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", + "description": "FromCIDRSet is a list of IP blocks which the endpoint subject to the\nrule is allowed to receive connections from in addition to FromEndpoints,\nalong with a list of subnets contained within their corresponding IP block\nfrom which traffic should not be allowed.\nThis will match on the source IP address of incoming connections. Adding\na prefix into FromCIDR or into FromCIDRSet with no ExcludeCIDRs is\nequivalent. Overlaps are allowed between FromCIDR and FromCIDRSet.\n\nExample:\nAny endpoint with the label \"app=my-legacy-pet\" is allowed to receive\nconnections from 10.0.0.0/8 except from IPs in subnet 10.96.0.0/12.", "items": { - "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside communication is allowed, along with an optional list of subnets within that CIDR prefix to/from which outside communication is not allowed.", + "description": "CIDRRule is a rule that specifies a CIDR prefix to/from which outside\ncommunication is allowed, along with an optional list of subnets within that\nCIDR prefix to/from which outside communication is not allowed.", + "oneOf": [ + { + "properties": { + "cidr": {} + }, + "required": [ + "cidr" + ] + }, + { + "properties": { + "cidrGroupRef": {} + }, + "required": [ + "cidrGroupRef" + ] + }, + { + "properties": { + "cidrGroupSelector": {} + }, + "required": [ + "cidrGroupSelector" + ] + } + ], "properties": { "cidr": { "description": "CIDR is a CIDR prefix / IP Block.", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "format": "cidr", "type": "string" }, + "cidrGroupRef": { + "description": "CIDRGroupRef is a reference to a CiliumCIDRGroup object.\nA CiliumCIDRGroup contains a list of CIDRs that the endpoint, subject to\nthe rule, can (Ingress/Egress) or cannot (IngressDeny/EgressDeny) receive\nconnections from.", + "maxLength": 253, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "cidrGroupSelector": { + "description": "CIDRGroupSelector selects CiliumCIDRGroups by their labels,\nrather than by name.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, "except": { - "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule is not allowed to initiate connections to. These CIDR prefixes should be contained within Cidr. These exceptions are only applied to the Cidr in this CIDRRule, and do not apply to any other CIDR prefixes in any other CIDRRules.", + "description": "ExceptCIDRs is a list of IP blocks which the endpoint subject to the rule\nis not allowed to initiate connections to. These CIDR prefixes should be\ncontained within Cidr, using ExceptCIDRs together with CIDRGroupRef is not\nsupported yet.\nThese exceptions are only applied to the Cidr in this CIDRRule, and do not\napply to any other CIDR prefixes in any other CIDRRules.", "items": { - "description": "CIDR specifies a block of IP addresses. Example: 192.0.2.1/32", - "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]|[1-2][0-9]|3[0-2])$|^s*((([0-9A-Fa-f]{1,4}:){7}(:|([0-9A-Fa-f]{1,4})))|(([0-9A-Fa-f]{1,4}:){6}:([0-9A-Fa-f]{1,4})?)|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){0,1}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){0,2}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){0,3}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){0,4}):([0-9A-Fa-f]{1,4})?))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){0,5}):([0-9A-Fa-f]{1,4})?))|(:(:|((:[0-9A-Fa-f]{1,4}){1,7}))))(%.+)?s*/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8])$", + "description": "CIDR specifies a block of IP addresses.\nExample: 192.0.2.1/32", + "format": "cidr", "type": "string" }, "type": "array" } }, - "required": [ - "cidr" - ], "type": "object" }, "type": "array" }, "fromEndpoints": { - "description": "FromEndpoints is a list of endpoints identified by an EndpointSelector which are allowed to communicate with the endpoint subject to the rule. \n Example: Any endpoint with the label \"role=backend\" can be consumed by any endpoint carrying the label \"role=frontend\".", + "description": "FromEndpoints is a list of endpoints identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.\n\nExample:\nAny endpoint with the label \"role=backend\" can be consumed by any\nendpoint carrying the label \"role=frontend\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3522,11 +5531,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3535,7 +5545,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3544,18 +5555,19 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "fromEntities": { - "description": "FromEntities is a list of special entities which the endpoint subject to the rule is allowed to receive connections from. Supported entities are `world`, `cluster` and `host`", + "description": "FromEntities is a list of special entities which the endpoint subject\nto the rule is allowed to receive connections from. Supported entities are\n`world`, `cluster` and `host`", "items": { - "description": "Entity specifies the class of receiver/sender endpoints that do not have individual identities. Entities are used to describe \"outside of cluster\", \"host\", etc.", + "description": "Entity specifies the class of receiver/sender endpoints that do not have\nindividual identities. Entities are used to describe \"outside of cluster\",\n\"host\", etc.", "enum": [ "all", "world", @@ -3573,22 +5585,117 @@ }, "type": "array" }, + "fromGroups": { + "description": "FromGroups is a directive that allows the integration with multiple outside\nproviders. Currently, only AWS is supported, and the rule can select by\nmultiple sub directives:\n\nExample:\nFromGroups:\n- aws:\n securityGroupsIds:\n - 'sg-XXXXXXXXXXXXX'", + "items": { + "description": "Groups structure to store all kinds of new integrations that needs a new\nderivative policy.", + "properties": { + "aws": { + "description": "AWSGroup is an structure that can be used to whitelisting information from AWS integration", + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "region": { + "type": "string" + }, + "securityGroupsIds": { + "items": { + "type": "string" + }, + "type": "array" + }, + "securityGroupsNames": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "fromNodes": { + "description": "FromNodes is a list of nodes identified by an\nEndpointSelector which are allowed to communicate with the endpoint\nsubject to the rule.", + "items": { + "description": "EndpointSelector is a wrapper for k8s LabelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ], + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "description": "MatchLabelsValue represents the value from the MatchLabels {key,value} pair.", + "maxLength": 63, + "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "fromRequires": { - "description": "FromRequires is a list of additional constraints which must be met in order for the selected endpoints to be reachable. These additional constraints do no by itself grant access privileges and must always be accompanied with at least one matching FromEndpoints. \n Example: Any Endpoint with the label \"team=A\" requires consuming endpoint to also carry the label \"team=A\".", + "description": "FromRequires is a list of additional constraints which must be met\nin order for the selected endpoints to be reachable. These\nadditional constraints do no by itself grant access privileges and\nmust always be accompanied with at least one matching FromEndpoints.\n\nExample:\nAny Endpoint with the label \"team=A\" requires consuming endpoint\nto also carry the label \"team=A\".", "items": { "description": "EndpointSelector is a wrapper for k8s LabelSelector.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3598,11 +5705,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3611,7 +5719,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3620,16 +5729,17 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, "icmps": { - "description": "ICMPs is a list of ICMP rule identified by type number which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming type 8 ICMP connections.", + "description": "ICMPs is a list of ICMP rule identified by type number\nwhich the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\ntype 8 ICMP connections.", "items": { "description": "ICMPRule is a list of ICMP fields.", "properties": { @@ -3640,7 +5750,7 @@ "properties": { "family": { "default": "IPv4", - "description": "Family is a IP address version. Currently, we support `IPv4` and `IPv6`. `IPv4` is set as default.", + "description": "Family is a IP address version.\nCurrently, we support `IPv4` and `IPv6`.\n`IPv4` is set as default.", "enum": [ "IPv4", "IPv6" @@ -3648,10 +5758,17 @@ "type": "string" }, "type": { - "description": "Type is a ICMP-type. It should be 0-255 (8bit).", - "maximum": 255, - "minimum": 0, - "type": "integer" + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Type is a ICMP-type.\nIt should be an 8bit code (0-255), or it's CamelCase name (for example, \"EchoReply\").\nAllowed ICMP types are:\n Ipv4: EchoReply | DestinationUnreachable | Redirect | Echo | EchoRequest |\n\t\t RouterAdvertisement | RouterSelection | TimeExceeded | ParameterProblem |\n\t\t\t Timestamp | TimestampReply | Photuris | ExtendedEcho Request | ExtendedEcho Reply\n Ipv6: DestinationUnreachable | PacketTooBig | TimeExceeded | ParameterProblem |\n\t\t\t EchoRequest | EchoReply | MulticastListenerQuery| MulticastListenerReport |\n\t\t\t MulticastListenerDone | RouterSolicitation | RouterAdvertisement | NeighborSolicitation |\n\t\t\t NeighborAdvertisement | RedirectMessage | RouterRenumbering | ICMPNodeInformationQuery |\n\t\t\t ICMPNodeInformationResponse | InverseNeighborDiscoverySolicitation | InverseNeighborDiscoveryAdvertisement |\n\t\t\t HomeAgentAddressDiscoveryRequest | HomeAgentAddressDiscoveryReply | MobilePrefixSolicitation |\n\t\t\t MobilePrefixAdvertisement | DuplicateAddressRequestCodeSuffix | DuplicateAddressConfirmationCodeSuffix |\n\t\t\t ExtendedEchoRequest | ExtendedEchoReply", + "pattern": "^([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]|EchoReply|DestinationUnreachable|Redirect|Echo|RouterAdvertisement|RouterSelection|TimeExceeded|ParameterProblem|Timestamp|TimestampReply|Photuris|ExtendedEchoRequest|ExtendedEcho Reply|PacketTooBig|ParameterProblem|EchoRequest|MulticastListenerQuery|MulticastListenerReport|MulticastListenerDone|RouterSolicitation|RouterAdvertisement|NeighborSolicitation|NeighborAdvertisement|RedirectMessage|RouterRenumbering|ICMPNodeInformationQuery|ICMPNodeInformationResponse|InverseNeighborDiscoverySolicitation|InverseNeighborDiscoveryAdvertisement|HomeAgentAddressDiscoveryRequest|HomeAgentAddressDiscoveryReply|MobilePrefixSolicitation|MobilePrefixAdvertisement|DuplicateAddressRequestCodeSuffix|DuplicateAddressConfirmationCodeSuffix)$", + "x-kubernetes-int-or-string": true } }, "required": [ @@ -3659,6 +5776,7 @@ ], "type": "object" }, + "maxItems": 40, "type": "array" } }, @@ -3667,25 +5785,33 @@ "type": "array" }, "toPorts": { - "description": "ToPorts is a list of destination ports identified by port number and protocol which the endpoint subject to the rule is not allowed to receive connections on. \n Example: Any endpoint with the label \"app=httpd\" can not accept incoming connections on port 80/tcp.", + "description": "ToPorts is a list of destination ports identified by port number and\nprotocol which the endpoint subject to the rule is not allowed to\nreceive connections on.\n\nExample:\nAny endpoint with the label \"app=httpd\" can not accept incoming\nconnections on port 80/tcp.", "items": { - "description": "PortDenyRule is a list of ports/protocol that should be used for deny policies. This structure lacks the L7Rules since it's not supported in deny policies.", + "description": "PortDenyRule is a list of ports/protocol that should be used for deny\npolicies. This structure lacks the L7Rules since it's not supported in deny\npolicies.", "properties": { "ports": { "description": "Ports is a list of L4 port/protocol", "items": { "description": "PortProtocol specifies an L4 port with an optional transport protocol", "properties": { + "endPort": { + "description": "EndPort can only be an L4 port number.", + "format": "int32", + "maximum": 65535, + "minimum": 0, + "type": "integer" + }, "port": { - "description": "Port is an L4 port number. For now the string will be strictly parsed as a single uint16. In the future, this field may support ranges in the form \"1024-2048 Port can also be a port name, which must contain at least one [a-z], and may also contain [0-9] and '-' anywhere except adjacent to another '-' or in the beginning or the end.", + "description": "Port can be an L4 port number, or a name in the form of \"http\"\nor \"http-8080\".", "pattern": "^(6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[0-9]{1,4})|([a-zA-Z0-9]-?)*[a-zA-Z](-?[a-zA-Z0-9])*$", "type": "string" }, "protocol": { - "description": "Protocol is the L4 protocol. If omitted or empty, any protocol matches. Accepted values: \"TCP\", \"UDP\", \"\"/\"ANY\" \n Matching on ICMP is not supported. \n Named port specified for a container may narrow this down, but may not contradict this.", + "description": "Protocol is the L4 protocol. If omitted or empty, any protocol\nmatches. Accepted values: \"TCP\", \"UDP\", \"SCTP\", \"ANY\"\n\nMatching on ICMP is not supported.\n\nNamed port specified for a container may narrow this down, but may not\ncontradict this.", "enum": [ "TCP", "UDP", + "SCTP", "ANY" ], "type": "string" @@ -3709,7 +5835,7 @@ "type": "array" }, "labels": { - "description": "Labels is a list of optional strings which can be used to re-identify the rule or to store metadata. It is possible to lookup or delete strings based on labels. Labels are not required to be unique, multiple rules can have overlapping or identical labels.", + "description": "Labels is a list of optional strings which can be used to\nre-identify the rule or to store metadata. It is possible to lookup\nor delete strings based on labels. Labels are not required to be\nunique, multiple rules can have overlapping or identical labels.", "items": { "description": "Label is the Cilium's representation of a container label.", "properties": { @@ -3732,19 +5858,19 @@ "type": "array" }, "nodeSelector": { - "description": "NodeSelector selects all nodes which should be subject to this rule. EndpointSelector and NodeSelector cannot be both empty and are mutually exclusive. Can only be used in CiliumClusterwideNetworkPolicies.", + "description": "NodeSelector selects all nodes which should be subject to this rule.\nEndpointSelector and NodeSelector cannot be both empty and are mutually\nexclusive. Can only be used in CiliumClusterwideNetworkPolicies.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "enum": [ "In", "NotIn", @@ -3754,11 +5880,12 @@ "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -3767,7 +5894,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -3776,11 +5904,12 @@ "pattern": "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$", "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -3790,62 +5919,60 @@ "status": { "description": "Status is the status of the Cilium policy rule", "properties": { - "derivativePolicies": { - "additionalProperties": { - "description": "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node.", + "conditions": { + "items": { "properties": { - "annotations": { - "additionalProperties": { - "type": "string" - }, - "description": "Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node.", - "type": "object" - }, - "enforcing": { - "description": "Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy.", - "type": "boolean" + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" }, - "error": { - "description": "Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node.", + "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, - "lastUpdated": { - "description": "LastUpdated contains the last time this status was updated", - "format": "date-time", + "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, - "localPolicyRevision": { - "description": "Revision is the policy revision of the repository which first implemented this policy.", - "format": "int64", - "type": "integer" + "status": { + "description": "The status of the condition, one of True, False, or Unknown", + "type": "string" }, - "ok": { - "description": "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node.", - "type": "boolean" + "type": { + "description": "The type of the policy condition", + "type": "string" } }, + "required": [ + "status", + "type" + ], "type": "object" }, - "description": "DerivativePolicies is the status of all policies derived from the Cilium policy", - "type": "object" + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "nodes": { + "derivativePolicies": { "additionalProperties": { - "description": "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a specific node.", + "description": "CiliumNetworkPolicyNodeStatus is the status of a Cilium policy rule for a\nspecific node.", "properties": { "annotations": { "additionalProperties": { "type": "string" }, - "description": "Annotations corresponds to the Annotations in the ObjectMeta of the CNP that have been realized on the node for CNP. That is, if a CNP has been imported and has been assigned annotation X=Y by the user, Annotations in CiliumNetworkPolicyNodeStatus will be X=Y once the CNP that was imported corresponding to Annotation X=Y has been realized on the node.", + "description": "Annotations corresponds to the Annotations in the ObjectMeta of the CNP\nthat have been realized on the node for CNP. That is, if a CNP has been\nimported and has been assigned annotation X=Y by the user,\nAnnotations in CiliumNetworkPolicyNodeStatus will be X=Y once the\nCNP that was imported corresponding to Annotation X=Y has been realized on\nthe node.", "type": "object" }, "enforcing": { - "description": "Enforcing is set to true once all endpoints present at the time the policy has been imported are enforcing this policy.", + "description": "Enforcing is set to true once all endpoints present at the time the\npolicy has been imported are enforcing this policy.", "type": "boolean" }, "error": { - "description": "Error describes any error that occurred when parsing or importing the policy, or realizing the policy for the endpoints to which it applies on the node.", + "description": "Error describes any error that occurred when parsing or importing the\npolicy, or realizing the policy for the endpoints to which it applies\non the node.", "type": "string" }, "lastUpdated": { @@ -3854,18 +5981,18 @@ "type": "string" }, "localPolicyRevision": { - "description": "Revision is the policy revision of the repository which first implemented this policy.", + "description": "Revision is the policy revision of the repository which first implemented\nthis policy.", "format": "int64", "type": "integer" }, "ok": { - "description": "OK is true when the policy has been parsed and imported successfully into the in-memory policy repository on the node.", + "description": "OK is true when the policy has been parsed and imported successfully\ninto the in-memory policy repository on the node.", "type": "boolean" } }, "type": "object" }, - "description": "Nodes is the Cilium policy status for each node", + "description": "DerivativePolicies is the status of all policies derived from the Cilium\npolicy", "type": "object" } }, diff --git a/master-standalone-strict/ciliumnode-cilium-v2.json b/master-standalone-strict/ciliumnode-cilium-v2.json index cf9fc7e..7208bb6 100644 --- a/master-standalone-strict/ciliumnode-cilium-v2.json +++ b/master-standalone-strict/ciliumnode-cilium-v2.json @@ -1,12 +1,12 @@ { - "description": "CiliumNode represents a node managed by Cilium. It contains a specification to control various node specific configuration aspects and a status section to represent the status of the node.", + "description": "CiliumNode represents a node managed by Cilium. It contains a specification\nto control various node specific configuration aspects and a status section\nto represent the status of the node.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -37,7 +37,7 @@ "description": "AlibabaCloud is the AlibabaCloud IPAM specific configuration.", "properties": { "availability-zone": { - "description": "AvailabilityZone is the availability zone to use when allocating ENIs.", + "description": "AvailabilityZone is the availability zone to use when allocating\nENIs.", "type": "string" }, "cidr-block": { @@ -52,11 +52,11 @@ "additionalProperties": { "type": "string" }, - "description": "SecurityGroupTags is the list of tags to use when evaluating which security groups to use for the ENI.", + "description": "SecurityGroupTags is the list of tags to use when evaluating which\nsecurity groups to use for the ENI.", "type": "object" }, "security-groups": { - "description": "SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance.", + "description": "SecurityGroups is the list of security groups to attach to any ENI\nthat is created and attached to the instance.", "items": { "type": "string" }, @@ -70,7 +70,7 @@ "additionalProperties": { "type": "string" }, - "description": "VSwitchTags is the list of tags to use when evaluating which vSwitch to use for the ENI.", + "description": "VSwitchTags is the list of tags to use when evaluating which\nvSwitch to use for the ENI.", "type": "object" }, "vswitches": { @@ -88,18 +88,22 @@ "description": "Azure is the Azure IPAM specific configuration.", "properties": { "interface-name": { - "description": "InterfaceName is the name of the interface the cilium-operator will use to allocate all the IPs on", + "description": "InterfaceName is the name of the interface the cilium-operator\nwill use to allocate all the IPs on", "type": "string" } }, "type": "object", "additionalProperties": false }, + "bootid": { + "description": "BootID is a unique node identifier generated on boot", + "type": "string" + }, "encryption": { "description": "Encryption is the encryption configuration of the node.", "properties": { "key": { - "description": "Key is the index to the key to use for encryption or 0 if encryption is disabled.", + "description": "Key is the index to the key to use for encryption or 0 if encryption is\ndisabled.", "type": "integer" } }, @@ -110,31 +114,31 @@ "description": "ENI is the AWS ENI specific configuration.", "properties": { "availability-zone": { - "description": "AvailabilityZone is the availability zone to use when allocating ENIs.", + "description": "AvailabilityZone is the availability zone to use when allocating\nENIs.", "type": "string" }, "delete-on-termination": { - "description": "DeleteOnTermination defines that the ENI should be deleted when the associated instance is terminated. If the parameter is not set the default behavior is to delete the ENI on instance termination.", + "description": "DeleteOnTermination defines that the ENI should be deleted when the\nassociated instance is terminated. If the parameter is not set the\ndefault behavior is to delete the ENI on instance termination.", "type": "boolean" }, "disable-prefix-delegation": { - "description": "DisablePrefixDelegation determines whether ENI prefix delegation should be disabled on this node.", + "description": "DisablePrefixDelegation determines whether ENI prefix delegation should be\ndisabled on this node.", "type": "boolean" }, "exclude-interface-tags": { "additionalProperties": { "type": "string" }, - "description": "ExcludeInterfaceTags is the list of tags to use when excluding ENIs for Cilium IP allocation. Any interface matching this set of tags will not be managed by Cilium.", + "description": "ExcludeInterfaceTags is the list of tags to use when excluding ENIs for\nCilium IP allocation. Any interface matching this set of tags will not\nbe managed by Cilium.", "type": "object" }, "first-interface-index": { - "description": "FirstInterfaceIndex is the index of the first ENI to use for IP allocation, e.g. if the node has eth0, eth1, eth2 and FirstInterfaceIndex is set to 1, then only eth1 and eth2 will be used for IP allocation, eth0 will be ignored for PodIP allocation.", + "description": "FirstInterfaceIndex is the index of the first ENI to use for IP\nallocation, e.g. if the node has eth0, eth1, eth2 and\nFirstInterfaceIndex is set to 1, then only eth1 and eth2 will be\nused for IP allocation, eth0 will be ignored for PodIP allocation.", "minimum": 0, "type": "integer" }, "instance-id": { - "description": "InstanceID is the AWS InstanceId of the node. The InstanceID is used to retrieve AWS metadata for the node. \n OBSOLETE: This field is obsolete, please use Spec.InstanceID", + "description": "InstanceID is the AWS InstanceId of the node. The InstanceID is used\nto retrieve AWS metadata for the node.\n\nOBSOLETE: This field is obsolete, please use Spec.InstanceID", "type": "string" }, "instance-type": { @@ -142,17 +146,21 @@ "type": "string" }, "max-above-watermark": { - "description": "MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs. \n OBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark", + "description": "MaxAboveWatermark is the maximum number of addresses to allocate\nbeyond the addresses needed to reach the PreAllocate watermark.\nGoing above the watermark can help reduce the number of API calls to\nallocate IPs, e.g. when a new ENI is allocated, as many secondary\nIPs as possible are allocated. Limiting the amount can help reduce\nwaste of IPs.\n\nOBSOLETE: This field is obsolete, please use Spec.IPAM.MaxAboveWatermark", "minimum": 0, "type": "integer" }, "min-allocate": { - "description": "MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs. \n OBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate", + "description": "MinAllocate is the minimum number of IPs that must be allocated when\nthe node is first bootstrapped. It defines the minimum base socket\nof addresses that must be available. After reaching this watermark,\nthe PreAllocate and MaxAboveWatermark logic takes over to continue\nallocating IPs.\n\nOBSOLETE: This field is obsolete, please use Spec.IPAM.MinAllocate", "minimum": 0, "type": "integer" }, + "node-subnet-id": { + "description": "NodeSubnetID is the subnet of the primary ENI the instance was brought up\nwith. It is used as a sensible default subnet to create ENIs in.", + "type": "string" + }, "pre-allocate": { - "description": "PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved. \n OBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate", + "description": "PreAllocate defines the number of IP addresses that must be\navailable for allocation in the IPAMspec. It defines the buffer of\naddresses available immediately without requiring cilium-operator to\nget involved.\n\nOBSOLETE: This field is obsolete, please use Spec.IPAM.PreAllocate", "minimum": 0, "type": "integer" }, @@ -160,18 +168,18 @@ "additionalProperties": { "type": "string" }, - "description": "SecurityGroupTags is the list of tags to use when evaliating what AWS security groups to use for the ENI.", + "description": "SecurityGroupTags is the list of tags to use when evaliating what\nAWS security groups to use for the ENI.", "type": "object" }, "security-groups": { - "description": "SecurityGroups is the list of security groups to attach to any ENI that is created and attached to the instance.", + "description": "SecurityGroups is the list of security groups to attach to any ENI\nthat is created and attached to the instance.", "items": { "type": "string" }, "type": "array" }, "subnet-ids": { - "description": "SubnetIDs is the list of subnet ids to use when evaluating what AWS subnets to use for ENI and IP allocation.", + "description": "SubnetIDs is the list of subnet ids to use when evaluating what AWS\nsubnets to use for ENI and IP allocation.", "items": { "type": "string" }, @@ -181,11 +189,11 @@ "additionalProperties": { "type": "string" }, - "description": "SubnetTags is the list of tags to use when evaluating what AWS subnets to use for ENI and IP allocation.", + "description": "SubnetTags is the list of tags to use when evaluating what AWS\nsubnets to use for ENI and IP allocation.", "type": "object" }, "use-primary-address": { - "description": "UsePrimaryAddress determines whether an ENI's primary address should be available for allocations on the node", + "description": "UsePrimaryAddress determines whether an ENI's primary address\nshould be available for allocations on the node", "type": "boolean" }, "vpc-id": { @@ -197,7 +205,7 @@ "additionalProperties": false }, "health": { - "description": "HealthAddressing is the addressing information for health connectivity checking.", + "description": "HealthAddressing is the addressing information for health connectivity\nchecking.", "properties": { "ipv4": { "description": "IPv4 is the IPv4 address of the IPv4 health endpoint.", @@ -225,39 +233,47 @@ "additionalProperties": false }, "instance-id": { - "description": "InstanceID is the identifier of the node. This is different from the node name which is typically the FQDN of the node. The InstanceID typically refers to the identifier used by the cloud provider or some other means of identification.", + "description": "InstanceID is the identifier of the node. This is different from the\nnode name which is typically the FQDN of the node. The InstanceID\ntypically refers to the identifier used by the cloud provider or\nsome other means of identification.", "type": "string" }, "ipam": { - "description": "IPAM is the address management specification. This section can be populated by a user or it can be automatically populated by an IPAM operator.", + "description": "IPAM is the address management specification. This section can be\npopulated by a user or it can be automatically populated by an IPAM\noperator.", "properties": { + "ipv6-pool": { + "additionalProperties": { + "description": "AllocationIP is an IP which is available for allocation, or already\nhas been allocated", + "properties": { + "owner": { + "description": "Owner is the owner of the IP. This field is set if the IP has been\nallocated. It will be set to the pod name or another identifier\nrepresenting the usage of the IP\n\nThe owner field is left blank for an entry in Spec.IPAM.Pool and\nfilled out as the IP is used and also added to Status.IPAM.Used.", + "type": "string" + }, + "resource": { + "description": "Resource is set for both available and allocated IPs, it represents\nwhat resource the IP is associated with, e.g. in combination with\nAWS ENI, this will refer to the ID of the ENI", + "type": "string" + } + }, + "type": "object" + }, + "description": "IPv6Pool is the list of IPv6 addresses available to the node for allocation.\nWhen an IPv6 address is used, it will remain on this list but will be added to\nStatus.IPAM.IPv6Used", + "type": "object" + }, "max-above-watermark": { - "description": "MaxAboveWatermark is the maximum number of addresses to allocate beyond the addresses needed to reach the PreAllocate watermark. Going above the watermark can help reduce the number of API calls to allocate IPs, e.g. when a new ENI is allocated, as many secondary IPs as possible are allocated. Limiting the amount can help reduce waste of IPs.", + "description": "MaxAboveWatermark is the maximum number of addresses to allocate\nbeyond the addresses needed to reach the PreAllocate watermark.\nGoing above the watermark can help reduce the number of API calls to\nallocate IPs, e.g. when a new ENI is allocated, as many secondary\nIPs as possible are allocated. Limiting the amount can help reduce\nwaste of IPs.", "minimum": 0, "type": "integer" }, "max-allocate": { - "description": "MaxAllocate is the maximum number of IPs that can be allocated to the node. When the current amount of allocated IPs will approach this value, the considered value for PreAllocate will decrease down to 0 in order to not attempt to allocate more addresses than defined.", + "description": "MaxAllocate is the maximum number of IPs that can be allocated to the\nnode. When the current amount of allocated IPs will approach this value,\nthe considered value for PreAllocate will decrease down to 0 in order to\nnot attempt to allocate more addresses than defined.", "minimum": 0, "type": "integer" }, "min-allocate": { - "description": "MinAllocate is the minimum number of IPs that must be allocated when the node is first bootstrapped. It defines the minimum base socket of addresses that must be available. After reaching this watermark, the PreAllocate and MaxAboveWatermark logic takes over to continue allocating IPs.", - "minimum": 0, - "type": "integer" - }, - "pod-cidr-allocation-threshold": { - "description": "PodCIDRAllocationThreshold defines the minimum number of free IPs which must be available to this node via its pod CIDR pool. If the total number of IP addresses in the pod CIDR pool is less than this value, the pod CIDRs currently in-use by this node will be marked as depleted and cilium-operator will allocate a new pod CIDR to this node. This value effectively defines the buffer of IP addresses available immediately without requiring cilium-operator to get involved.", - "minimum": 0, - "type": "integer" - }, - "pod-cidr-release-threshold": { - "description": "PodCIDRReleaseThreshold defines the maximum number of free IPs which may be available to this node via its pod CIDR pool. While the total number of free IP addresses in the pod CIDR pool is larger than this value, cilium-agent will attempt to release currently unused pod CIDRs.", + "description": "MinAllocate is the minimum number of IPs that must be allocated when\nthe node is first bootstrapped. It defines the minimum base socket\nof addresses that must be available. After reaching this watermark,\nthe PreAllocate and MaxAboveWatermark logic takes over to continue\nallocating IPs.", "minimum": 0, "type": "integer" }, "podCIDRs": { - "description": "PodCIDRs is the list of CIDRs available to the node for allocation. When an IP is used, the IP will be added to Status.IPAM.Used", + "description": "PodCIDRs is the list of CIDRs available to the node for allocation.\nWhen an IP is used, the IP will be added to Status.IPAM.Used", "items": { "type": "string" }, @@ -265,26 +281,98 @@ }, "pool": { "additionalProperties": { - "description": "AllocationIP is an IP which is available for allocation, or already has been allocated", + "description": "AllocationIP is an IP which is available for allocation, or already\nhas been allocated", "properties": { "owner": { - "description": "Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP \n The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used.", + "description": "Owner is the owner of the IP. This field is set if the IP has been\nallocated. It will be set to the pod name or another identifier\nrepresenting the usage of the IP\n\nThe owner field is left blank for an entry in Spec.IPAM.Pool and\nfilled out as the IP is used and also added to Status.IPAM.Used.", "type": "string" }, "resource": { - "description": "Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI", + "description": "Resource is set for both available and allocated IPs, it represents\nwhat resource the IP is associated with, e.g. in combination with\nAWS ENI, this will refer to the ID of the ENI", "type": "string" } }, "type": "object" }, - "description": "Pool is the list of IPs available to the node for allocation. When an IP is used, the IP will remain on this list but will be added to Status.IPAM.Used", + "description": "Pool is the list of IPv4 addresses available to the node for allocation.\nWhen an IPv4 address is used, it will remain on this list but will be added to\nStatus.IPAM.Used", "type": "object" }, + "pools": { + "description": "Pools contains the list of assigned IPAM pools for this node.", + "properties": { + "allocated": { + "description": "Allocated contains the list of pooled CIDR assigned to this node. The\noperator will add new pod CIDRs to this field, whereas the agent will\nremove CIDRs it has released.", + "items": { + "description": "IPAMPoolAllocation describes an allocation of an IPAM pool from the operator to the\nnode. It contains the assigned PodCIDRs allocated from this pool", + "properties": { + "cidrs": { + "description": "CIDRs contains a list of pod CIDRs currently allocated from this pool", + "items": { + "description": "IPAMPodCIDR is a pod CIDR", + "format": "cidr", + "type": "string" + }, + "type": "array" + }, + "pool": { + "description": "Pool is the name of the IPAM pool backing this allocation", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "pool" + ], + "type": "object" + }, + "type": "array" + }, + "requested": { + "description": "Requested contains a list of IPAM pool requests, i.e. indicates how many\naddresses this node requests out of each pool listed here. This field\nis owned and written to by cilium-agent and read by the operator.", + "items": { + "properties": { + "needed": { + "description": "Needed indicates how many IPs out of the above Pool this node requests\nfrom the operator. The operator runs a reconciliation loop to ensure each\nnode always has enough PodCIDRs allocated in each pool to fulfill the\nrequested number of IPs here.", + "properties": { + "ipv4-addrs": { + "description": "IPv4Addrs contains the number of requested IPv4 addresses out of a given\npool", + "type": "integer" + }, + "ipv6-addrs": { + "description": "IPv6Addrs contains the number of requested IPv6 addresses out of a given\npool", + "type": "integer" + } + }, + "type": "object" + }, + "pool": { + "description": "Pool is the name of the IPAM pool backing this request", + "minLength": 1, + "type": "string" + } + }, + "required": [ + "pool" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, "pre-allocate": { - "description": "PreAllocate defines the number of IP addresses that must be available for allocation in the IPAMspec. It defines the buffer of addresses available immediately without requiring cilium-operator to get involved.", + "description": "PreAllocate defines the number of IP addresses that must be\navailable for allocation in the IPAMspec. It defines the buffer of\naddresses available immediately without requiring cilium-operator to\nget involved.", "minimum": 0, "type": "integer" + }, + "static-ip-tags": { + "additionalProperties": { + "type": "string" + }, + "description": "StaticIPTags are used to determine the pool of IPs from which to\nattribute a static IP to the node. For example in AWS this is used to\nfilter Elastic IP Addresses.", + "type": "object" } }, "type": "object", @@ -300,7 +388,7 @@ "additionalProperties": false }, "status": { - "description": "Status defines the realized specification/configuration and status of the node.", + "description": "Status defines the realized specification/configuration and status\nof the node.", "properties": { "alibaba-cloud": { "description": "AlibabaCloud is the AlibabaCloud specific status of the node.", @@ -370,6 +458,13 @@ "description": "IPv6CIDRBlock is the VPC IPv6 CIDR", "type": "string" }, + "secondary-cidrs": { + "description": "SecondaryCIDRs is the list of Secondary CIDRs associated with the VPC", + "items": { + "type": "string" + }, + "type": "array" + }, "vpc-id": { "description": "VPCID is the vpc to which the ENI belongs", "type": "string" @@ -417,11 +512,11 @@ "description": "AzureInterface represents an Azure Interface", "properties": { "GatewayIP": { - "description": "GatewayIP is the interface's subnet's default route \n OBSOLETE: This field is obsolete, please use Gateway field instead.", + "description": "GatewayIP is the interface's subnet's default route\n\nOBSOLETE: This field is obsolete, please use Gateway field instead.", "type": "string" }, "addresses": { - "description": "Addresses is the list of all IPs associated with the interface, including all secondary addresses", + "description": "Addresses is the list of all IPs associated with the interface,\nincluding all secondary addresses", "items": { "description": "AzureAddress is an IP address assigned to an AzureInterface", "properties": { @@ -483,7 +578,7 @@ "properties": { "enis": { "additionalProperties": { - "description": "ENI represents an AWS Elastic Network Interface \n More details: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html", + "description": "ENI represents an AWS Elastic Network Interface\n\nMore details:\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html", "properties": { "addresses": { "description": "Addresses is the list of all secondary IPs associated with the ENI", @@ -513,7 +608,7 @@ "type": "string" }, "number": { - "description": "Number is the interface index, it used in combination with FirstInterfaceIndex", + "description": "Number is the interface index, it used in combination with\nFirstInterfaceIndex", "type": "integer" }, "prefixes": { @@ -523,6 +618,10 @@ }, "type": "array" }, + "public-ip": { + "description": "PublicIP is the public IP associated with the ENI", + "type": "string" + }, "security-groups": { "description": "SecurityGroups are the security groups associated with the ENI", "items": { @@ -548,7 +647,7 @@ "additionalProperties": { "type": "string" }, - "description": "Tags is the set of tags of the ENI. Used to detect ENIs which should not be managed by Cilium", + "description": "Tags is the set of tags of the ENI. Used to detect ENIs which should\nnot be managed by Cilium", "type": "object" }, "vpc": { @@ -584,6 +683,28 @@ "ipam": { "description": "IPAM is the IPAM status of the node.", "properties": { + "assigned-static-ip": { + "description": "AssignedStaticIP is the static IP assigned to the node (ex: public Elastic IP address in AWS)", + "type": "string" + }, + "ipv6-used": { + "additionalProperties": { + "description": "AllocationIP is an IP which is available for allocation, or already\nhas been allocated", + "properties": { + "owner": { + "description": "Owner is the owner of the IP. This field is set if the IP has been\nallocated. It will be set to the pod name or another identifier\nrepresenting the usage of the IP\n\nThe owner field is left blank for an entry in Spec.IPAM.Pool and\nfilled out as the IP is used and also added to Status.IPAM.Used.", + "type": "string" + }, + "resource": { + "description": "Resource is set for both available and allocated IPs, it represents\nwhat resource the IP is associated with, e.g. in combination with\nAWS ENI, this will refer to the ID of the ENI", + "type": "string" + } + }, + "type": "object" + }, + "description": "IPv6Used lists all IPv6 addresses out of Spec.IPAM.IPv6Pool which have been\nallocated and are in use.", + "type": "object" + }, "operator-status": { "description": "Operator is the Operator status of the node", "properties": { @@ -614,7 +735,21 @@ }, "release-ips": { "additionalProperties": { - "description": "IPReleaseStatus defines the valid states in IP release handshake", + "description": "IPReleaseStatus defines the valid states in IP release handshake", + "enum": [ + "marked-for-release", + "ready-for-release", + "do-not-release", + "released" + ], + "type": "string" + }, + "description": "ReleaseIPs tracks the state for every IPv4 address considered for release.\nThe value can be one of the following strings:\n* marked-for-release : Set by operator as possible candidate for IP\n* ready-for-release : Acknowledged as safe to release by agent\n* do-not-release : IP already in use / not owned by the node. Set by agent\n* released : IP successfully released. Set by operator", + "type": "object" + }, + "release-ipv6s": { + "additionalProperties": { + "description": "IPReleaseStatus defines the valid states in IP release handshake", "enum": [ "marked-for-release", "ready-for-release", @@ -623,25 +758,25 @@ ], "type": "string" }, - "description": "ReleaseIPs tracks the state for every IP considered for release. value can be one of the following string : * marked-for-release : Set by operator as possible candidate for IP * ready-for-release : Acknowledged as safe to release by agent * do-not-release : IP already in use / not owned by the node. Set by agent * released : IP successfully released. Set by operator", + "description": "ReleaseIPv6s tracks the state for every IPv6 address considered for release.\nThe value can be one of the following strings:\n* marked-for-release : Set by operator as possible candidate for IP\n* ready-for-release : Acknowledged as safe to release by agent\n* do-not-release : IP already in use / not owned by the node. Set by agent\n* released : IP successfully released. Set by operator", "type": "object" }, "used": { "additionalProperties": { - "description": "AllocationIP is an IP which is available for allocation, or already has been allocated", + "description": "AllocationIP is an IP which is available for allocation, or already\nhas been allocated", "properties": { "owner": { - "description": "Owner is the owner of the IP. This field is set if the IP has been allocated. It will be set to the pod name or another identifier representing the usage of the IP \n The owner field is left blank for an entry in Spec.IPAM.Pool and filled out as the IP is used and also added to Status.IPAM.Used.", + "description": "Owner is the owner of the IP. This field is set if the IP has been\nallocated. It will be set to the pod name or another identifier\nrepresenting the usage of the IP\n\nThe owner field is left blank for an entry in Spec.IPAM.Pool and\nfilled out as the IP is used and also added to Status.IPAM.Used.", "type": "string" }, "resource": { - "description": "Resource is set for both available and allocated IPs, it represents what resource the IP is associated with, e.g. in combination with AWS ENI, this will refer to the ID of the ENI", + "description": "Resource is set for both available and allocated IPs, it represents\nwhat resource the IP is associated with, e.g. in combination with\nAWS ENI, this will refer to the ID of the ENI", "type": "string" } }, "type": "object" }, - "description": "Used lists all IPs out of Spec.IPAM.Pool which have been allocated and are in use.", + "description": "Used lists all IPv4 addresses out of Spec.IPAM.Pool which have been allocated\nand are in use.", "type": "object" } }, diff --git a/master-standalone-strict/clusteranalysistemplate-argoproj-v1alpha1.json b/master-standalone-strict/clusteranalysistemplate-argoproj-v1alpha1.json index 027abe9..fadd2dd 100644 --- a/master-standalone-strict/clusteranalysistemplate-argoproj-v1alpha1.json +++ b/master-standalone-strict/clusteranalysistemplate-argoproj-v1alpha1.json @@ -106,6 +106,17 @@ ], "x-kubernetes-int-or-string": true }, + "consecutiveSuccessLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, "count": { "anyOf": [ { @@ -244,16 +255,56 @@ }, "datadog": { "properties": { + "aggregator": { + "enum": [ + "avg", + "min", + "max", + "sum", + "last", + "percentile", + "mean", + "l2norm", + "area" + ], + "type": "string" + }, + "apiVersion": { + "default": "v1", + "enum": [ + "v1", + "v2" + ], + "type": "string" + }, + "formula": { + "type": "string" + }, "interval": { + "default": "5m", "type": "string" }, + "queries": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, "query": { "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "type": "string" + }, + "namespaced": { + "type": "boolean" + } + }, + "type": "object" } }, - "required": [ - "query" - ], "type": "object" }, "graphite": { @@ -267,6 +318,17 @@ }, "type": "object" }, + "influxdb": { + "properties": { + "profile": { + "type": "string" + }, + "query": { + "type": "string" + } + }, + "type": "object" + }, "job": { "properties": { "metadata": { @@ -296,6 +358,10 @@ "format": "int32", "type": "integer" }, + "backoffLimitPerIndex": { + "format": "int32", + "type": "integer" + }, "completionMode": { "type": "string" }, @@ -306,10 +372,82 @@ "manualSelector": { "type": "boolean" }, + "maxFailedIndexes": { + "format": "int32", + "type": "integer" + }, "parallelism": { "format": "int32", "type": "integer" }, + "podFailurePolicy": { + "properties": { + "rules": { + "items": { + "properties": { + "action": { + "type": "string" + }, + "onExitCodes": { + "properties": { + "containerName": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "required": [ + "operator", + "values" + ], + "type": "object" + }, + "onPodConditions": { + "items": { + "properties": { + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "rules" + ], + "type": "object" + }, + "podReplacementPolicy": { + "type": "string" + }, "selector": { "properties": { "matchExpressions": { @@ -343,7 +481,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "suspend": { "type": "boolean" @@ -431,7 +570,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "weight": { "format": "int32", @@ -500,7 +640,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" } @@ -508,7 +649,8 @@ "required": [ "nodeSelectorTerms" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -553,7 +695,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -588,7 +745,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -654,7 +812,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -689,7 +862,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -751,7 +925,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -786,7 +975,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -852,7 +1042,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -887,7 +1092,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -956,7 +1162,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -970,7 +1177,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -996,7 +1204,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1013,7 +1222,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1038,7 +1248,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1052,7 +1263,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1126,6 +1338,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1210,6 +1434,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1521,8 +1757,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -1532,6 +1805,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -1900,7 +2176,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -1914,7 +2191,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -1940,7 +2218,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1957,7 +2236,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1982,7 +2262,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1996,7 +2277,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2070,6 +2352,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2154,6 +2448,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2465,8 +2771,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -2476,6 +2819,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -2795,6 +3141,9 @@ "hostPID": { "type": "boolean" }, + "hostUsers": { + "type": "boolean" + }, "hostname": { "type": "string" }, @@ -2805,7 +3154,8 @@ "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, @@ -2850,7 +3200,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -2864,7 +3215,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -2890,7 +3242,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -2907,7 +3260,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2932,7 +3286,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -2946,7 +3301,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -3020,6 +3376,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3104,6 +3472,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3415,8 +3795,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -3426,6 +3843,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -3776,6 +4196,35 @@ }, "type": "array" }, + "resourceClaims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "source": { + "properties": { + "resourceClaimName": { + "type": "string" + }, + "resourceClaimTemplateName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "restartPolicy": { "type": "string" }, @@ -3785,6 +4234,24 @@ "schedulerName": { "type": "string" }, + "schedulingGates": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "securityContext": { "properties": { "fsGroup": { @@ -3960,12 +4427,30 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "maxSkew": { "format": "int32", "type": "integer" }, + "minDomains": { + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, "topologyKey": { "type": "string" }, @@ -4144,6 +4629,10 @@ }, "query": { "type": "string" + }, + "timeout": { + "format": "int64", + "type": "integer" } }, "required": [ @@ -4151,11 +4640,107 @@ ], "type": "object" }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "prometheus": { "properties": { "address": { "type": "string" }, + "authentication": { + "properties": { + "oauth2": { + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "type": "string" + } + }, + "type": "object" + }, + "sigv4": { + "properties": { + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "insecure": { + "type": "boolean" + }, + "query": { + "type": "string" + }, + "rangeQuery": { + "properties": { + "end": { + "type": "string" + }, + "start": { + "type": "string" + }, + "step": { + "type": "string" + } + }, + "type": "object" + }, + "timeout": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "skywalking": { + "properties": { + "address": { + "type": "string" + }, + "interval": { + "type": "string" + }, "query": { "type": "string" } @@ -4175,6 +4760,45 @@ }, "web": { "properties": { + "authentication": { + "properties": { + "oauth2": { + "properties": { + "clientId": { + "type": "string" + }, + "clientSecret": { + "type": "string" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenUrl": { + "type": "string" + } + }, + "type": "object" + }, + "sigv4": { + "properties": { + "profile": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleArn": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, "body": { "type": "string" }, @@ -4199,6 +4823,10 @@ "insecure": { "type": "boolean" }, + "jsonBody": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, "jsonPath": { "type": "string" }, @@ -4232,11 +4860,22 @@ "type": "object" }, "type": "array" + }, + "templates": { + "items": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "templateName": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" } }, - "required": [ - "metrics" - ], "type": "object", "additionalProperties": false } diff --git a/master-standalone-strict/clusterexternalsecret-external-secrets-v1.json b/master-standalone-strict/clusterexternalsecret-external-secrets-v1.json new file mode 100644 index 0000000..326568c --- /dev/null +++ b/master-standalone-strict/clusterexternalsecret-external-secrets-v1.json @@ -0,0 +1,821 @@ +{ + "description": "ClusterExternalSecret is the Schema for the clusterexternalsecrets API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.", + "properties": { + "externalSecretMetadata": { + "description": "The metadata of the external secrets to be created", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "externalSecretName": { + "description": "The name of the external secrets to be created.\nDefaults to the name of the ClusterExternalSecret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "externalSecretSpec": { + "description": "The spec for the ExternalSecrets to be created", + "properties": { + "data": { + "description": "Data defines the connection between the Kubernetes Secret keys and the Provider data", + "items": { + "description": "ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data.", + "properties": { + "remoteRef": { + "description": "RemoteRef points to the remote secret and defines\nwhich secret (version/property/..) to fetch.", + "properties": { + "conversionStrategy": { + "default": "Default", + "description": "Used to define a conversion Strategy", + "enum": [ + "Default", + "Unicode" + ], + "type": "string" + }, + "decodingStrategy": { + "default": "None", + "description": "Used to define a decoding Strategy", + "enum": [ + "Auto", + "Base64", + "Base64URL", + "None" + ], + "type": "string" + }, + "key": { + "description": "Key is the key used in the Provider, mandatory", + "type": "string" + }, + "metadataPolicy": { + "default": "None", + "description": "Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None", + "enum": [ + "None", + "Fetch" + ], + "type": "string" + }, + "property": { + "description": "Used to select a specific property of the Provider value (if a map), if supported", + "type": "string" + }, + "version": { + "description": "Used to select a specific version of the Provider value, if supported", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "secretKey": { + "description": "The key in the Kubernetes Secret to store the value.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "sourceRef": { + "description": "SourceRef allows you to override the source\nfrom which the value will be pulled.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "generatorRef": { + "description": "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", + "properties": { + "apiVersion": { + "default": "generators.external-secrets.io/v1alpha1", + "description": "Specify the apiVersion of the generator resource", + "type": "string" + }, + "kind": { + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], + "type": "string" + }, + "name": { + "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storeRef": { + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "name": { + "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "remoteRef", + "secretKey" + ], + "type": "object" + }, + "type": "array" + }, + "dataFrom": { + "description": "DataFrom is used to fetch all properties from a specific Provider data\nIf multiple entries are specified, the Secret keys are merged in the specified order", + "items": { + "properties": { + "extract": { + "description": "Used to extract multiple key/value pairs from one secret\nNote: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.", + "properties": { + "conversionStrategy": { + "default": "Default", + "description": "Used to define a conversion Strategy", + "enum": [ + "Default", + "Unicode" + ], + "type": "string" + }, + "decodingStrategy": { + "default": "None", + "description": "Used to define a decoding Strategy", + "enum": [ + "Auto", + "Base64", + "Base64URL", + "None" + ], + "type": "string" + }, + "key": { + "description": "Key is the key used in the Provider, mandatory", + "type": "string" + }, + "metadataPolicy": { + "default": "None", + "description": "Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None", + "enum": [ + "None", + "Fetch" + ], + "type": "string" + }, + "property": { + "description": "Used to select a specific property of the Provider value (if a map), if supported", + "type": "string" + }, + "version": { + "description": "Used to select a specific version of the Provider value, if supported", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "find": { + "description": "Used to find secrets based on tags or regular expressions\nNote: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.", + "properties": { + "conversionStrategy": { + "default": "Default", + "description": "Used to define a conversion Strategy", + "enum": [ + "Default", + "Unicode" + ], + "type": "string" + }, + "decodingStrategy": { + "default": "None", + "description": "Used to define a decoding Strategy", + "enum": [ + "Auto", + "Base64", + "Base64URL", + "None" + ], + "type": "string" + }, + "name": { + "description": "Finds secrets based on the name.", + "properties": { + "regexp": { + "description": "Finds secrets base", + "type": "string" + } + }, + "type": "object" + }, + "path": { + "description": "A root path to start the find operations.", + "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "Find secrets based on tags.", + "type": "object" + } + }, + "type": "object" + }, + "rewrite": { + "description": "Used to rewrite secret Keys after getting them from the secret Provider\nMultiple Rewrite operations can be provided. They are applied in a layered order (first to last)", + "items": { + "properties": { + "regexp": { + "description": "Used to rewrite with regular expressions.\nThe resulting key will be the output of a regexp.ReplaceAll operation.", + "properties": { + "source": { + "description": "Used to define the regular expression of a re.Compiler.", + "type": "string" + }, + "target": { + "description": "Used to define the target pattern of a ReplaceAll operation.", + "type": "string" + } + }, + "required": [ + "source", + "target" + ], + "type": "object" + }, + "transform": { + "description": "Used to apply string transformation on the secrets.\nThe resulting key will be the output of the template applied by the operation.", + "properties": { + "template": { + "description": "Used to define the template to apply on the secret name.\n`.value ` will specify the secret name in the template.", + "type": "string" + } + }, + "required": [ + "template" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "sourceRef": { + "description": "SourceRef points to a store or generator\nwhich contains secret values ready to use.\nUse this in combination with Extract or Find pull values out of\na specific SecretStore.\nWhen sourceRef points to a generator Extract or Find is not supported.\nThe generator returns a static map of values", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "generatorRef": { + "description": "GeneratorRef points to a generator custom resource.", + "properties": { + "apiVersion": { + "default": "generators.external-secrets.io/v1alpha1", + "description": "Specify the apiVersion of the generator resource", + "type": "string" + }, + "kind": { + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], + "type": "string" + }, + "name": { + "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storeRef": { + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "name": { + "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "refreshInterval": { + "default": "1h", + "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h.", + "type": "string" + }, + "refreshPolicy": { + "description": "RefreshPolicy determines how the ExternalSecret should be refreshed:\n- CreatedOnce: Creates the Secret only if it does not exist and does not update it thereafter\n- Periodic: Synchronizes the Secret from the external source at regular intervals specified by refreshInterval.\n No periodic updates occur if refreshInterval is 0.\n- OnChange: Only synchronizes the Secret when the ExternalSecret's metadata or specification changes", + "enum": [ + "CreatedOnce", + "Periodic", + "OnChange" + ], + "type": "string" + }, + "secretStoreRef": { + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "name": { + "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "target": { + "default": { + "creationPolicy": "Owner", + "deletionPolicy": "Retain" + }, + "description": "ExternalSecretTarget defines the Kubernetes Secret to be created\nThere can be only one target per ExternalSecret.", + "properties": { + "creationPolicy": { + "default": "Owner", + "description": "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"", + "enum": [ + "Owner", + "Orphan", + "Merge", + "None" + ], + "type": "string" + }, + "deletionPolicy": { + "default": "Retain", + "description": "DeletionPolicy defines rules on how to delete the resulting Secret.\nDefaults to \"Retain\"", + "enum": [ + "Delete", + "Merge", + "Retain" + ], + "type": "string" + }, + "immutable": { + "description": "Immutable defines if the final secret will be immutable", + "type": "boolean" + }, + "name": { + "description": "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "template": { + "description": "Template defines a blueprint for the created Secret resource.", + "properties": { + "data": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "default": "v2", + "description": "EngineVersion specifies the template engine version\nthat should be used to compile/execute the\ntemplate specified in .data and .templateFrom[].", + "enum": [ + "v2" + ], + "type": "string" + }, + "mergePolicy": { + "default": "Replace", + "enum": [ + "Replace", + "Merge" + ], + "type": "string" + }, + "metadata": { + "description": "ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "templateFrom": { + "items": { + "properties": { + "configMap": { + "properties": { + "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", + "items": { + "properties": { + "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "templateAs": { + "default": "Values", + "enum": [ + "Values", + "KeysAndValues" + ], + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "items", + "name" + ], + "type": "object" + }, + "literal": { + "type": "string" + }, + "secret": { + "properties": { + "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", + "items": { + "properties": { + "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "templateAs": { + "default": "Values", + "enum": [ + "Values", + "KeysAndValues" + ], + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "items", + "name" + ], + "type": "object" + }, + "target": { + "default": "Data", + "enum": [ + "Data", + "Annotations", + "Labels" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "namespaceSelector": { + "description": "The labels to select by to find the Namespaces to create the ExternalSecrets in.\nDeprecated: Use NamespaceSelectors instead.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "namespaceSelectors": { + "description": "A list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.", + "items": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "namespaces": { + "description": "Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.\nDeprecated: Use NamespaceSelectors instead.", + "items": { + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": "array" + }, + "refreshTime": { + "description": "The time in which the controller should reconcile its objects and recheck namespaces for labels.", + "type": "string" + } + }, + "required": [ + "externalSecretSpec" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.", + "properties": { + "conditions": { + "items": { + "properties": { + "message": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "externalSecretName": { + "description": "ExternalSecretName is the name of the ExternalSecrets created by the ClusterExternalSecret", + "type": "string" + }, + "failedNamespaces": { + "description": "Failed namespaces are the namespaces that failed to apply an ExternalSecret", + "items": { + "description": "ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it's reason.", + "properties": { + "namespace": { + "description": "Namespace is the namespace that failed when trying to apply an ExternalSecret", + "type": "string" + }, + "reason": { + "description": "Reason is why the ExternalSecret failed to apply to the namespace", + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "type": "array" + }, + "provisionedNamespaces": { + "description": "ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/clusterexternalsecret-external-secrets-v1beta1.json b/master-standalone-strict/clusterexternalsecret-external-secrets-v1beta1.json index d940919..326568c 100644 --- a/master-standalone-strict/clusterexternalsecret-external-secrets-v1beta1.json +++ b/master-standalone-strict/clusterexternalsecret-external-secrets-v1beta1.json @@ -35,7 +35,10 @@ "additionalProperties": false }, "externalSecretName": { - "description": "The name of the external secrets to be created defaults to the name of the ClusterExternalSecret", + "description": "The name of the external secrets to be created.\nDefaults to the name of the ClusterExternalSecret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "externalSecretSpec": { @@ -97,15 +100,19 @@ "type": "object" }, "secretKey": { - "description": "SecretKey defines the key in which the controller stores\nthe value. This is the key in the Kind=Secret", + "description": "The key in the Kubernetes Secret to store the value.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "sourceRef": { - "description": "SourceRef allows you to override the source\nfrom which the value will pulled from.", + "description": "SourceRef allows you to override the source\nfrom which the value will be pulled.", "maxProperties": 1, + "minProperties": 1, "properties": { "generatorRef": { - "description": "GeneratorRef points to a generator custom resource.\n\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", + "description": "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", "properties": { "apiVersion": { "default": "generators.external-secrets.io/v1alpha1", @@ -113,11 +120,29 @@ "type": "string" }, "kind": { - "description": "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.", + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], "type": "string" }, "name": { "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -132,16 +157,20 @@ "properties": { "kind": { "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], "type": "string" }, "name": { "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object" } }, @@ -300,6 +329,7 @@ "sourceRef": { "description": "SourceRef points to a store or generator\nwhich contains secret values ready to use.\nUse this in combination with Extract or Find pull values out of\na specific SecretStore.\nWhen sourceRef points to a generator Extract or Find is not supported.\nThe generator returns a static map of values", "maxProperties": 1, + "minProperties": 1, "properties": { "generatorRef": { "description": "GeneratorRef points to a generator custom resource.", @@ -310,11 +340,29 @@ "type": "string" }, "kind": { - "description": "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.", + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], "type": "string" }, "name": { "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -329,16 +377,20 @@ "properties": { "kind": { "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], "type": "string" }, "name": { "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object" } }, @@ -351,7 +403,16 @@ }, "refreshInterval": { "default": "1h", - "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nMay be set to zero to fetch and create it once. Defaults to 1h.", + "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h.", + "type": "string" + }, + "refreshPolicy": { + "description": "RefreshPolicy determines how the ExternalSecret should be refreshed:\n- CreatedOnce: Creates the Secret only if it does not exist and does not update it thereafter\n- Periodic: Synchronizes the Secret from the external source at regular intervals specified by refreshInterval.\n No periodic updates occur if refreshInterval is 0.\n- OnChange: Only synchronizes the Secret when the ExternalSecret's metadata or specification changes", + "enum": [ + "CreatedOnce", + "Periodic", + "OnChange" + ], "type": "string" }, "secretStoreRef": { @@ -359,16 +420,20 @@ "properties": { "kind": { "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], "type": "string" }, "name": { "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object", "additionalProperties": false }, @@ -381,7 +446,7 @@ "properties": { "creationPolicy": { "default": "Owner", - "description": "CreationPolicy defines rules on how to create the resulting Secret\nDefaults to 'Owner'", + "description": "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"", "enum": [ "Owner", "Orphan", @@ -392,7 +457,7 @@ }, "deletionPolicy": { "default": "Retain", - "description": "DeletionPolicy defines rules on how to delete the resulting Secret\nDefaults to 'Retain'", + "description": "DeletionPolicy defines rules on how to delete the resulting Secret.\nDefaults to \"Retain\"", "enum": [ "Delete", "Merge", @@ -405,7 +470,10 @@ "type": "boolean" }, "name": { - "description": "Name defines the name of the Secret resource to be managed\nThis field is immutable\nDefaults to the .metadata.name of the ExternalSecret resource", + "description": "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "template": { @@ -421,7 +489,6 @@ "default": "v2", "description": "EngineVersion specifies the template engine version\nthat should be used to compile/execute the\ntemplate specified in .data and .templateFrom[].", "enum": [ - "v1", "v2" ], "type": "string" @@ -459,9 +526,14 @@ "configMap": { "properties": { "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", "items": { "properties": { "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "templateAs": { @@ -481,6 +553,10 @@ "type": "array" }, "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -496,9 +572,14 @@ "secret": { "properties": { "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", "items": { "properties": { "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "templateAs": { @@ -518,6 +599,10 @@ "type": "array" }, "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -557,7 +642,7 @@ "additionalProperties": false }, "namespaceSelector": { - "description": "The labels to select by to find the Namespaces to create the ExternalSecrets in.", + "description": "The labels to select by to find the Namespaces to create the ExternalSecrets in.\nDeprecated: Use NamespaceSelectors instead.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -577,7 +662,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -586,7 +672,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -600,9 +687,61 @@ "x-kubernetes-map-type": "atomic", "additionalProperties": false }, + "namespaceSelectors": { + "description": "A list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.", + "items": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, "namespaces": { - "description": "Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.", + "description": "Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.\nDeprecated: Use NamespaceSelectors instead.", "items": { + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": "array" diff --git a/master-standalone-strict/clustergenerator-generators-v1alpha1.json b/master-standalone-strict/clustergenerator-generators-v1alpha1.json new file mode 100644 index 0000000..8696fef --- /dev/null +++ b/master-standalone-strict/clustergenerator-generators-v1alpha1.json @@ -0,0 +1,1971 @@ +{ + "description": "ClusterGenerator represents a cluster-wide generator which can be referenced as part of `generatorRef` fields.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "generator": { + "description": "Generator the spec for this generator, must match the kind.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "acrAccessTokenSpec": { + "description": "ACRAccessTokenSpec defines how to generate the access token\ne.g. how to authenticate and which registry to use.\nsee: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview", + "properties": { + "auth": { + "properties": { + "managedIdentity": { + "description": "ManagedIdentity uses Azure Managed Identity to authenticate with Azure.", + "properties": { + "identityId": { + "description": "If multiple Managed Identity is assigned to the pod, you can select the one to be used", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "servicePrincipal": { + "description": "ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure.", + "properties": { + "secretRef": { + "description": "Configuration used to authenticate with Azure using static\ncredentials stored in a Kind=Secret.", + "properties": { + "clientId": { + "description": "The Azure clientId of the service principle used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "The Azure ClientSecret of the service principle used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "workloadIdentity": { + "description": "WorkloadIdentity uses Azure Workload Identity to authenticate with Azure.", + "properties": { + "serviceAccountRef": { + "description": "ServiceAccountRef specified the service account\nthat should be used when authenticating with WorkloadIdentity.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "environmentType": { + "default": "PublicCloud", + "description": "EnvironmentType specifies the Azure cloud environment endpoints to use for\nconnecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.\nThe following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152\nPublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud", + "enum": [ + "PublicCloud", + "USGovernmentCloud", + "ChinaCloud", + "GermanCloud" + ], + "type": "string" + }, + "registry": { + "description": "the domain name of the ACR registry\ne.g. foobarexample.azurecr.io", + "type": "string" + }, + "scope": { + "description": "Define the scope for the access token, e.g. pull/push access for a repository.\nif not provided it will return a refresh token that has full scope.\nNote: you need to pin it down to the repository level, there is no wildcard available.\n\nexamples:\nrepository:my-repository:pull,push\nrepository:my-repository:pull\n\nsee docs for details: https://docs.docker.com/registry/spec/auth/scope/", + "type": "string" + }, + "tenantId": { + "description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.", + "type": "string" + } + }, + "required": [ + "auth", + "registry" + ], + "type": "object", + "additionalProperties": false + }, + "ecrAuthorizationTokenSpec": { + "properties": { + "auth": { + "description": "Auth defines how to authenticate with AWS", + "properties": { + "jwt": { + "description": "Authenticate against AWS using service account tokens.", + "properties": { + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "AWSAuthSecretRef holds secret references for AWS credentials\nboth AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionTokenSecretRef": { + "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Region specifies the region to operate in.", + "type": "string" + }, + "role": { + "description": "You can assume a role before making calls to the\ndesired AWS service.", + "type": "string" + }, + "scope": { + "description": "Scope specifies the ECR service scope.\nValid options are private and public.", + "type": "string" + } + }, + "required": [ + "region" + ], + "type": "object", + "additionalProperties": false + }, + "fakeSpec": { + "description": "FakeSpec contains the static data.", + "properties": { + "controller": { + "description": "Used to select the correct ESO controller (think: ingress.ingressClassName)\nThe ESO controller is instantiated with a specific controller name and filters VDS based on this property", + "type": "string" + }, + "data": { + "additionalProperties": { + "type": "string" + }, + "description": "Data defines the static data returned\nby this generator.", + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "gcrAccessTokenSpec": { + "properties": { + "auth": { + "description": "Auth defines the means for authenticating with GCP", + "properties": { + "secretRef": { + "properties": { + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "workloadIdentity": { + "properties": { + "clusterLocation": { + "type": "string" + }, + "clusterName": { + "type": "string" + }, + "clusterProjectID": { + "type": "string" + }, + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clusterLocation", + "clusterName", + "serviceAccountRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "projectID": { + "description": "ProjectID defines which project to use to authenticate with", + "type": "string" + } + }, + "required": [ + "auth", + "projectID" + ], + "type": "object", + "additionalProperties": false + }, + "githubAccessTokenSpec": { + "properties": { + "appID": { + "type": "string" + }, + "auth": { + "description": "Auth configures how ESO authenticates with a Github instance.", + "properties": { + "privateKey": { + "properties": { + "secretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "privateKey" + ], + "type": "object", + "additionalProperties": false + }, + "installID": { + "type": "string" + }, + "permissions": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of permissions the token will have. If omitted, defaults to all permissions the GitHub App has.", + "type": "object" + }, + "repositories": { + "description": "List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App\nis installed to.", + "items": { + "type": "string" + }, + "type": "array" + }, + "url": { + "description": "URL configures the Github instance URL. Defaults to https://github.com/.", + "type": "string" + } + }, + "required": [ + "appID", + "auth", + "installID" + ], + "type": "object", + "additionalProperties": false + }, + "grafanaSpec": { + "description": "GrafanaSpec controls the behavior of the grafana generator.", + "properties": { + "auth": { + "description": "Auth is the authentication configuration to authenticate\nagainst the Grafana instance.", + "properties": { + "basic": { + "description": "Basic auth credentials used to authenticate against the Grafana instance.\nNote: you need a token which has elevated permissions to create service accounts.\nSee here for the documentation on basic roles offered by Grafana:\nhttps://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/", + "properties": { + "password": { + "description": "A basic auth password used to authenticate against the Grafana instance.", + "properties": { + "key": { + "description": "The key where the token is found.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "A basic auth username used to authenticate against the Grafana instance.", + "type": "string" + } + }, + "required": [ + "password", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "token": { + "description": "A service account token used to authenticate against the Grafana instance.\nNote: you need a token which has elevated permissions to create service accounts.\nSee here for the documentation on basic roles offered by Grafana:\nhttps://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/", + "properties": { + "key": { + "description": "The key where the token is found.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccount": { + "description": "ServiceAccount is the configuration for the service account that\nis supposed to be generated by the generator.", + "properties": { + "name": { + "description": "Name is the name of the service account that will be created by ESO.", + "type": "string" + }, + "role": { + "description": "Role is the role of the service account.\nSee here for the documentation on basic roles offered by Grafana:\nhttps://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/", + "type": "string" + } + }, + "required": [ + "name", + "role" + ], + "type": "object", + "additionalProperties": false + }, + "url": { + "description": "URL is the URL of the Grafana instance.", + "type": "string" + } + }, + "required": [ + "auth", + "serviceAccount", + "url" + ], + "type": "object", + "additionalProperties": false + }, + "passwordSpec": { + "description": "PasswordSpec controls the behavior of the password generator.", + "properties": { + "allowRepeat": { + "default": false, + "description": "set AllowRepeat to true to allow repeating characters.", + "type": "boolean" + }, + "digits": { + "description": "Digits specifies the number of digits in the generated\npassword. If omitted it defaults to 25% of the length of the password", + "type": "integer" + }, + "length": { + "default": 24, + "description": "Length of the password to be generated.\nDefaults to 24", + "type": "integer" + }, + "noUpper": { + "default": false, + "description": "Set NoUpper to disable uppercase characters", + "type": "boolean" + }, + "symbolCharacters": { + "description": "SymbolCharacters specifies the special characters that should be used\nin the generated password.", + "type": "string" + }, + "symbols": { + "description": "Symbols specifies the number of symbol characters in the generated\npassword. If omitted it defaults to 25% of the length of the password", + "type": "integer" + } + }, + "required": [ + "allowRepeat", + "length", + "noUpper" + ], + "type": "object", + "additionalProperties": false + }, + "quayAccessTokenSpec": { + "properties": { + "robotAccount": { + "description": "Name of the robot account you are federating with", + "type": "string" + }, + "serviceAccountRef": { + "description": "Name of the service account you are federating with", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "url": { + "description": "URL configures the Quay instance URL. Defaults to quay.io.", + "type": "string" + } + }, + "required": [ + "robotAccount", + "serviceAccountRef" + ], + "type": "object", + "additionalProperties": false + }, + "stsSessionTokenSpec": { + "properties": { + "auth": { + "description": "Auth defines how to authenticate with AWS", + "properties": { + "jwt": { + "description": "Authenticate against AWS using service account tokens.", + "properties": { + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "AWSAuthSecretRef holds secret references for AWS credentials\nboth AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionTokenSecretRef": { + "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "region": { + "description": "Region specifies the region to operate in.", + "type": "string" + }, + "requestParameters": { + "description": "RequestParameters contains parameters that can be passed to the STS service.", + "properties": { + "serialNumber": { + "description": "SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making\nthe GetSessionToken call.\nPossible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device\n(such as arn:aws:iam::123456789012:mfa/user)", + "type": "string" + }, + "sessionDuration": { + "description": "SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for\nIAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds\n(12 hours) as the default.", + "format": "int64", + "type": "integer" + }, + "tokenCode": { + "description": "TokenCode is the value provided by the MFA device, if MFA is required.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "role": { + "description": "You can assume a role before making calls to the\ndesired AWS service.", + "type": "string" + } + }, + "required": [ + "region" + ], + "type": "object", + "additionalProperties": false + }, + "uuidSpec": { + "description": "UUIDSpec controls the behavior of the uuid generator.", + "type": "object" + }, + "vaultDynamicSecretSpec": { + "properties": { + "allowEmptyResponse": { + "default": false, + "description": "Do not fail if no secrets are found. Useful for requests where no data is expected.", + "type": "boolean" + }, + "controller": { + "description": "Used to select the correct ESO controller (think: ingress.ingressClassName)\nThe ESO controller is instantiated with a specific controller name and filters VDS based on this property", + "type": "string" + }, + "method": { + "description": "Vault API method to use (GET/POST/other)", + "type": "string" + }, + "parameters": { + "description": "Parameters to pass to Vault write (for non-GET methods)", + "x-kubernetes-preserve-unknown-fields": true + }, + "path": { + "description": "Vault path to obtain the dynamic secret from", + "type": "string" + }, + "provider": { + "description": "Vault provider common spec", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with the Vault server.", + "properties": { + "appRole": { + "description": "AppRole authenticates with Vault using the App Role auth mechanism,\nwith the role and secret stored in a Kubernetes Secret resource.", + "properties": { + "path": { + "default": "approle", + "description": "Path where the App Role authentication backend is mounted\nin Vault, e.g: \"approle\"", + "type": "string" + }, + "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting\nup the authentication backend in Vault.", + "type": "string" + }, + "roleRef": { + "description": "Reference to a key in a Secret that contains the App Role ID used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role id.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path", + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "cert": { + "description": "Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate\nCert authentication method", + "properties": { + "clientCert": { + "description": "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "iam": { + "description": "Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials\nAWS IAM authentication method", + "properties": { + "externalID": { + "description": "AWS External ID set on assumed IAM roles", + "type": "string" + }, + "jwt": { + "description": "Specify a service account with IRSA enabled", + "properties": { + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "path": { + "description": "Path where the AWS auth method is enabled in Vault, e.g: \"aws\"", + "type": "string" + }, + "region": { + "description": "AWS region", + "type": "string" + }, + "role": { + "description": "This is the AWS role to be assumed before talking to vault", + "type": "string" + }, + "secretRef": { + "description": "Specify credentials in a Secret object", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionTokenSecretRef": { + "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "vaultAwsIamServerID": { + "description": "X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws", + "type": "string" + }, + "vaultRole": { + "description": "Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine", + "type": "string" + } + }, + "required": [ + "vaultRole" + ], + "type": "object", + "additionalProperties": false + }, + "jwt": { + "description": "Jwt authenticates with Vault by passing role and JWT token using the\nJWT/OIDC authentication method", + "properties": { + "kubernetesServiceAccountToken": { + "description": "Optional ServiceAccountToken specifies the Kubernetes service account for which to request\na token for with the `TokenRequest` API.", + "properties": { + "audiences": { + "description": "Optional audiences field that will be used to request a temporary Kubernetes service\naccount token for the service account referenced by `serviceAccountRef`.\nDefaults to a single audience `vault` it not specified.\nDeprecated: use serviceAccountRef.Audiences instead", + "items": { + "type": "string" + }, + "type": "array" + }, + "expirationSeconds": { + "description": "Optional expiration time in seconds that will be used to request a temporary\nKubernetes service account token for the service account referenced by\n`serviceAccountRef`.\nDeprecated: this will be removed in the future.\nDefaults to 10 minutes.", + "format": "int64", + "type": "integer" + }, + "serviceAccountRef": { + "description": "Service account field containing the name of a kubernetes ServiceAccount.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object", + "additionalProperties": false + }, + "path": { + "default": "jwt", + "description": "Path where the JWT authentication backend is mounted\nin Vault, e.g: \"jwt\"", + "type": "string" + }, + "role": { + "description": "Role is a JWT role to authenticate using the JWT/OIDC Vault\nauthentication method", + "type": "string" + }, + "secretRef": { + "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount\ntoken stored in the named Secret resource to the Vault server.", + "properties": { + "mountPath": { + "default": "kubernetes", + "description": "Path where the Kubernetes authentication backend is mounted in Vault, e.g:\n\"kubernetes\"", + "type": "string" + }, + "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a\nKubernetes ServiceAccount with a set of Vault policies.", + "type": "string" + }, + "secretRef": { + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Optional service account field containing the name of a kubernetes ServiceAccount.\nIf the service account is specified, the service account secret token JWT will be used\nfor authenticating with Vault. If the service account selector is not supplied,\nthe secretRef will be used instead.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "mountPath", + "role" + ], + "type": "object", + "additionalProperties": false + }, + "ldap": { + "description": "Ldap authenticates with Vault by passing username/password pair using\nthe LDAP authentication method", + "properties": { + "path": { + "default": "ldap", + "description": "Path where the LDAP authentication backend is mounted\nin Vault, e.g: \"ldap\"", + "type": "string" + }, + "secretRef": { + "description": "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "Username is an LDAP username used to authenticate using the LDAP Vault\nauthentication method", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "namespace": { + "description": "Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in.\nNamespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces\nThis will default to Vault.Namespace field if set, or empty otherwise", + "type": "string" + }, + "tokenSecretRef": { + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "userPass": { + "description": "UserPass authenticates with Vault by passing username/password pair", + "properties": { + "path": { + "default": "userpass", + "description": "Path where the UserPassword authentication backend is mounted\nin Vault, e.g: \"userpass\"", + "type": "string" + }, + "secretRef": { + "description": "SecretRef to a key in a Secret resource containing password for the\nuser used to authenticate with Vault using the UserPass authentication\nmethod", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "Username is a username used to authenticate using the UserPass Vault\nauthentication method", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate Vault server certificate. Only used\nif the Server URL is using HTTPS protocol. This parameter is ignored for\nplain HTTP protocol connection. If not set the system root certificates\nare used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate Vault server certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "forwardInconsistent": { + "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault\nleader instead of simply retrying within a loop. This can increase performance if\nthe option is enabled serverside.\nhttps://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers to be added in Vault request", + "type": "object" + }, + "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", + "type": "string" + }, + "path": { + "description": "Path is the mount path of the Vault KV backend endpoint, e.g:\n\"secret\". The v2 KV secret engine version specific \"/data\" path suffix\nfor fetching secrets from Vault is optional and will be appended\nif not present in specified path.", + "type": "string" + }, + "readYourWrites": { + "description": "ReadYourWrites ensures isolated read-after-write semantics by\nproviding discovered cluster replication states in each request.\nMore information about eventual consistency in Vault can be found here\nhttps://www.vaultproject.io/docs/enterprise/consistency", + "type": "boolean" + }, + "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", + "type": "string" + }, + "tls": { + "description": "The configuration used for client side related TLS communication, when the Vault server\nrequires mutual authentication. Only used if the Server URL is using HTTPS protocol.\nThis parameter is ignored for plain HTTP protocol connection.\nIt's worth noting this configuration is different from the \"TLS certificates auth method\",\nwhich is available under the `auth.cert` section.", + "properties": { + "certSecretRef": { + "description": "CertSecretRef is a certificate added to the transport layer\nwhen communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.crt'.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "keySecretRef": { + "description": "KeySecretRef to a key in a Secret resource containing client private key\nadded to the transport layer when communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.key'.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "version": { + "default": "v2", + "description": "Version is the Vault KV secret engine version. This can be either \"v1\" or\n\"v2\". Version defaults to \"v2\".", + "enum": [ + "v1", + "v2" + ], + "type": "string" + } + }, + "required": [ + "server" + ], + "type": "object", + "additionalProperties": false + }, + "resultType": { + "default": "Data", + "description": "Result type defines which data is returned from the generator.\nBy default it is the \"data\" section of the Vault API response.\nWhen using e.g. /auth/token/create the \"data\" section is empty but\nthe \"auth\" section contains the generated token.\nPlease refer to the vault docs regarding the result data structure.\nAdditionally, accessing the raw response is possibly by using \"Raw\" result type.", + "enum": [ + "Data", + "Auth", + "Raw" + ], + "type": "string" + }, + "retrySettings": { + "description": "Used to configure http retries if failed", + "properties": { + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "retryInterval": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path", + "provider" + ], + "type": "object", + "additionalProperties": false + }, + "webhookSpec": { + "description": "WebhookSpec controls the behavior of the external generator. Any body parameters should be passed to the server through the parameters field.", + "properties": { + "auth": { + "description": "Auth specifies a authorization protocol. Only one protocol may be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "ntlm": { + "description": "NTLMProtocol configures the store to use NTLM for auth", + "properties": { + "passwordSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "usernameSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "passwordSecret", + "usernameSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "body": { + "description": "Body", + "type": "string" + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate webhook server certificate. Only used\nif the Server URL is using HTTPS protocol. This parameter is ignored for\nplain HTTP protocol connection. If not set the system root certificates\nare used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate webhook server certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers", + "type": "object" + }, + "method": { + "description": "Webhook Method", + "type": "string" + }, + "result": { + "description": "Result formatting", + "properties": { + "jsonPath": { + "description": "Json path of return value", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secrets": { + "description": "Secrets to fill in templates\nThese secrets will be passed to the templating function as key value pairs under the given name", + "items": { + "properties": { + "name": { + "description": "Name of this secret in templates", + "type": "string" + }, + "secretRef": { + "description": "Secret ref to fill in credentials", + "properties": { + "key": { + "description": "The key where the token is found.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name", + "secretRef" + ], + "type": "object" + }, + "type": "array" + }, + "timeout": { + "description": "Timeout", + "type": "string" + }, + "url": { + "description": "Webhook url to call", + "type": "string" + } + }, + "required": [ + "result", + "url" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "kind": { + "description": "Kind the kind of this generator.", + "enum": [ + "ACRAccessToken", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], + "type": "string" + } + }, + "required": [ + "generator", + "kind" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/master-standalone-strict/clusterpushsecret-external-secrets-v1alpha1.json b/master-standalone-strict/clusterpushsecret-external-secrets-v1alpha1.json new file mode 100644 index 0000000..c489a13 --- /dev/null +++ b/master-standalone-strict/clusterpushsecret-external-secrets-v1alpha1.json @@ -0,0 +1,596 @@ +{ + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "namespaceSelectors": { + "description": "A list of labels to select by to find the Namespaces to create the ExternalSecrets in. The selectors are ORed.", + "items": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and\nmatchExpressions are ANDed. An empty label selector matches all objects. A null\nlabel selector matches no objects.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "pushSecretMetadata": { + "description": "The metadata of the external secrets to be created", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "pushSecretName": { + "description": "The name of the push secrets to be created.\nDefaults to the name of the ClusterPushSecret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "pushSecretSpec": { + "description": "PushSecretSpec defines what to do with the secrets.", + "properties": { + "data": { + "description": "Secret Data that should be pushed to providers", + "items": { + "properties": { + "conversionStrategy": { + "default": "None", + "description": "Used to define a conversion Strategy for the secret keys", + "enum": [ + "None", + "ReverseUnicode" + ], + "type": "string" + }, + "match": { + "description": "Match a given Secret Key to be pushed to the provider.", + "properties": { + "remoteRef": { + "description": "Remote Refs to push to providers.", + "properties": { + "property": { + "description": "Name of the property in the resulting secret", + "type": "string" + }, + "remoteKey": { + "description": "Name of the resulting provider secret.", + "type": "string" + } + }, + "required": [ + "remoteKey" + ], + "type": "object" + }, + "secretKey": { + "description": "Secret Key to be pushed", + "type": "string" + } + }, + "required": [ + "remoteRef" + ], + "type": "object" + }, + "metadata": { + "description": "Metadata is metadata attached to the secret.\nThe structure of metadata is provider specific, please look it up in the provider documentation.", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "required": [ + "match" + ], + "type": "object" + }, + "type": "array" + }, + "deletionPolicy": { + "default": "None", + "description": "Deletion Policy to handle Secrets in the provider.", + "enum": [ + "Delete", + "None" + ], + "type": "string" + }, + "refreshInterval": { + "default": "1h", + "description": "The Interval to which External Secrets will try to push a secret definition", + "type": "string" + }, + "secretStoreRefs": { + "items": { + "properties": { + "kind": { + "default": "SecretStore", + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "labelSelector": { + "description": "Optionally, sync to secret stores with label selector", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "description": "Optionally, sync to the SecretStore of the given name", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "selector": { + "description": "The Secret Selector (k8s source) for the Push Secret", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "generatorRef": { + "description": "Point to a generator to create a Secret.", + "properties": { + "apiVersion": { + "default": "generators.external-secrets.io/v1alpha1", + "description": "Specify the apiVersion of the generator resource", + "type": "string" + }, + "kind": { + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], + "type": "string" + }, + "name": { + "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "secret": { + "description": "Select a Secret to Push.", + "properties": { + "name": { + "description": "Name of the Secret.\nThe Secret must exist in the same namespace as the PushSecret manifest.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "selector": { + "description": "Selector chooses secrets using a labelSelector.", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "template": { + "description": "Template defines a blueprint for the created Secret resource.", + "properties": { + "data": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "default": "v2", + "description": "EngineVersion specifies the template engine version\nthat should be used to compile/execute the\ntemplate specified in .data and .templateFrom[].", + "enum": [ + "v2" + ], + "type": "string" + }, + "mergePolicy": { + "default": "Replace", + "enum": [ + "Replace", + "Merge" + ], + "type": "string" + }, + "metadata": { + "description": "ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "templateFrom": { + "items": { + "properties": { + "configMap": { + "properties": { + "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", + "items": { + "properties": { + "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "templateAs": { + "default": "Values", + "enum": [ + "Values", + "KeysAndValues" + ], + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "items", + "name" + ], + "type": "object" + }, + "literal": { + "type": "string" + }, + "secret": { + "properties": { + "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", + "items": { + "properties": { + "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "templateAs": { + "default": "Values", + "enum": [ + "Values", + "KeysAndValues" + ], + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "items", + "name" + ], + "type": "object" + }, + "target": { + "default": "Data", + "enum": [ + "Data", + "Annotations", + "Labels" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "updatePolicy": { + "default": "Replace", + "description": "UpdatePolicy to handle Secrets in the provider.", + "enum": [ + "Replace", + "IfNotExists" + ], + "type": "string" + } + }, + "required": [ + "secretStoreRefs", + "selector" + ], + "type": "object", + "additionalProperties": false + }, + "refreshTime": { + "description": "The time in which the controller should reconcile its objects and recheck namespaces for labels.", + "type": "string" + } + }, + "required": [ + "pushSecretSpec" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "items": { + "description": "PushSecretStatusCondition indicates the status of the PushSecret.", + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "description": "PushSecretConditionType indicates the condition of the PushSecret.", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "failedNamespaces": { + "description": "Failed namespaces are the namespaces that failed to apply an PushSecret", + "items": { + "description": "ClusterPushSecretNamespaceFailure represents a failed namespace deployment and it's reason.", + "properties": { + "namespace": { + "description": "Namespace is the namespace that failed when trying to apply an PushSecret", + "type": "string" + }, + "reason": { + "description": "Reason is why the PushSecret failed to apply to the namespace", + "type": "string" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "type": "array" + }, + "provisionedNamespaces": { + "description": "ProvisionedNamespaces are the namespaces where the ClusterPushSecret has secrets", + "items": { + "type": "string" + }, + "type": "array" + }, + "pushSecretName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/clustersecretstore-external-secrets-v1.json b/master-standalone-strict/clustersecretstore-external-secrets-v1.json new file mode 100644 index 0000000..d7da80f --- /dev/null +++ b/master-standalone-strict/clustersecretstore-external-secrets-v1.json @@ -0,0 +1,4748 @@ +{ + "description": "ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of `storeRef` fields.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "SecretStoreSpec defines the desired state of SecretStore.", + "properties": { + "conditions": { + "description": "Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore", + "items": { + "description": "ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in\nfor a ClusterSecretStore instance.", + "properties": { + "namespaceRegexes": { + "description": "Choose namespaces by using regex matching", + "items": { + "type": "string" + }, + "type": "array" + }, + "namespaceSelector": { + "description": "Choose namespace using a labelSelector", + "properties": { + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "items": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "description": "Choose namespaces by name", + "items": { + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "controller": { + "description": "Used to select the correct ESO controller (think: ingress.ingressClassName)\nThe ESO controller is instantiated with a specific controller name and filters ES based on this property", + "type": "string" + }, + "provider": { + "description": "Used to configure the provider. Only one provider may be set", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "akeyless": { + "description": "Akeyless configures this store to sync secrets using Akeyless Vault provider", + "properties": { + "akeylessGWApiURL": { + "description": "Akeyless GW API Url from which the secrets to be fetched from.", + "type": "string" + }, + "authSecretRef": { + "description": "Auth configures how the operator authenticates with Akeyless.", + "properties": { + "kubernetesAuth": { + "description": "Kubernetes authenticates with Akeyless by passing the ServiceAccount\ntoken stored in the named Secret resource.", + "properties": { + "accessID": { + "description": "the Akeyless Kubernetes auth-method access-id", + "type": "string" + }, + "k8sConfName": { + "description": "Kubernetes-auth configuration name in Akeyless-Gateway", + "type": "string" + }, + "secretRef": { + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Akeyless. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Optional service account field containing the name of a kubernetes ServiceAccount.\nIf the service account is specified, the service account secret token JWT will be used\nfor authenticating with Akeyless. If the service account selector is not supplied,\nthe secretRef will be used instead.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessID", + "k8sConfName" + ], + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "Reference to a Secret that contains the details\nto authenticate with Akeyless.", + "properties": { + "accessID": { + "description": "The SecretAccessID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "accessType": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "accessTypeParam": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "caBundle": { + "description": "PEM/base64 encoded CA bundle used to validate Akeyless Gateway certificate. Only used\nif the AkeylessGWApiURL URL is using HTTPS protocol. If not set the system root certificates\nare used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate Akeyless Gateway certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "akeylessGWApiURL", + "authSecretRef" + ], + "type": "object", + "additionalProperties": false + }, + "alibaba": { + "description": "Alibaba configures this store to sync secrets using Alibaba Cloud provider", + "properties": { + "auth": { + "description": "AlibabaAuth contains a secretRef for credentials.", + "properties": { + "rrsa": { + "description": "Authenticate against Alibaba using RRSA.", + "properties": { + "oidcProviderArn": { + "type": "string" + }, + "oidcTokenFilePath": { + "type": "string" + }, + "roleArn": { + "type": "string" + }, + "sessionName": { + "type": "string" + } + }, + "required": [ + "oidcProviderArn", + "oidcTokenFilePath", + "roleArn", + "sessionName" + ], + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "AlibabaAuthSecretRef holds secret references for Alibaba credentials.", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "accessKeySecretSecretRef": { + "description": "The AccessKeySecret is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "regionID": { + "description": "Alibaba Region to be used for the provider", + "type": "string" + } + }, + "required": [ + "auth", + "regionID" + ], + "type": "object", + "additionalProperties": false + }, + "aws": { + "description": "AWS configures this store to sync secrets using AWS Secret Manager provider", + "properties": { + "additionalRoles": { + "description": "AdditionalRoles is a chained list of Role ARNs which the provider will sequentially assume before assuming the Role", + "items": { + "type": "string" + }, + "type": "array" + }, + "auth": { + "description": "Auth defines the information necessary to authenticate against AWS\nif not set aws sdk will infer credentials from your environment\nsee: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials", + "properties": { + "jwt": { + "description": "Authenticate against AWS using service account tokens.", + "properties": { + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "AWSAuthSecretRef holds secret references for AWS credentials\nboth AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionTokenSecretRef": { + "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "externalID": { + "description": "AWS External ID set on assumed IAM roles", + "type": "string" + }, + "prefix": { + "description": "Prefix adds a prefix to all retrieved values.", + "type": "string" + }, + "region": { + "description": "AWS Region to be used for the provider", + "type": "string" + }, + "role": { + "description": "Role is a Role ARN which the provider will assume", + "type": "string" + }, + "secretsManager": { + "description": "SecretsManager defines how the provider behaves when interacting with AWS SecretsManager", + "properties": { + "forceDeleteWithoutRecovery": { + "description": "Specifies whether to delete the secret without any recovery window. You\ncan't use both this parameter and RecoveryWindowInDays in the same call.\nIf you don't use either, then by default Secrets Manager uses a 30 day\nrecovery window.\nsee: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-ForceDeleteWithoutRecovery", + "type": "boolean" + }, + "recoveryWindowInDays": { + "description": "The number of days from 7 to 30 that Secrets Manager waits before\npermanently deleting the secret. You can't use both this parameter and\nForceDeleteWithoutRecovery in the same call. If you don't use either,\nthen by default Secrets Manager uses a 30 day recovery window.\nsee: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html#SecretsManager-DeleteSecret-request-RecoveryWindowInDays", + "format": "int64", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "service": { + "description": "Service defines which service should be used to fetch the secrets", + "enum": [ + "SecretsManager", + "ParameterStore" + ], + "type": "string" + }, + "sessionTags": { + "description": "AWS STS assume role session tags", + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "transitiveTagKeys": { + "description": "AWS STS assume role transitive session tags. Required when multiple rules are used with the provider", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "region", + "service" + ], + "type": "object", + "additionalProperties": false + }, + "azurekv": { + "description": "AzureKV configures this store to sync secrets using Azure Key Vault provider", + "properties": { + "authSecretRef": { + "description": "Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.", + "properties": { + "clientCertificate": { + "description": "The Azure ClientCertificate of the service principle used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientId": { + "description": "The Azure clientId of the service principle or managed identity used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "The Azure ClientSecret of the service principle used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tenantId": { + "description": "The Azure tenantId of the managed identity used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "authType": { + "default": "ServicePrincipal", + "description": "Auth type defines how to authenticate to the keyvault service.\nValid values are:\n- \"ServicePrincipal\" (default): Using a service principal (tenantId, clientId, clientSecret)\n- \"ManagedIdentity\": Using Managed Identity assigned to the pod (see aad-pod-identity)", + "enum": [ + "ServicePrincipal", + "ManagedIdentity", + "WorkloadIdentity" + ], + "type": "string" + }, + "environmentType": { + "default": "PublicCloud", + "description": "EnvironmentType specifies the Azure cloud environment endpoints to use for\nconnecting and authenticating with Azure. By default it points to the public cloud AAD endpoint.\nThe following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152\nPublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud", + "enum": [ + "PublicCloud", + "USGovernmentCloud", + "ChinaCloud", + "GermanCloud" + ], + "type": "string" + }, + "identityId": { + "description": "If multiple Managed Identity is assigned to the pod, you can select the one to be used", + "type": "string" + }, + "serviceAccountRef": { + "description": "ServiceAccountRef specified the service account\nthat should be used when authenticating with WorkloadIdentity.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "tenantId": { + "description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.", + "type": "string" + }, + "vaultUrl": { + "description": "Vault Url from which the secrets to be fetched from.", + "type": "string" + } + }, + "required": [ + "vaultUrl" + ], + "type": "object", + "additionalProperties": false + }, + "beyondtrust": { + "description": "Beyondtrust configures this store to sync secrets using Password Safe provider.", + "properties": { + "auth": { + "description": "Auth configures how the operator authenticates with Beyondtrust.", + "properties": { + "apiKey": { + "description": "APIKey If not provided then ClientID/ClientSecret become required.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificate": { + "description": "Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateKey": { + "description": "Certificate private key (key.pem). For use when authenticating with an OAuth client Id", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientId": { + "description": "ClientID is the API OAuth Client ID.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "ClientSecret is the API OAuth Client Secret.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "server": { + "description": "Auth configures how API server works.", + "properties": { + "apiUrl": { + "type": "string" + }, + "apiVersion": { + "type": "string" + }, + "clientTimeOutSeconds": { + "description": "Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.", + "type": "integer" + }, + "retrievalType": { + "description": "The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system.", + "type": "string" + }, + "separator": { + "description": "A character that separates the folder names.", + "type": "string" + }, + "verifyCA": { + "type": "boolean" + } + }, + "required": [ + "apiUrl", + "verifyCA" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "server" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardensecretsmanager": { + "description": "BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider", + "properties": { + "apiURL": { + "type": "string" + }, + "auth": { + "description": "Auth configures how secret-manager authenticates with a bitwarden machine account instance.\nMake sure that the token being used has permissions on the given secret.", + "properties": { + "secretRef": { + "description": "BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.", + "properties": { + "credentials": { + "description": "AccessToken used for the bitwarden instance.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "credentials" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardenServerSDKURL": { + "type": "string" + }, + "caBundle": { + "description": "Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack\ncan be performed.", + "type": "string" + }, + "caProvider": { + "description": "see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "identityURL": { + "type": "string" + }, + "organizationID": { + "description": "OrganizationID determines which organization this secret store manages.", + "type": "string" + }, + "projectID": { + "description": "ProjectID determines which project this secret store manages.", + "type": "string" + } + }, + "required": [ + "auth", + "organizationID", + "projectID" + ], + "type": "object", + "additionalProperties": false + }, + "chef": { + "description": "Chef configures this store to sync secrets with chef server", + "properties": { + "auth": { + "description": "Auth defines the information necessary to authenticate against chef Server", + "properties": { + "secretRef": { + "description": "ChefAuthSecretRef holds secret references for chef server login credentials.", + "properties": { + "privateKeySecretRef": { + "description": "SecretKey is the Signing Key in PEM format, used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "privateKeySecretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "serverUrl": { + "description": "ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a \"/\"", + "type": "string" + }, + "username": { + "description": "UserName should be the user ID on the chef server", + "type": "string" + } + }, + "required": [ + "auth", + "serverUrl", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "cloudrusm": { + "description": "CloudruSM configures this store to sync secrets using the Cloud.ru Secret Manager provider", + "properties": { + "auth": { + "description": "CSMAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "description": "CSMAuthSecretRef holds secret references for Cloud.ru credentials.", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "accessKeySecretSecretRef": { + "description": "The AccessKeySecret is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "projectID": { + "description": "ProjectID is the project, which the secrets are stored in.", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, + "conjur": { + "description": "Conjur configures this store to sync secrets using conjur provider", + "properties": { + "auth": { + "description": "Defines authentication settings for connecting to Conjur.", + "properties": { + "apikey": { + "description": "Authenticates with Conjur using an API key.", + "properties": { + "account": { + "description": "Account is the Conjur organization account name.", + "type": "string" + }, + "apiKeyRef": { + "description": "A reference to a specific 'key' containing the Conjur API key\nwithin a Secret resource. In some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "userRef": { + "description": "A reference to a specific 'key' containing the Conjur username\nwithin a Secret resource. In some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "account", + "apiKeyRef", + "userRef" + ], + "type": "object", + "additionalProperties": false + }, + "jwt": { + "description": "Jwt enables JWT authentication using Kubernetes service account tokens.", + "properties": { + "account": { + "description": "Account is the Conjur organization account name.", + "type": "string" + }, + "hostId": { + "description": "Optional HostID for JWT authentication. This may be used depending\non how the Conjur JWT authenticator policy is configured.", + "type": "string" + }, + "secretRef": { + "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Conjur using the JWT authentication method.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Optional ServiceAccountRef specifies the Kubernetes service account for which to request\na token for with the `TokenRequest` API.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "serviceID": { + "description": "The conjur authn jwt webservice id", + "type": "string" + } + }, + "required": [ + "account", + "serviceID" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "caBundle": { + "description": "CABundle is a PEM encoded CA bundle that will be used to validate the Conjur server certificate.", + "type": "string" + }, + "caProvider": { + "description": "Used to provide custom certificate authority (CA) certificates\nfor a secret store. The CAProvider points to a Secret or ConfigMap resource\nthat contains a PEM-encoded certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "url": { + "description": "URL is the endpoint of the Conjur instance.", + "type": "string" + } + }, + "required": [ + "auth", + "url" + ], + "type": "object", + "additionalProperties": false + }, + "delinea": { + "description": "Delinea DevOps Secrets Vault\nhttps://docs.delinea.com/online-help/products/devops-secrets-vault/current", + "properties": { + "clientId": { + "description": "ClientID is the non-secret part of the credential.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "ClientSecret is the secret part of the credential.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tenant": { + "description": "Tenant is the chosen hostname / site name.", + "type": "string" + }, + "tld": { + "description": "TLD is based on the server location that was chosen during provisioning.\nIf unset, defaults to \"com\".", + "type": "string" + }, + "urlTemplate": { + "description": "URLTemplate\nIf unset, defaults to \"https://%s.secretsvaultcloud.%s/v1/%s%s\".", + "type": "string" + } + }, + "required": [ + "clientId", + "clientSecret", + "tenant" + ], + "type": "object", + "additionalProperties": false + }, + "device42": { + "description": "Device42 configures this store to sync secrets using the Device42 provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Device42 instance.", + "properties": { + "secretRef": { + "properties": { + "credentials": { + "description": "Username / Password is used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "host": { + "description": "URL configures the Device42 instance URL.", + "type": "string" + } + }, + "required": [ + "auth", + "host" + ], + "type": "object", + "additionalProperties": false + }, + "doppler": { + "description": "Doppler configures this store to sync secrets using the Doppler provider", + "properties": { + "auth": { + "description": "Auth configures how the Operator authenticates with the Doppler API", + "properties": { + "secretRef": { + "properties": { + "dopplerToken": { + "description": "The DopplerToken is used for authentication.\nSee https://docs.doppler.com/reference/api#authentication for auth token types.\nThe Key attribute defaults to dopplerToken if not specified.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "dopplerToken" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "config": { + "description": "Doppler config (required if not using a Service Token)", + "type": "string" + }, + "format": { + "description": "Format enables the downloading of secrets as a file (string)", + "enum": [ + "json", + "dotnet-json", + "env", + "yaml", + "docker" + ], + "type": "string" + }, + "nameTransformer": { + "description": "Environment variable compatible name transforms that change secret names to a different format", + "enum": [ + "upper-camel", + "camel", + "lower-snake", + "tf-var", + "dotnet-env", + "lower-kebab" + ], + "type": "string" + }, + "project": { + "description": "Doppler project (required if not using a Service Token)", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, + "fake": { + "description": "Fake configures a store with static key/value pairs", + "properties": { + "data": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "fortanix": { + "description": "Fortanix configures this store to sync secrets using the Fortanix provider", + "properties": { + "apiKey": { + "description": "APIKey is the API token to access SDKMS Applications.", + "properties": { + "secretRef": { + "description": "SecretRef is a reference to a secret containing the SDKMS API Key.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "apiUrl": { + "description": "APIURL is the URL of SDKMS API. Defaults to `sdkms.fortanix.com`.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "gcpsm": { + "description": "GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider", + "properties": { + "auth": { + "description": "Auth defines the information necessary to authenticate against GCP", + "properties": { + "secretRef": { + "properties": { + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "workloadIdentity": { + "properties": { + "clusterLocation": { + "description": "ClusterLocation is the location of the cluster\nIf not specified, it fetches information from the metadata server", + "type": "string" + }, + "clusterName": { + "description": "ClusterName is the name of the cluster\nIf not specified, it fetches information from the metadata server", + "type": "string" + }, + "clusterProjectID": { + "description": "ClusterProjectID is the project ID of the cluster\nIf not specified, it fetches information from the metadata server", + "type": "string" + }, + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "location": { + "description": "Location optionally defines a location for a secret", + "type": "string" + }, + "projectID": { + "description": "ProjectID project where secret is located", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "github": { + "description": "Github configures this store to push Github Action secrets using Github API provider", + "properties": { + "appID": { + "description": "appID specifies the Github APP that will be used to authenticate the client", + "format": "int64", + "type": "integer" + }, + "auth": { + "description": "auth configures how secret-manager authenticates with a Github instance.", + "properties": { + "privateKey": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "privateKey" + ], + "type": "object", + "additionalProperties": false + }, + "environment": { + "description": "environment will be used to fetch secrets from a particular environment within a github repository", + "type": "string" + }, + "installationID": { + "description": "installationID specifies the Github APP installation that will be used to authenticate the client", + "format": "int64", + "type": "integer" + }, + "organization": { + "description": "organization will be used to fetch secrets from the Github organization", + "type": "string" + }, + "repository": { + "description": "repository will be used to fetch secrets from the Github repository within an organization", + "type": "string" + }, + "uploadURL": { + "description": "Upload URL for enterprise instances. Default to URL.", + "type": "string" + }, + "url": { + "default": "https://github.com/", + "description": "URL configures the Github instance URL. Defaults to https://github.com/.", + "type": "string" + } + }, + "required": [ + "appID", + "auth", + "installationID", + "organization" + ], + "type": "object", + "additionalProperties": false + }, + "gitlab": { + "description": "GitLab configures this store to sync secrets using GitLab Variables provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a GitLab instance.", + "properties": { + "SecretRef": { + "properties": { + "accessToken": { + "description": "AccessToken is used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "SecretRef" + ], + "type": "object", + "additionalProperties": false + }, + "environment": { + "description": "Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)", + "type": "string" + }, + "groupIDs": { + "description": "GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.", + "items": { + "type": "string" + }, + "type": "array" + }, + "inheritFromGroups": { + "description": "InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID specifies a project where secrets are located.", + "type": "string" + }, + "url": { + "description": "URL configures the GitLab instance URL. Defaults to https://gitlab.com/.", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, + "ibm": { + "description": "IBM configures this store to sync secrets using IBM Cloud provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with the IBM secrets manager.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "containerAuth": { + "description": "IBM Container-based auth with IAM Trusted Profile.", + "properties": { + "iamEndpoint": { + "type": "string" + }, + "profile": { + "description": "the IBM Trusted Profile", + "type": "string" + }, + "tokenLocation": { + "description": "Location the token is mounted on the pod", + "type": "string" + } + }, + "required": [ + "profile" + ], + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "properties": { + "secretApiKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceUrl": { + "description": "ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, + "infisical": { + "description": "Infisical configures this store to sync secrets using the Infisical provider", + "properties": { + "auth": { + "description": "Auth configures how the Operator authenticates with the Infisical API", + "properties": { + "universalAuthCredentials": { + "properties": { + "clientId": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hostAPI": { + "default": "https://app.infisical.com/api", + "description": "HostAPI specifies the base URL of the Infisical API. If not provided, it defaults to \"https://app.infisical.com/api\".", + "type": "string" + }, + "secretsScope": { + "description": "SecretsScope defines the scope of the secrets within the workspace", + "properties": { + "environmentSlug": { + "description": "EnvironmentSlug is the required slug identifier for the environment.", + "type": "string" + }, + "expandSecretReferences": { + "default": true, + "description": "ExpandSecretReferences indicates whether secret references should be expanded. Defaults to true if not provided.", + "type": "boolean" + }, + "projectSlug": { + "description": "ProjectSlug is the required slug identifier for the project.", + "type": "string" + }, + "recursive": { + "default": false, + "description": "Recursive indicates whether the secrets should be fetched recursively. Defaults to false if not provided.", + "type": "boolean" + }, + "secretsPath": { + "default": "/", + "description": "SecretsPath specifies the path to the secrets within the workspace. Defaults to \"/\" if not provided.", + "type": "string" + } + }, + "required": [ + "environmentSlug", + "projectSlug" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "secretsScope" + ], + "type": "object", + "additionalProperties": false + }, + "keepersecurity": { + "description": "KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider", + "properties": { + "authRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "folderID": { + "type": "string" + } + }, + "required": [ + "authRef", + "folderID" + ], + "type": "object", + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes configures this store to sync secrets using a Kubernetes cluster provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Kubernetes instance.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "cert": { + "description": "has both clientCert and clientKey as secretKeySelector", + "properties": { + "clientCert": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientKey": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccount": { + "description": "points to a service account that should be used for authentication", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "token": { + "description": "use static token to authenticate with", + "properties": { + "bearerToken": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "authRef": { + "description": "A reference to a secret that contains the auth information.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "remoteNamespace": { + "default": "default", + "description": "Remote namespace to fetch the secrets from", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "server": { + "description": "configures the Kubernetes server Address.", + "properties": { + "caBundle": { + "description": "CABundle is a base64-encoded CA certificate", + "format": "byte", + "type": "string" + }, + "caProvider": { + "description": "see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "url": { + "default": "kubernetes.default", + "description": "configures the Kubernetes server Address.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "onboardbase": { + "description": "Onboardbase configures this store to sync secrets using the Onboardbase provider", + "properties": { + "apiHost": { + "default": "https://public.onboardbase.com/api/v1/", + "description": "APIHost use this to configure the host url for the API for selfhosted installation, default is https://public.onboardbase.com/api/v1/", + "type": "string" + }, + "auth": { + "description": "Auth configures how the Operator authenticates with the Onboardbase API", + "properties": { + "apiKeyRef": { + "description": "OnboardbaseAPIKey is the APIKey generated by an admin account.\nIt is used to recognize and authorize access to a project and environment within onboardbase", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "passcodeRef": { + "description": "OnboardbasePasscode is the passcode attached to the API Key", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "apiKeyRef", + "passcodeRef" + ], + "type": "object", + "additionalProperties": false + }, + "environment": { + "default": "development", + "description": "Environment is the name of an environmnent within a project to pull the secrets from", + "type": "string" + }, + "project": { + "default": "development", + "description": "Project is an onboardbase project that the secrets should be pulled from", + "type": "string" + } + }, + "required": [ + "apiHost", + "auth", + "environment", + "project" + ], + "type": "object", + "additionalProperties": false + }, + "onepassword": { + "description": "OnePassword configures this store to sync secrets using the 1Password Cloud provider", + "properties": { + "auth": { + "description": "Auth defines the information necessary to authenticate against OnePassword Connect Server", + "properties": { + "secretRef": { + "description": "OnePasswordAuthSecretRef holds secret references for 1Password credentials.", + "properties": { + "connectTokenSecretRef": { + "description": "The ConnectToken is used for authentication to a 1Password Connect Server.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "connectTokenSecretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "connectHost": { + "description": "ConnectHost defines the OnePassword Connect Server to connect to", + "type": "string" + }, + "vaults": { + "additionalProperties": { + "type": "integer" + }, + "description": "Vaults defines which OnePassword vaults to search in which order", + "type": "object" + } + }, + "required": [ + "auth", + "connectHost", + "vaults" + ], + "type": "object", + "additionalProperties": false + }, + "oracle": { + "description": "Oracle configures this store to sync secrets using Oracle Vault provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with the Oracle Vault.\nIf empty, use the instance principal, otherwise the user credentials specified in Auth.", + "properties": { + "secretRef": { + "description": "SecretRef to pass through sensitive information.", + "properties": { + "fingerprint": { + "description": "Fingerprint is the fingerprint of the API private key.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "privatekey": { + "description": "PrivateKey is the user's API Signing Key in PEM format, used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "fingerprint", + "privatekey" + ], + "type": "object", + "additionalProperties": false + }, + "tenancy": { + "description": "Tenancy is the tenancy OCID where user is located.", + "type": "string" + }, + "user": { + "description": "User is an access OCID specific to the account.", + "type": "string" + } + }, + "required": [ + "secretRef", + "tenancy", + "user" + ], + "type": "object", + "additionalProperties": false + }, + "compartment": { + "description": "Compartment is the vault compartment OCID.\nRequired for PushSecret", + "type": "string" + }, + "encryptionKey": { + "description": "EncryptionKey is the OCID of the encryption key within the vault.\nRequired for PushSecret", + "type": "string" + }, + "principalType": { + "description": "The type of principal to use for authentication. If left blank, the Auth struct will\ndetermine the principal type. This optional field must be specified if using\nworkload identity.", + "enum": [ + "", + "UserPrincipal", + "InstancePrincipal", + "Workload" + ], + "type": "string" + }, + "region": { + "description": "Region is the region where vault is located.", + "type": "string" + }, + "serviceAccountRef": { + "description": "ServiceAccountRef specified the service account\nthat should be used when authenticating with WorkloadIdentity.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "vault": { + "description": "Vault is the vault's OCID of the specific vault where secret is located.", + "type": "string" + } + }, + "required": [ + "region", + "vault" + ], + "type": "object", + "additionalProperties": false + }, + "passbolt": { + "properties": { + "auth": { + "description": "Auth defines the information necessary to authenticate against Passbolt Server", + "properties": { + "passwordSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "privateKeySecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "passwordSecretRef", + "privateKeySecretRef" + ], + "type": "object", + "additionalProperties": false + }, + "host": { + "description": "Host defines the Passbolt Server to connect to", + "type": "string" + } + }, + "required": [ + "auth", + "host" + ], + "type": "object", + "additionalProperties": false + }, + "passworddepot": { + "description": "Configures a store to sync secrets with a Password Depot instance.", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Password Depot instance.", + "properties": { + "secretRef": { + "properties": { + "credentials": { + "description": "Username / Password is used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "database": { + "description": "Database to use as source", + "type": "string" + }, + "host": { + "description": "URL configures the Password Depot instance URL.", + "type": "string" + } + }, + "required": [ + "auth", + "database", + "host" + ], + "type": "object", + "additionalProperties": false + }, + "previder": { + "description": "Previder configures this store to sync secrets using the Previder provider", + "properties": { + "auth": { + "description": "PreviderAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "description": "PreviderAuthSecretRef holds secret references for Previder Vault credentials.", + "properties": { + "accessToken": { + "description": "The AccessToken is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessToken" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "baseUri": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, + "pulumi": { + "description": "Pulumi configures this store to sync secrets using the Pulumi provider", + "properties": { + "accessToken": { + "description": "AccessToken is the access tokens to sign in to the Pulumi Cloud Console.", + "properties": { + "secretRef": { + "description": "SecretRef is a reference to a secret containing the Pulumi API token.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "apiUrl": { + "default": "https://api.pulumi.com/api/esc", + "description": "APIURL is the URL of the Pulumi API.", + "type": "string" + }, + "environment": { + "description": "Environment are YAML documents composed of static key-value pairs, programmatic expressions,\ndynamically retrieved values from supported providers including all major clouds,\nand other Pulumi ESC environments.\nTo create a new environment, visit https://www.pulumi.com/docs/esc/environments/ for more information.", + "type": "string" + }, + "organization": { + "description": "Organization are a space to collaborate on shared projects and stacks.\nTo create a new organization, visit https://app.pulumi.com/ and click \"New Organization\".", + "type": "string" + }, + "project": { + "description": "Project is the name of the Pulumi ESC project the environment belongs to.", + "type": "string" + } + }, + "required": [ + "accessToken", + "environment", + "organization", + "project" + ], + "type": "object", + "additionalProperties": false + }, + "scaleway": { + "description": "Scaleway", + "properties": { + "accessKey": { + "description": "AccessKey is the non-secret part of the api key.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "apiUrl": { + "description": "APIURL is the url of the api to use. Defaults to https://api.scaleway.com", + "type": "string" + }, + "projectId": { + "description": "ProjectID is the id of your project, which you can find in the console: https://console.scaleway.com/project/settings", + "type": "string" + }, + "region": { + "description": "Region where your secrets are located: https://developers.scaleway.com/en/quickstart/#region-and-zone", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the non-secret part of the api key.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessKey", + "projectId", + "region", + "secretKey" + ], + "type": "object", + "additionalProperties": false + }, + "secretserver": { + "description": "SecretServer configures this store to sync secrets using SecretServer provider\nhttps://docs.delinea.com/online-help/secret-server/start.htm", + "properties": { + "password": { + "description": "Password is the secret server account password.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serverURL": { + "description": "ServerURL\nURL to your secret server installation", + "type": "string" + }, + "username": { + "description": "Username is the secret server account username.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "password", + "serverURL", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "senhasegura": { + "description": "Senhasegura configures this store to sync secrets using senhasegura provider", + "properties": { + "auth": { + "description": "Auth defines parameters to authenticate in senhasegura", + "properties": { + "clientId": { + "type": "string" + }, + "clientSecretSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecretSecretRef" + ], + "type": "object", + "additionalProperties": false + }, + "ignoreSslCertificate": { + "default": false, + "description": "IgnoreSslCertificate defines if SSL certificate must be ignored", + "type": "boolean" + }, + "module": { + "description": "Module defines which senhasegura module should be used to get secrets", + "type": "string" + }, + "url": { + "description": "URL of senhasegura", + "type": "string" + } + }, + "required": [ + "auth", + "module", + "url" + ], + "type": "object", + "additionalProperties": false + }, + "vault": { + "description": "Vault configures this store to sync secrets using Hashi provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with the Vault server.", + "properties": { + "appRole": { + "description": "AppRole authenticates with Vault using the App Role auth mechanism,\nwith the role and secret stored in a Kubernetes Secret resource.", + "properties": { + "path": { + "default": "approle", + "description": "Path where the App Role authentication backend is mounted\nin Vault, e.g: \"approle\"", + "type": "string" + }, + "roleId": { + "description": "RoleID configured in the App Role authentication backend when setting\nup the authentication backend in Vault.", + "type": "string" + }, + "roleRef": { + "description": "Reference to a key in a Secret that contains the App Role ID used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role id.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path", + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "cert": { + "description": "Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate\nCert authentication method", + "properties": { + "clientCert": { + "description": "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretRef": { + "description": "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "iam": { + "description": "Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials\nAWS IAM authentication method", + "properties": { + "externalID": { + "description": "AWS External ID set on assumed IAM roles", + "type": "string" + }, + "jwt": { + "description": "Specify a service account with IRSA enabled", + "properties": { + "serviceAccountRef": { + "description": "A reference to a ServiceAccount resource.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "path": { + "description": "Path where the AWS auth method is enabled in Vault, e.g: \"aws\"", + "type": "string" + }, + "region": { + "description": "AWS region", + "type": "string" + }, + "role": { + "description": "This is the AWS role to be assumed before talking to vault", + "type": "string" + }, + "secretRef": { + "description": "Specify credentials in a Secret object", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretAccessKeySecretRef": { + "description": "The SecretAccessKey is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "sessionTokenSecretRef": { + "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "vaultAwsIamServerID": { + "description": "X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws", + "type": "string" + }, + "vaultRole": { + "description": "Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine", + "type": "string" + } + }, + "required": [ + "vaultRole" + ], + "type": "object", + "additionalProperties": false + }, + "jwt": { + "description": "Jwt authenticates with Vault by passing role and JWT token using the\nJWT/OIDC authentication method", + "properties": { + "kubernetesServiceAccountToken": { + "description": "Optional ServiceAccountToken specifies the Kubernetes service account for which to request\na token for with the `TokenRequest` API.", + "properties": { + "audiences": { + "description": "Optional audiences field that will be used to request a temporary Kubernetes service\naccount token for the service account referenced by `serviceAccountRef`.\nDefaults to a single audience `vault` it not specified.\nDeprecated: use serviceAccountRef.Audiences instead", + "items": { + "type": "string" + }, + "type": "array" + }, + "expirationSeconds": { + "description": "Optional expiration time in seconds that will be used to request a temporary\nKubernetes service account token for the service account referenced by\n`serviceAccountRef`.\nDeprecated: this will be removed in the future.\nDefaults to 10 minutes.", + "format": "int64", + "type": "integer" + }, + "serviceAccountRef": { + "description": "Service account field containing the name of a kubernetes ServiceAccount.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "serviceAccountRef" + ], + "type": "object", + "additionalProperties": false + }, + "path": { + "default": "jwt", + "description": "Path where the JWT authentication backend is mounted\nin Vault, e.g: \"jwt\"", + "type": "string" + }, + "role": { + "description": "Role is a JWT role to authenticate using the JWT/OIDC Vault\nauthentication method", + "type": "string" + }, + "secretRef": { + "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "kubernetes": { + "description": "Kubernetes authenticates with Vault by passing the ServiceAccount\ntoken stored in the named Secret resource to the Vault server.", + "properties": { + "mountPath": { + "default": "kubernetes", + "description": "Path where the Kubernetes authentication backend is mounted in Vault, e.g:\n\"kubernetes\"", + "type": "string" + }, + "role": { + "description": "A required field containing the Vault Role to assume. A Role binds a\nKubernetes ServiceAccount with a set of Vault policies.", + "type": "string" + }, + "secretRef": { + "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountRef": { + "description": "Optional service account field containing the name of a kubernetes ServiceAccount.\nIf the service account is specified, the service account secret token JWT will be used\nfor authenticating with Vault. If the service account selector is not supplied,\nthe secretRef will be used instead.", + "properties": { + "audiences": { + "description": "Audience specifies the `aud` claim for the service account token\nIf the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity\nthen this audiences will be appended to the list", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "mountPath", + "role" + ], + "type": "object", + "additionalProperties": false + }, + "ldap": { + "description": "Ldap authenticates with Vault by passing username/password pair using\nthe LDAP authentication method", + "properties": { + "path": { + "default": "ldap", + "description": "Path where the LDAP authentication backend is mounted\nin Vault, e.g: \"ldap\"", + "type": "string" + }, + "secretRef": { + "description": "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "Username is an LDAP username used to authenticate using the LDAP Vault\nauthentication method", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "namespace": { + "description": "Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in.\nNamespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces\nThis will default to Vault.Namespace field if set, or empty otherwise", + "type": "string" + }, + "tokenSecretRef": { + "description": "TokenSecretRef authenticates with Vault by presenting a token.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "userPass": { + "description": "UserPass authenticates with Vault by passing username/password pair", + "properties": { + "path": { + "default": "userpass", + "description": "Path where the UserPassword authentication backend is mounted\nin Vault, e.g: \"userpass\"", + "type": "string" + }, + "secretRef": { + "description": "SecretRef to a key in a Secret resource containing password for the\nuser used to authenticate with Vault using the UserPass authentication\nmethod", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "Username is a username used to authenticate using the UserPass Vault\nauthentication method", + "type": "string" + } + }, + "required": [ + "path", + "username" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate Vault server certificate. Only used\nif the Server URL is using HTTPS protocol. This parameter is ignored for\nplain HTTP protocol connection. If not set the system root certificates\nare used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate Vault server certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "forwardInconsistent": { + "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault\nleader instead of simply retrying within a loop. This can increase performance if\nthe option is enabled serverside.\nhttps://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", + "type": "boolean" + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers to be added in Vault request", + "type": "object" + }, + "namespace": { + "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", + "type": "string" + }, + "path": { + "description": "Path is the mount path of the Vault KV backend endpoint, e.g:\n\"secret\". The v2 KV secret engine version specific \"/data\" path suffix\nfor fetching secrets from Vault is optional and will be appended\nif not present in specified path.", + "type": "string" + }, + "readYourWrites": { + "description": "ReadYourWrites ensures isolated read-after-write semantics by\nproviding discovered cluster replication states in each request.\nMore information about eventual consistency in Vault can be found here\nhttps://www.vaultproject.io/docs/enterprise/consistency", + "type": "boolean" + }, + "server": { + "description": "Server is the connection address for the Vault server, e.g: \"https://vault.example.com:8200\".", + "type": "string" + }, + "tls": { + "description": "The configuration used for client side related TLS communication, when the Vault server\nrequires mutual authentication. Only used if the Server URL is using HTTPS protocol.\nThis parameter is ignored for plain HTTP protocol connection.\nIt's worth noting this configuration is different from the \"TLS certificates auth method\",\nwhich is available under the `auth.cert` section.", + "properties": { + "certSecretRef": { + "description": "CertSecretRef is a certificate added to the transport layer\nwhen communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.crt'.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "keySecretRef": { + "description": "KeySecretRef to a key in a Secret resource containing client private key\nadded to the transport layer when communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.key'.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "version": { + "default": "v2", + "description": "Version is the Vault KV secret engine version. This can be either \"v1\" or\n\"v2\". Version defaults to \"v2\".", + "enum": [ + "v1", + "v2" + ], + "type": "string" + } + }, + "required": [ + "server" + ], + "type": "object", + "additionalProperties": false + }, + "webhook": { + "description": "Webhook configures this store to sync secrets using a generic templated webhook", + "properties": { + "auth": { + "description": "Auth specifies a authorization protocol. Only one protocol may be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "ntlm": { + "description": "NTLMProtocol configures the store to use NTLM for auth", + "properties": { + "passwordSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "usernameSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "passwordSecret", + "usernameSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "body": { + "description": "Body", + "type": "string" + }, + "caBundle": { + "description": "PEM encoded CA bundle used to validate webhook server certificate. Only used\nif the Server URL is using HTTPS protocol. This parameter is ignored for\nplain HTTP protocol connection. If not set the system root certificates\nare used to validate the TLS connection.", + "format": "byte", + "type": "string" + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate webhook server certificate.", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers", + "type": "object" + }, + "method": { + "description": "Webhook Method", + "type": "string" + }, + "result": { + "description": "Result formatting", + "properties": { + "jsonPath": { + "description": "Json path of return value", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "secrets": { + "description": "Secrets to fill in templates\nThese secrets will be passed to the templating function as key value pairs under the given name", + "items": { + "properties": { + "name": { + "description": "Name of this secret in templates", + "type": "string" + }, + "secretRef": { + "description": "Secret ref to fill in credentials", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name", + "secretRef" + ], + "type": "object" + }, + "type": "array" + }, + "timeout": { + "description": "Timeout", + "type": "string" + }, + "url": { + "description": "Webhook url to call", + "type": "string" + } + }, + "required": [ + "result", + "url" + ], + "type": "object", + "additionalProperties": false + }, + "yandexcertificatemanager": { + "description": "YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider", + "properties": { + "apiEndpoint": { + "description": "Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')", + "type": "string" + }, + "auth": { + "description": "Auth defines the information necessary to authenticate against Yandex Certificate Manager", + "properties": { + "authorizedKeySecretRef": { + "description": "The authorized key used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate.", + "properties": { + "certSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, + "yandexlockbox": { + "description": "YandexLockbox configures this store to sync secrets using Yandex Lockbox provider", + "properties": { + "apiEndpoint": { + "description": "Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')", + "type": "string" + }, + "auth": { + "description": "Auth defines the information necessary to authenticate against Yandex Lockbox", + "properties": { + "authorizedKeySecretRef": { + "description": "The authorized key used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "caProvider": { + "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate.", + "properties": { + "certSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "refreshInterval": { + "description": "Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.", + "type": "integer" + }, + "retrySettings": { + "description": "Used to configure http retries if failed", + "properties": { + "maxRetries": { + "format": "int32", + "type": "integer" + }, + "retryInterval": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "provider" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "SecretStoreStatus defines the observed state of the SecretStore.", + "properties": { + "capabilities": { + "description": "SecretStoreCapabilities defines the possible operations a SecretStore can do.", + "type": "string" + }, + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/clustersecretstore-external-secrets-v1beta1.json b/master-standalone-strict/clustersecretstore-external-secrets-v1beta1.json index fc93ed5..d7da80f 100644 --- a/master-standalone-strict/clustersecretstore-external-secrets-v1beta1.json +++ b/master-standalone-strict/clustersecretstore-external-secrets-v1beta1.json @@ -20,6 +20,13 @@ "items": { "description": "ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in\nfor a ClusterSecretStore instance.", "properties": { + "namespaceRegexes": { + "description": "Choose namespaces by using regex matching", + "items": { + "type": "string" + }, + "type": "array" + }, "namespaceSelector": { "description": "Choose namespace using a labelSelector", "properties": { @@ -41,7 +48,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -50,7 +58,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { @@ -66,6 +75,9 @@ "namespaces": { "description": "Choose namespaces by name", "items": { + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": "array" @@ -109,15 +121,24 @@ "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Akeyless. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -136,10 +157,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -164,15 +191,24 @@ "description": "The SecretAccessID is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -180,18 +216,27 @@ "additionalProperties": false }, "accessType": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -199,18 +244,27 @@ "additionalProperties": false }, "accessTypeParam": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -235,14 +289,23 @@ "properties": { "key": { "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": { @@ -307,15 +370,24 @@ "description": "The AccessKeyID is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -326,15 +398,24 @@ "description": "The AccessKeySecret is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -393,10 +474,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -417,15 +504,24 @@ "description": "The AccessKeyID is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -436,15 +532,24 @@ "description": "The SecretAccessKey is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -455,15 +560,24 @@ "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -482,6 +596,10 @@ "description": "AWS External ID set on assumed IAM roles", "type": "string" }, + "prefix": { + "description": "Prefix adds a prefix to all retrieved values.", + "type": "string" + }, "region": { "description": "AWS Region to be used for the provider", "type": "string" @@ -552,21 +670,58 @@ "description": "AzureKV configures this store to sync secrets using Azure Key Vault provider", "properties": { "authSecretRef": { - "description": "Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.", + "description": "Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.", "properties": { + "clientCertificate": { + "description": "The Azure ClientCertificate of the service principle used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "clientId": { - "description": "The Azure clientId of the service principle used for authentication.", + "description": "The Azure clientId of the service principle or managed identity used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -577,15 +732,52 @@ "description": "The Azure ClientSecret of the service principle used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tenantId": { + "description": "The Azure tenantId of the managed identity used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -633,10 +825,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -646,17 +844,383 @@ "type": "object", "additionalProperties": false }, - "tenantId": { - "description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.", + "tenantId": { + "description": "TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.", + "type": "string" + }, + "vaultUrl": { + "description": "Vault Url from which the secrets to be fetched from.", + "type": "string" + } + }, + "required": [ + "vaultUrl" + ], + "type": "object", + "additionalProperties": false + }, + "beyondtrust": { + "description": "Beyondtrust configures this store to sync secrets using Password Safe provider.", + "properties": { + "auth": { + "description": "Auth configures how the operator authenticates with Beyondtrust.", + "properties": { + "apiKey": { + "description": "APIKey If not provided then ClientID/ClientSecret become required.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificate": { + "description": "Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "certificateKey": { + "description": "Certificate private key (key.pem). For use when authenticating with an OAuth client Id", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientId": { + "description": "ClientID is the API OAuth Client ID.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "ClientSecret is the API OAuth Client Secret.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "server": { + "description": "Auth configures how API server works.", + "properties": { + "apiUrl": { + "type": "string" + }, + "apiVersion": { + "type": "string" + }, + "clientTimeOutSeconds": { + "description": "Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.", + "type": "integer" + }, + "retrievalType": { + "description": "The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system.", + "type": "string" + }, + "separator": { + "description": "A character that separates the folder names.", + "type": "string" + }, + "verifyCA": { + "type": "boolean" + } + }, + "required": [ + "apiUrl", + "verifyCA" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "server" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardensecretsmanager": { + "description": "BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider", + "properties": { + "apiURL": { + "type": "string" + }, + "auth": { + "description": "Auth configures how secret-manager authenticates with a bitwarden machine account instance.\nMake sure that the token being used has permissions on the given secret.", + "properties": { + "secretRef": { + "description": "BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.", + "properties": { + "credentials": { + "description": "AccessToken used for the bitwarden instance.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "credentials" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "bitwardenServerSDKURL": { + "type": "string" + }, + "caBundle": { + "description": "Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack\ncan be performed.", + "type": "string" + }, + "caProvider": { + "description": "see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider", + "properties": { + "key": { + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + }, + "type": { + "description": "The type of provider to use such as \"Secret\", or \"ConfigMap\".", + "enum": [ + "Secret", + "ConfigMap" + ], + "type": "string" + } + }, + "required": [ + "name", + "type" + ], + "type": "object", + "additionalProperties": false + }, + "identityURL": { + "type": "string" + }, + "organizationID": { + "description": "OrganizationID determines which organization this secret store manages.", "type": "string" }, - "vaultUrl": { - "description": "Vault Url from which the secrets to be fetched from.", + "projectID": { + "description": "ProjectID determines which project this secret store manages.", "type": "string" } }, "required": [ - "vaultUrl" + "auth", + "organizationID", + "projectID" ], "type": "object", "additionalProperties": false @@ -674,15 +1238,24 @@ "description": "SecretKey is the Signing Key in PEM format, used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -720,29 +1293,129 @@ "type": "object", "additionalProperties": false }, + "cloudrusm": { + "description": "CloudruSM configures this store to sync secrets using the Cloud.ru Secret Manager provider", + "properties": { + "auth": { + "description": "CSMAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "description": "CSMAuthSecretRef holds secret references for Cloud.ru credentials.", + "properties": { + "accessKeyIDSecretRef": { + "description": "The AccessKeyID is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "accessKeySecretSecretRef": { + "description": "The AccessKeySecret is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessKeyIDSecretRef", + "accessKeySecretSecretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "projectID": { + "description": "ProjectID is the project, which the secrets are stored in.", + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, "conjur": { "description": "Conjur configures this store to sync secrets using conjur provider", "properties": { "auth": { + "description": "Defines authentication settings for connecting to Conjur.", "properties": { "apikey": { + "description": "Authenticates with Conjur using an API key.", "properties": { "account": { + "description": "Account is the Conjur organization account name.", "type": "string" }, "apiKeyRef": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' containing the Conjur API key\nwithin a Secret resource. In some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -750,18 +1423,27 @@ "additionalProperties": false }, "userRef": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' containing the Conjur username\nwithin a Secret resource. In some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -778,23 +1460,38 @@ "additionalProperties": false }, "jwt": { + "description": "Jwt enables JWT authentication using Kubernetes service account tokens.", "properties": { "account": { + "description": "Account is the Conjur organization account name.", + "type": "string" + }, + "hostId": { + "description": "Optional HostID for JWT authentication. This may be used depending\non how the Conjur JWT authenticator policy is configured.", "type": "string" }, "secretRef": { "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Conjur using the JWT authentication method.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -813,10 +1510,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -843,6 +1546,7 @@ "additionalProperties": false }, "caBundle": { + "description": "CABundle is a PEM encoded CA bundle that will be used to validate the Conjur server certificate.", "type": "string" }, "caProvider": { @@ -850,14 +1554,23 @@ "properties": { "key": { "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": { @@ -877,6 +1590,7 @@ "additionalProperties": false }, "url": { + "description": "URL is the endpoint of the Conjur instance.", "type": "string" } }, @@ -897,15 +1611,24 @@ "description": "SecretRef references a key in a secret that will be used as value.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -927,15 +1650,24 @@ "description": "SecretRef references a key in a secret that will be used as value.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -971,6 +1703,65 @@ "type": "object", "additionalProperties": false }, + "device42": { + "description": "Device42 configures this store to sync secrets using the Device42 provider", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Device42 instance.", + "properties": { + "secretRef": { + "properties": { + "credentials": { + "description": "Username / Password is used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "host": { + "description": "URL configures the Device42 instance URL.", + "type": "string" + } + }, + "required": [ + "auth", + "host" + ], + "type": "object", + "additionalProperties": false + }, "doppler": { "description": "Doppler configures this store to sync secrets using the Doppler provider", "properties": { @@ -983,15 +1774,24 @@ "description": "The DopplerToken is used for authentication.\nSee https://docs.doppler.com/reference/api#authentication for auth token types.\nThe Key attribute defaults to dopplerToken if not specified.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1062,19 +1862,13 @@ "value": { "type": "string" }, - "valueMap": { - "additionalProperties": { - "type": "string" - }, - "description": "Deprecated: ValueMap is deprecated and is intended to be removed in the future, use the `value` field instead.", - "type": "object" - }, "version": { "type": "string" } }, "required": [ - "key" + "key", + "value" ], "type": "object" }, @@ -1097,15 +1891,24 @@ "description": "SecretRef is a reference to a secret containing the SDKMS API Key.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1136,15 +1939,24 @@ "description": "The SecretAccessKey is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1158,12 +1970,15 @@ "workloadIdentity": { "properties": { "clusterLocation": { + "description": "ClusterLocation is the location of the cluster\nIf not specified, it fetches information from the metadata server", "type": "string" }, "clusterName": { + "description": "ClusterName is the name of the cluster\nIf not specified, it fetches information from the metadata server", "type": "string" }, "clusterProjectID": { + "description": "ClusterProjectID is the project ID of the cluster\nIf not specified, it fetches information from the metadata server", "type": "string" }, "serviceAccountRef": { @@ -1178,10 +1993,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1193,8 +2014,6 @@ } }, "required": [ - "clusterLocation", - "clusterName", "serviceAccountRef" ], "type": "object", @@ -1204,6 +2023,10 @@ "type": "object", "additionalProperties": false }, + "location": { + "description": "Location optionally defines a location for a secret", + "type": "string" + }, "projectID": { "description": "ProjectID project where secret is located", "type": "string" @@ -1212,6 +2035,88 @@ "type": "object", "additionalProperties": false }, + "github": { + "description": "Github configures this store to push Github Action secrets using Github API provider", + "properties": { + "appID": { + "description": "appID specifies the Github APP that will be used to authenticate the client", + "format": "int64", + "type": "integer" + }, + "auth": { + "description": "auth configures how secret-manager authenticates with a Github instance.", + "properties": { + "privateKey": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "privateKey" + ], + "type": "object", + "additionalProperties": false + }, + "environment": { + "description": "environment will be used to fetch secrets from a particular environment within a github repository", + "type": "string" + }, + "installationID": { + "description": "installationID specifies the Github APP installation that will be used to authenticate the client", + "format": "int64", + "type": "integer" + }, + "organization": { + "description": "organization will be used to fetch secrets from the Github organization", + "type": "string" + }, + "repository": { + "description": "repository will be used to fetch secrets from the Github repository within an organization", + "type": "string" + }, + "uploadURL": { + "description": "Upload URL for enterprise instances. Default to URL.", + "type": "string" + }, + "url": { + "default": "https://github.com/", + "description": "URL configures the Github instance URL. Defaults to https://github.com/.", + "type": "string" + } + }, + "required": [ + "appID", + "auth", + "installationID", + "organization" + ], + "type": "object", + "additionalProperties": false + }, "gitlab": { "description": "GitLab configures this store to sync secrets using GitLab Variables provider", "properties": { @@ -1224,15 +2129,24 @@ "description": "AccessToken is used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1315,15 +2229,24 @@ "description": "The SecretAccessKey is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1349,22 +2272,154 @@ "type": "object", "additionalProperties": false }, + "infisical": { + "description": "Infisical configures this store to sync secrets using the Infisical provider", + "properties": { + "auth": { + "description": "Auth configures how the Operator authenticates with the Infisical API", + "properties": { + "universalAuthCredentials": { + "properties": { + "clientId": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "clientSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "clientId", + "clientSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "hostAPI": { + "default": "https://app.infisical.com/api", + "description": "HostAPI specifies the base URL of the Infisical API. If not provided, it defaults to \"https://app.infisical.com/api\".", + "type": "string" + }, + "secretsScope": { + "description": "SecretsScope defines the scope of the secrets within the workspace", + "properties": { + "environmentSlug": { + "description": "EnvironmentSlug is the required slug identifier for the environment.", + "type": "string" + }, + "expandSecretReferences": { + "default": true, + "description": "ExpandSecretReferences indicates whether secret references should be expanded. Defaults to true if not provided.", + "type": "boolean" + }, + "projectSlug": { + "description": "ProjectSlug is the required slug identifier for the project.", + "type": "string" + }, + "recursive": { + "default": false, + "description": "Recursive indicates whether the secrets should be fetched recursively. Defaults to false if not provided.", + "type": "boolean" + }, + "secretsPath": { + "default": "/", + "description": "SecretsPath specifies the path to the secrets within the workspace. Defaults to \"/\" if not provided.", + "type": "string" + } + }, + "required": [ + "environmentSlug", + "projectSlug" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "auth", + "secretsScope" + ], + "type": "object", + "additionalProperties": false + }, "keepersecurity": { "description": "KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider", "properties": { "authRef": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1394,18 +2449,27 @@ "description": "has both clientCert and clientKey as secretKeySelector", "properties": { "clientCert": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1413,18 +2477,27 @@ "additionalProperties": false }, "clientKey": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1447,10 +2520,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1464,18 +2543,27 @@ "description": "use static token to authenticate with", "properties": { "bearerToken": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1490,9 +2578,40 @@ "type": "object", "additionalProperties": false }, + "authRef": { + "description": "A reference to a secret that contains the auth information.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "remoteNamespace": { "default": "default", "description": "Remote namespace to fetch the secrets from", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "server": { @@ -1508,14 +2627,23 @@ "properties": { "key": { "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": { @@ -1542,11 +2670,8 @@ }, "type": "object", "additionalProperties": false - } - }, - "required": [ - "auth" - ], + } + }, "type": "object", "additionalProperties": false }, @@ -1565,15 +2690,24 @@ "description": "OnboardbaseAPIKey is the APIKey generated by an admin account.\nIt is used to recognize and authorize access to a project and environment within onboardbase", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1584,15 +2718,24 @@ "description": "OnboardbasePasscode is the passcode attached to the API Key", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1640,15 +2783,24 @@ "description": "The ConnectToken is used for authentication to a 1Password Connect Server.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1702,15 +2854,24 @@ "description": "Fingerprint is the fingerprint of the API private key.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1721,15 +2882,24 @@ "description": "PrivateKey is the user's API Signing Key in PEM format, used for authentication.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1795,10 +2965,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1820,6 +2996,209 @@ "type": "object", "additionalProperties": false }, + "passbolt": { + "properties": { + "auth": { + "description": "Auth defines the information necessary to authenticate against Passbolt Server", + "properties": { + "passwordSecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "privateKeySecretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "passwordSecretRef", + "privateKeySecretRef" + ], + "type": "object", + "additionalProperties": false + }, + "host": { + "description": "Host defines the Passbolt Server to connect to", + "type": "string" + } + }, + "required": [ + "auth", + "host" + ], + "type": "object", + "additionalProperties": false + }, + "passworddepot": { + "description": "Configures a store to sync secrets with a Password Depot instance.", + "properties": { + "auth": { + "description": "Auth configures how secret-manager authenticates with a Password Depot instance.", + "properties": { + "secretRef": { + "properties": { + "credentials": { + "description": "Username / Password is used for authentication.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + }, + "database": { + "description": "Database to use as source", + "type": "string" + }, + "host": { + "description": "URL configures the Password Depot instance URL.", + "type": "string" + } + }, + "required": [ + "auth", + "database", + "host" + ], + "type": "object", + "additionalProperties": false + }, + "previder": { + "description": "Previder configures this store to sync secrets using the Previder provider", + "properties": { + "auth": { + "description": "PreviderAuth contains a secretRef for credentials.", + "properties": { + "secretRef": { + "description": "PreviderAuthSecretRef holds secret references for Previder Vault credentials.", + "properties": { + "accessToken": { + "description": "The AccessToken is used for authentication", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "accessToken" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "baseUri": { + "type": "string" + } + }, + "required": [ + "auth" + ], + "type": "object", + "additionalProperties": false + }, "pulumi": { "description": "Pulumi configures this store to sync secrets using the Pulumi provider", "properties": { @@ -1830,15 +3209,24 @@ "description": "SecretRef is a reference to a secret containing the Pulumi API token.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1850,7 +3238,7 @@ "additionalProperties": false }, "apiUrl": { - "default": "https://api.pulumi.com", + "default": "https://api.pulumi.com/api/esc", "description": "APIURL is the URL of the Pulumi API.", "type": "string" }, @@ -1861,12 +3249,17 @@ "organization": { "description": "Organization are a space to collaborate on shared projects and stacks.\nTo create a new organization, visit https://app.pulumi.com/ and click \"New Organization\".", "type": "string" + }, + "project": { + "description": "Project is the name of the Pulumi ESC project the environment belongs to.", + "type": "string" } }, "required": [ "accessToken", "environment", - "organization" + "organization", + "project" ], "type": "object", "additionalProperties": false @@ -1881,15 +3274,24 @@ "description": "SecretRef references a key in a secret that will be used as value.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1923,15 +3325,24 @@ "description": "SecretRef references a key in a secret that will be used as value.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -1956,6 +3367,100 @@ "type": "object", "additionalProperties": false }, + "secretserver": { + "description": "SecretServer configures this store to sync secrets using SecretServer provider\nhttps://docs.delinea.com/online-help/secret-server/start.htm", + "properties": { + "password": { + "description": "Password is the secret server account password.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "serverURL": { + "description": "ServerURL\nURL to your secret server installation", + "type": "string" + }, + "username": { + "description": "Username is the secret server account username.", + "properties": { + "secretRef": { + "description": "SecretRef references a key in a secret that will be used as value.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "value": { + "description": "Value can be specified directly to set a value without using a secret.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "password", + "serverURL", + "username" + ], + "type": "object", + "additionalProperties": false + }, "senhasegura": { "description": "Senhasegura configures this store to sync secrets using senhasegura provider", "properties": { @@ -1966,18 +3471,27 @@ "type": "string" }, "clientSecretSecretRef": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2036,15 +3550,24 @@ "description": "Reference to a key in a Secret that contains the App Role ID used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role id.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2055,15 +3578,24 @@ "description": "Reference to a key in a Secret that contains the App Role secret used\nto authenticate with Vault.\nThe `key` field must be specified and denotes which entry within the Secret\nresource is used as the app role secret.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2085,15 +3617,24 @@ "description": "ClientCert is a certificate to authenticate using the Cert Vault\nauthentication method", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2104,15 +3645,24 @@ "description": "SecretRef to a key in a Secret resource containing client private key to\nauthenticate with Vault using the Cert authentication method", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2145,10 +3695,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2181,15 +3737,24 @@ "description": "The AccessKeyID is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2200,15 +3765,24 @@ "description": "The SecretAccessKey is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2219,15 +3793,24 @@ "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2283,10 +3866,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2316,15 +3905,24 @@ "description": "Optional SecretRef that refers to a key in a Secret resource containing JWT token to\nauthenticate with Vault using the JWT/OIDC authentication method.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2354,15 +3952,24 @@ "description": "Optional secret field containing a Kubernetes ServiceAccount JWT used\nfor authenticating with Vault. If a name is specified without a key,\n`token` is the default. If one is not specified, the one bound to\nthe controller will be used.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2381,10 +3988,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2414,15 +4027,24 @@ "description": "SecretRef to a key in a Secret resource containing password for the LDAP\nuser used to authenticate with Vault using the LDAP authentication\nmethod", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2430,7 +4052,7 @@ "additionalProperties": false }, "username": { - "description": "Username is a LDAP user name used to authenticate using the LDAP Vault\nauthentication method", + "description": "Username is an LDAP username used to authenticate using the LDAP Vault\nauthentication method", "type": "string" } }, @@ -2441,19 +4063,32 @@ "type": "object", "additionalProperties": false }, + "namespace": { + "description": "Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in.\nNamespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces\nThis will default to Vault.Namespace field if set, or empty otherwise", + "type": "string" + }, "tokenSecretRef": { "description": "TokenSecretRef authenticates with Vault by presenting a token.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2464,23 +4099,32 @@ "description": "UserPass authenticates with Vault by passing username/password pair", "properties": { "path": { - "default": "user", - "description": "Path where the UserPassword authentication backend is mounted\nin Vault, e.g: \"user\"", + "default": "userpass", + "description": "Path where the UserPassword authentication backend is mounted\nin Vault, e.g: \"userpass\"", "type": "string" }, "secretRef": { "description": "SecretRef to a key in a Secret resource containing password for the\nuser used to authenticate with Vault using the UserPass authentication\nmethod", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2488,7 +4132,7 @@ "additionalProperties": false }, "username": { - "description": "Username is a user name used to authenticate using the UserPass Vault\nauthentication method", + "description": "Username is a username used to authenticate using the UserPass Vault\nauthentication method", "type": "string" } }, @@ -2513,14 +4157,23 @@ "properties": { "key": { "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace the Provider type is in.\nCan only be defined when used in a ClusterSecretStore.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": { @@ -2543,6 +4196,13 @@ "description": "ForwardInconsistent tells Vault to forward read-after-write requests to the Vault\nleader instead of simply retrying within a loop. This can increase performance if\nthe option is enabled serverside.\nhttps://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header", "type": "boolean" }, + "headers": { + "additionalProperties": { + "type": "string" + }, + "description": "Headers to be added in Vault request", + "type": "object" + }, "namespace": { "description": "Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows\nVault environments to support Secure Multi-tenancy. e.g: \"ns1\".\nMore about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces", "type": "string" @@ -2566,15 +4226,24 @@ "description": "CertSecretRef is a certificate added to the transport layer\nwhen communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.crt'.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2585,15 +4254,24 @@ "description": "KeySecretRef to a key in a Secret resource containing client private key\nadded to the transport layer when communicating with the Vault server.\nIf no key for the Secret is specified, external-secret will default to 'tls.key'.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2615,7 +4293,6 @@ } }, "required": [ - "auth", "server" ], "type": "object", @@ -2624,6 +4301,82 @@ "webhook": { "description": "Webhook configures this store to sync secrets using a generic templated webhook", "properties": { + "auth": { + "description": "Auth specifies a authorization protocol. Only one protocol may be set.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "ntlm": { + "description": "NTLMProtocol configures the store to use NTLM for auth", + "properties": { + "passwordSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "usernameSecret": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "passwordSecret", + "usernameSecret" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, "body": { "description": "Body", "type": "string" @@ -2637,15 +4390,24 @@ "description": "The provider for the CA bundle to use to validate webhook server certificate.", "properties": { "key": { - "description": "The key the value inside of the provider type to use, only used with \"Secret\" type", + "description": "The key where the CA certificate can be found in the Secret or ConfigMap.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the object located at the provider type.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { "description": "The namespace the Provider type is in.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" }, "type": { @@ -2698,15 +4460,24 @@ "description": "Secret ref to fill in credentials", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2751,15 +4522,24 @@ "description": "The authorized key used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2774,18 +4554,27 @@ "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate.", "properties": { "certSecretRef": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2817,15 +4606,24 @@ "description": "The authorized key used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -2840,18 +4638,27 @@ "description": "The provider for the CA bundle to use to validate Yandex.Cloud server certificate.", "properties": { "certSecretRef": { - "description": "A reference to a specific 'key' within a Secret resource,\nIn some instances, `key` is a required field.", + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, diff --git a/master-standalone-strict/clusterworkflowtemplate-argoproj-v1alpha1.json b/master-standalone-strict/clusterworkflowtemplate-argoproj-v1alpha1.json index fce121a..7957462 100644 --- a/master-standalone-strict/clusterworkflowtemplate-argoproj-v1alpha1.json +++ b/master-standalone-strict/clusterworkflowtemplate-argoproj-v1alpha1.json @@ -10,8 +10,37501 @@ "type": "object" }, "spec": { + "properties": { + "activeDeadlineSeconds": { + "format": "int64", + "type": "integer" + }, + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "archiveLogs": { + "type": "boolean" + }, + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactGC": { + "properties": { + "forceFinalizerRemoval": { + "type": "boolean" + }, + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "podSpecPatch": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactRepositoryRef": { + "properties": { + "configMap": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "dnsConfig": { + "properties": { + "nameservers": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "entrypoint": { + "type": "string" + }, + "executor": { + "properties": { + "serviceAccountName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "hostNetwork": { + "type": "boolean" + }, + "imagePullSecrets": { + "items": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "metrics": { + "properties": { + "prometheus": { + "items": { + "properties": { + "counter": { + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "gauge": { + "properties": { + "operation": { + "type": "string" + }, + "realtime": { + "type": "boolean" + }, + "value": { + "type": "string" + } + }, + "required": [ + "realtime", + "value" + ], + "type": "object" + }, + "help": { + "type": "string" + }, + "histogram": { + "properties": { + "buckets": { + "items": { + "type": "number" + }, + "type": "array" + }, + "value": { + "type": "string" + } + }, + "required": [ + "buckets", + "value" + ], + "type": "object" + }, + "labels": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "when": { + "type": "string" + } + }, + "required": [ + "help", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "prometheus" + ], + "type": "object", + "additionalProperties": false + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "onExit": { + "type": "string" + }, + "parallelism": { + "format": "int64", + "type": "integer" + }, + "podDisruptionBudget": { + "properties": { + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "minAvailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "podGC": { + "properties": { + "deleteDelayDuration": { + "type": "string" + }, + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "strategy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "podPriorityClassName": { + "type": "string" + }, + "podSpecPatch": { + "type": "string" + }, + "priority": { + "format": "int32", + "type": "integer" + }, + "retryStrategy": { + "properties": { + "affinity": { + "properties": { + "nodeAntiAffinity": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "backoff": { + "properties": { + "cap": { + "type": "string" + }, + "duration": { + "type": "string" + }, + "factor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "expression": { + "type": "string" + }, + "limit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "retryPolicy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "properties": { + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "type": "string" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" + }, + "sysctls": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "shutdown": { + "type": "string" + }, + "suspend": { + "type": "boolean" + }, + "synchronization": { + "properties": { + "mutex": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mutexes": { + "items": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "semaphore": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "semaphores": { + "items": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "templateDefaults": { + "properties": { + "activeDeadlineSeconds": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "archiveLocation": { + "properties": { + "archiveLogs": { + "type": "boolean" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object", + "additionalProperties": false + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "repo" + ], + "type": "object", + "additionalProperties": false + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "container": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "containerSet": { + "properties": { + "containers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "retryStrategy": { + "properties": { + "duration": { + "type": "string" + }, + "retries": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "retries" + ], + "type": "object", + "additionalProperties": false + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "containers" + ], + "type": "object", + "additionalProperties": false + }, + "daemon": { + "type": "boolean" + }, + "dag": { + "properties": { + "failFast": { + "type": "boolean" + }, + "target": { + "type": "string" + }, + "tasks": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "type": "string" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "tasks" + ], + "type": "object", + "additionalProperties": false + }, + "data": { + "properties": { + "source": { + "properties": { + "artifactPaths": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "zip": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object", + "additionalProperties": false + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "repo" + ], + "type": "object", + "additionalProperties": false + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "transformation": { + "items": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "source", + "transformation" + ], + "type": "object", + "additionalProperties": false + }, + "executor": { + "properties": { + "serviceAccountName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "failFast": { + "type": "boolean" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "http": { + "properties": { + "body": { + "type": "string" + }, + "bodyFrom": { + "properties": { + "bytes": { + "format": "byte", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "method": { + "type": "string" + }, + "successCondition": { + "type": "string" + }, + "timeoutSeconds": { + "format": "int64", + "type": "integer" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "initContainers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "inputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "memoize": { + "properties": { + "cache": { + "properties": { + "configMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "configMap" + ], + "type": "object", + "additionalProperties": false + }, + "key": { + "type": "string" + }, + "maxAge": { + "type": "string" + } + }, + "required": [ + "cache", + "key", + "maxAge" + ], + "type": "object", + "additionalProperties": false + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "metrics": { + "properties": { + "prometheus": { + "items": { + "properties": { + "counter": { + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "gauge": { + "properties": { + "operation": { + "type": "string" + }, + "realtime": { + "type": "boolean" + }, + "value": { + "type": "string" + } + }, + "required": [ + "realtime", + "value" + ], + "type": "object" + }, + "help": { + "type": "string" + }, + "histogram": { + "properties": { + "buckets": { + "items": { + "type": "number" + }, + "type": "array" + }, + "value": { + "type": "string" + } + }, + "required": [ + "buckets", + "value" + ], + "type": "object" + }, + "labels": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "when": { + "type": "string" + } + }, + "required": [ + "help", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "prometheus" + ], + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "outputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "exitCode": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "result": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "parallelism": { + "format": "int64", + "type": "integer" + }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "podSpecPatch": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "resource": { + "properties": { + "action": { + "type": "string" + }, + "failureCondition": { + "type": "string" + }, + "flags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "manifest": { + "type": "string" + }, + "manifestFrom": { + "properties": { + "artifact": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "zip": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object", + "additionalProperties": false + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "repo" + ], + "type": "object", + "additionalProperties": false + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "artifact" + ], + "type": "object", + "additionalProperties": false + }, + "mergeStrategy": { + "type": "string" + }, + "setOwnerReference": { + "type": "boolean" + }, + "successCondition": { + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object", + "additionalProperties": false + }, + "retryStrategy": { + "properties": { + "affinity": { + "properties": { + "nodeAntiAffinity": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "backoff": { + "properties": { + "cap": { + "type": "string" + }, + "duration": { + "type": "string" + }, + "factor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "expression": { + "type": "string" + }, + "limit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "retryPolicy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "schedulerName": { + "type": "string" + }, + "script": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "source": { + "type": "string" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "securityContext": { + "properties": { + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "type": "string" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" + }, + "sysctls": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "sidecars": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "steps": { + "items": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "array" + }, + "suspend": { + "properties": { + "duration": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "synchronization": { + "properties": { + "mutex": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mutexes": { + "items": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "semaphore": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "semaphores": { + "items": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "type": "string" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumes": { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "default": "ext4", + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "default": false, + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "default": "xfs", + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "templates": { + "items": { + "properties": { + "activeDeadlineSeconds": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "archiveLocation": { + "properties": { + "archiveLogs": { + "type": "boolean" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "container": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object" + }, + "containerSet": { + "properties": { + "containers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "retryStrategy": { + "properties": { + "duration": { + "type": "string" + }, + "retries": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "retries" + ], + "type": "object" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "containers" + ], + "type": "object" + }, + "daemon": { + "type": "boolean" + }, + "dag": { + "properties": { + "failFast": { + "type": "boolean" + }, + "target": { + "type": "string" + }, + "tasks": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "type": "string" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "tasks" + ], + "type": "object" + }, + "data": { + "properties": { + "source": { + "properties": { + "artifactPaths": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "transformation": { + "items": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "source", + "transformation" + ], + "type": "object" + }, + "executor": { + "properties": { + "serviceAccountName": { + "type": "string" + } + }, + "type": "object" + }, + "failFast": { + "type": "boolean" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "http": { + "properties": { + "body": { + "type": "string" + }, + "bodyFrom": { + "properties": { + "bytes": { + "format": "byte", + "type": "string" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "method": { + "type": "string" + }, + "successCondition": { + "type": "string" + }, + "timeoutSeconds": { + "format": "int64", + "type": "integer" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "initContainers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "inputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "memoize": { + "properties": { + "cache": { + "properties": { + "configMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "configMap" + ], + "type": "object" + }, + "key": { + "type": "string" + }, + "maxAge": { + "type": "string" + } + }, + "required": [ + "cache", + "key", + "maxAge" + ], + "type": "object" + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "metrics": { + "properties": { + "prometheus": { + "items": { + "properties": { + "counter": { + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "gauge": { + "properties": { + "operation": { + "type": "string" + }, + "realtime": { + "type": "boolean" + }, + "value": { + "type": "string" + } + }, + "required": [ + "realtime", + "value" + ], + "type": "object" + }, + "help": { + "type": "string" + }, + "histogram": { + "properties": { + "buckets": { + "items": { + "type": "number" + }, + "type": "array" + }, + "value": { + "type": "string" + } + }, + "required": [ + "buckets", + "value" + ], + "type": "object" + }, + "labels": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "when": { + "type": "string" + } + }, + "required": [ + "help", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "prometheus" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "outputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "exitCode": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "result": { + "type": "string" + } + }, + "type": "object" + }, + "parallelism": { + "format": "int64", + "type": "integer" + }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "podSpecPatch": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "resource": { + "properties": { + "action": { + "type": "string" + }, + "failureCondition": { + "type": "string" + }, + "flags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "manifest": { + "type": "string" + }, + "manifestFrom": { + "properties": { + "artifact": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "required": [ + "artifact" + ], + "type": "object" + }, + "mergeStrategy": { + "type": "string" + }, + "setOwnerReference": { + "type": "boolean" + }, + "successCondition": { + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "retryStrategy": { + "properties": { + "affinity": { + "properties": { + "nodeAntiAffinity": { + "type": "object" + } + }, + "type": "object" + }, + "backoff": { + "properties": { + "cap": { + "type": "string" + }, + "duration": { + "type": "string" + }, + "factor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "limit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "retryPolicy": { + "type": "string" + } + }, + "type": "object" + }, + "schedulerName": { + "type": "string" + }, + "script": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "source": { + "type": "string" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "type": "string" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" + }, + "sysctls": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "sidecars": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "steps": { + "items": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "array" + }, + "suspend": { + "properties": { + "duration": { + "type": "string" + } + }, + "type": "object" + }, + "synchronization": { + "properties": { + "mutex": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "mutexes": { + "items": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "semaphore": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "semaphores": { + "items": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "timeout": { + "type": "string" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumes": { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "default": "ext4", + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "default": false, + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "default": "xfs", + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ttlStrategy": { + "properties": { + "secondsAfterCompletion": { + "format": "int32", + "type": "integer" + }, + "secondsAfterFailure": { + "format": "int32", + "type": "integer" + }, + "secondsAfterSuccess": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "volumeClaimGC": { + "properties": { + "strategy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "volumeClaimTemplates": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "status": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "conditions": { + "items": { + "properties": { + "lastProbeTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "type": "string" + }, + "modifyVolumeStatus": { + "properties": { + "status": { + "type": "string" + }, + "targetVolumeAttributesClassName": { + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumes": { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "default": "ext4", + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "default": false, + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "default": "xfs", + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "workflowMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labelsFrom": { + "additionalProperties": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "workflowTemplateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "additionalProperties": false } }, "required": [ diff --git a/master-standalone-strict/cronworkflow-argoproj-v1alpha1.json b/master-standalone-strict/cronworkflow-argoproj-v1alpha1.json index 1a3f856..0ed4202 100644 --- a/master-standalone-strict/cronworkflow-argoproj-v1alpha1.json +++ b/master-standalone-strict/cronworkflow-argoproj-v1alpha1.json @@ -10,12 +10,37655 @@ "type": "object" }, "spec": { + "properties": { + "concurrencyPolicy": { + "type": "string" + }, + "failedJobsHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "schedule": { + "type": "string" + }, + "schedules": { + "items": { + "type": "string" + }, + "type": "array" + }, + "startingDeadlineSeconds": { + "format": "int64", + "type": "integer" + }, + "stopStrategy": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object", + "additionalProperties": false + }, + "successfulJobsHistoryLimit": { + "format": "int32", + "type": "integer" + }, + "suspend": { + "type": "boolean" + }, + "timezone": { + "type": "string" + }, + "when": { + "type": "string" + }, + "workflowMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "workflowSpec": { + "properties": { + "activeDeadlineSeconds": { + "format": "int64", + "type": "integer" + }, + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "archiveLogs": { + "type": "boolean" + }, + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactGC": { + "properties": { + "forceFinalizerRemoval": { + "type": "boolean" + }, + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "podSpecPatch": { + "type": "string" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactRepositoryRef": { + "properties": { + "configMap": { + "type": "string" + }, + "key": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "dnsConfig": { + "properties": { + "nameservers": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "options": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "dnsPolicy": { + "type": "string" + }, + "entrypoint": { + "type": "string" + }, + "executor": { + "properties": { + "serviceAccountName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "hostNetwork": { + "type": "boolean" + }, + "imagePullSecrets": { + "items": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "metrics": { + "properties": { + "prometheus": { + "items": { + "properties": { + "counter": { + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "gauge": { + "properties": { + "operation": { + "type": "string" + }, + "realtime": { + "type": "boolean" + }, + "value": { + "type": "string" + } + }, + "required": [ + "realtime", + "value" + ], + "type": "object" + }, + "help": { + "type": "string" + }, + "histogram": { + "properties": { + "buckets": { + "items": { + "type": "number" + }, + "type": "array" + }, + "value": { + "type": "string" + } + }, + "required": [ + "buckets", + "value" + ], + "type": "object" + }, + "labels": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "when": { + "type": "string" + } + }, + "required": [ + "help", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "prometheus" + ], + "type": "object", + "additionalProperties": false + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "onExit": { + "type": "string" + }, + "parallelism": { + "format": "int64", + "type": "integer" + }, + "podDisruptionBudget": { + "properties": { + "maxUnavailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "minAvailable": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "unhealthyPodEvictionPolicy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "podGC": { + "properties": { + "deleteDelayDuration": { + "type": "string" + }, + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "strategy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "podPriorityClassName": { + "type": "string" + }, + "podSpecPatch": { + "type": "string" + }, + "priority": { + "format": "int32", + "type": "integer" + }, + "retryStrategy": { + "properties": { + "affinity": { + "properties": { + "nodeAntiAffinity": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "backoff": { + "properties": { + "cap": { + "type": "string" + }, + "duration": { + "type": "string" + }, + "factor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "expression": { + "type": "string" + }, + "limit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "retryPolicy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "schedulerName": { + "type": "string" + }, + "securityContext": { + "properties": { + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "type": "string" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" + }, + "sysctls": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "shutdown": { + "type": "string" + }, + "suspend": { + "type": "boolean" + }, + "synchronization": { + "properties": { + "mutex": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mutexes": { + "items": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "semaphore": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "semaphores": { + "items": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "templateDefaults": { + "properties": { + "activeDeadlineSeconds": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "archiveLocation": { + "properties": { + "archiveLogs": { + "type": "boolean" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object", + "additionalProperties": false + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "repo" + ], + "type": "object", + "additionalProperties": false + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "container": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "containerSet": { + "properties": { + "containers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "retryStrategy": { + "properties": { + "duration": { + "type": "string" + }, + "retries": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "retries" + ], + "type": "object", + "additionalProperties": false + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "containers" + ], + "type": "object", + "additionalProperties": false + }, + "daemon": { + "type": "boolean" + }, + "dag": { + "properties": { + "failFast": { + "type": "boolean" + }, + "target": { + "type": "string" + }, + "tasks": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "type": "string" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "tasks" + ], + "type": "object", + "additionalProperties": false + }, + "data": { + "properties": { + "source": { + "properties": { + "artifactPaths": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "zip": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object", + "additionalProperties": false + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "repo" + ], + "type": "object", + "additionalProperties": false + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "transformation": { + "items": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "source", + "transformation" + ], + "type": "object", + "additionalProperties": false + }, + "executor": { + "properties": { + "serviceAccountName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "failFast": { + "type": "boolean" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "http": { + "properties": { + "body": { + "type": "string" + }, + "bodyFrom": { + "properties": { + "bytes": { + "format": "byte", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "method": { + "type": "string" + }, + "successCondition": { + "type": "string" + }, + "timeoutSeconds": { + "format": "int64", + "type": "integer" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "initContainers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "inputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "memoize": { + "properties": { + "cache": { + "properties": { + "configMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "configMap" + ], + "type": "object", + "additionalProperties": false + }, + "key": { + "type": "string" + }, + "maxAge": { + "type": "string" + } + }, + "required": [ + "cache", + "key", + "maxAge" + ], + "type": "object", + "additionalProperties": false + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "metrics": { + "properties": { + "prometheus": { + "items": { + "properties": { + "counter": { + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "gauge": { + "properties": { + "operation": { + "type": "string" + }, + "realtime": { + "type": "boolean" + }, + "value": { + "type": "string" + } + }, + "required": [ + "realtime", + "value" + ], + "type": "object" + }, + "help": { + "type": "string" + }, + "histogram": { + "properties": { + "buckets": { + "items": { + "type": "number" + }, + "type": "array" + }, + "value": { + "type": "string" + } + }, + "required": [ + "buckets", + "value" + ], + "type": "object" + }, + "labels": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "when": { + "type": "string" + } + }, + "required": [ + "help", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "prometheus" + ], + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "outputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "exitCode": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "result": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "parallelism": { + "format": "int64", + "type": "integer" + }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "podSpecPatch": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "resource": { + "properties": { + "action": { + "type": "string" + }, + "failureCondition": { + "type": "string" + }, + "flags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "manifest": { + "type": "string" + }, + "manifestFrom": { + "properties": { + "artifact": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "zip": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object", + "additionalProperties": false + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "required": [ + "repo" + ], + "type": "object", + "additionalProperties": false + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object", + "additionalProperties": false + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object", + "additionalProperties": false + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "artifact" + ], + "type": "object", + "additionalProperties": false + }, + "mergeStrategy": { + "type": "string" + }, + "setOwnerReference": { + "type": "boolean" + }, + "successCondition": { + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object", + "additionalProperties": false + }, + "retryStrategy": { + "properties": { + "affinity": { + "properties": { + "nodeAntiAffinity": { + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "backoff": { + "properties": { + "cap": { + "type": "string" + }, + "duration": { + "type": "string" + }, + "factor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "expression": { + "type": "string" + }, + "limit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "retryPolicy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "schedulerName": { + "type": "string" + }, + "script": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object", + "additionalProperties": false + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "source": { + "type": "string" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "additionalProperties": false + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object", + "additionalProperties": false + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "securityContext": { + "properties": { + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "type": "string" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object", + "additionalProperties": false + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" + }, + "sysctls": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccountName": { + "type": "string" + }, + "sidecars": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "steps": { + "items": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "array" + }, + "suspend": { + "properties": { + "duration": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "synchronization": { + "properties": { + "mutex": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "mutexes": { + "items": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "semaphore": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object", + "additionalProperties": false + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "semaphores": { + "items": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "timeout": { + "type": "string" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumes": { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "default": "ext4", + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "default": false, + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "default": "xfs", + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "templates": { + "items": { + "properties": { + "activeDeadlineSeconds": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "affinity": { + "properties": { + "nodeAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "preference": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "preference", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "properties": { + "nodeSelectorTerms": { + "items": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchFields": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "nodeSelectorTerms" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "podAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "podAntiAffinity": { + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "podAffinityTerm": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "weight": { + "format": "int32", + "type": "integer" + } + }, + "required": [ + "podAffinityTerm", + "weight" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "items": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "namespaceSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "namespaces": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "type": "string" + } + }, + "required": [ + "topologyKey" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "archiveLocation": { + "properties": { + "archiveLogs": { + "type": "boolean" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "container": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object" + }, + "containerSet": { + "properties": { + "containers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "retryStrategy": { + "properties": { + "duration": { + "type": "string" + }, + "retries": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "retries" + ], + "type": "object" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "containers" + ], + "type": "object" + }, + "daemon": { + "type": "boolean" + }, + "dag": { + "properties": { + "failFast": { + "type": "boolean" + }, + "target": { + "type": "string" + }, + "tasks": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "dependencies": { + "items": { + "type": "string" + }, + "type": "array" + }, + "depends": { + "type": "string" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "tasks" + ], + "type": "object" + }, + "data": { + "properties": { + "source": { + "properties": { + "artifactPaths": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "type": "object" + }, + "transformation": { + "items": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "source", + "transformation" + ], + "type": "object" + }, + "executor": { + "properties": { + "serviceAccountName": { + "type": "string" + } + }, + "type": "object" + }, + "failFast": { + "type": "boolean" + }, + "hostAliases": { + "items": { + "properties": { + "hostnames": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "ip": { + "type": "string" + } + }, + "required": [ + "ip" + ], + "type": "object" + }, + "type": "array" + }, + "http": { + "properties": { + "body": { + "type": "string" + }, + "bodyFrom": { + "properties": { + "bytes": { + "format": "byte", + "type": "string" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "insecureSkipVerify": { + "type": "boolean" + }, + "method": { + "type": "string" + }, + "successCondition": { + "type": "string" + }, + "timeoutSeconds": { + "format": "int64", + "type": "integer" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "initContainers": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "inputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "memoize": { + "properties": { + "cache": { + "properties": { + "configMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "configMap" + ], + "type": "object" + }, + "key": { + "type": "string" + }, + "maxAge": { + "type": "string" + } + }, + "required": [ + "cache", + "key", + "maxAge" + ], + "type": "object" + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "metrics": { + "properties": { + "prometheus": { + "items": { + "properties": { + "counter": { + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "type": "object" + }, + "gauge": { + "properties": { + "operation": { + "type": "string" + }, + "realtime": { + "type": "boolean" + }, + "value": { + "type": "string" + } + }, + "required": [ + "realtime", + "value" + ], + "type": "object" + }, + "help": { + "type": "string" + }, + "histogram": { + "properties": { + "buckets": { + "items": { + "type": "number" + }, + "type": "array" + }, + "value": { + "type": "string" + } + }, + "required": [ + "buckets", + "value" + ], + "type": "object" + }, + "labels": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "when": { + "type": "string" + } + }, + "required": [ + "help", + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "prometheus" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nodeSelector": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "outputs": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "exitCode": { + "type": "string" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "result": { + "type": "string" + } + }, + "type": "object" + }, + "parallelism": { + "format": "int64", + "type": "integer" + }, + "plugin": { + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + }, + "podSpecPatch": { + "type": "string" + }, + "priorityClassName": { + "type": "string" + }, + "resource": { + "properties": { + "action": { + "type": "string" + }, + "failureCondition": { + "type": "string" + }, + "flags": { + "items": { + "type": "string" + }, + "type": "array" + }, + "manifest": { + "type": "string" + }, + "manifestFrom": { + "properties": { + "artifact": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + } + }, + "required": [ + "artifact" + ], + "type": "object" + }, + "mergeStrategy": { + "type": "string" + }, + "setOwnerReference": { + "type": "boolean" + }, + "successCondition": { + "type": "string" + } + }, + "required": [ + "action" + ], + "type": "object" + }, + "retryStrategy": { + "properties": { + "affinity": { + "properties": { + "nodeAntiAffinity": { + "type": "object" + } + }, + "type": "object" + }, + "backoff": { + "properties": { + "cap": { + "type": "string" + }, + "duration": { + "type": "string" + }, + "factor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "maxDuration": { + "type": "string" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "limit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "retryPolicy": { + "type": "string" + } + }, + "type": "object" + }, + "schedulerName": { + "type": "string" + }, + "script": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "source": { + "type": "string" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "type": "object" + }, + "securityContext": { + "properties": { + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "fsGroup": { + "format": "int64", + "type": "integer" + }, + "fsGroupChangePolicy": { + "type": "string" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxChangePolicy": { + "type": "string" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "supplementalGroups": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "type": "string" + }, + "sysctls": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "sidecars": { + "items": { + "properties": { + "args": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "env": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secretKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "envFrom": { + "items": { + "properties": { + "configMapRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "prefix": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "image": { + "type": "string" + }, + "imagePullPolicy": { + "type": "string" + }, + "lifecycle": { + "properties": { + "postStart": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + }, + "preStop": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "livenessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "mirrorVolumeMounts": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "ports": { + "items": { + "properties": { + "containerPort": { + "format": "int32", + "type": "integer" + }, + "hostIP": { + "type": "string" + }, + "hostPort": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "protocol": { + "default": "TCP", + "type": "string" + } + }, + "required": [ + "containerPort" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map" + }, + "readinessProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "request": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "restartPolicy": { + "type": "string" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "appArmorProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "capabilities": { + "properties": { + "add": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "drop": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "privileged": { + "type": "boolean" + }, + "procMount": { + "type": "string" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsGroup": { + "format": "int64", + "type": "integer" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "format": "int64", + "type": "integer" + }, + "seLinuxOptions": { + "properties": { + "level": { + "type": "string" + }, + "role": { + "type": "string" + }, + "type": { + "type": "string" + }, + "user": { + "type": "string" + } + }, + "type": "object" + }, + "seccompProfile": { + "properties": { + "localhostProfile": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "windowsOptions": { + "properties": { + "gmsaCredentialSpec": { + "type": "string" + }, + "gmsaCredentialSpecName": { + "type": "string" + }, + "hostProcess": { + "type": "boolean" + }, + "runAsUserName": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "startupProbe": { + "properties": { + "exec": { + "properties": { + "command": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "failureThreshold": { + "format": "int32", + "type": "integer" + }, + "grpc": { + "properties": { + "port": { + "format": "int32", + "type": "integer" + }, + "service": { + "default": "", + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "httpGet": { + "properties": { + "host": { + "type": "string" + }, + "httpHeaders": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "scheme": { + "type": "string" + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "initialDelaySeconds": { + "format": "int32", + "type": "integer" + }, + "periodSeconds": { + "format": "int32", + "type": "integer" + }, + "successThreshold": { + "format": "int32", + "type": "integer" + }, + "tcpSocket": { + "properties": { + "host": { + "type": "string" + }, + "port": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "required": [ + "port" + ], + "type": "object" + }, + "terminationGracePeriodSeconds": { + "format": "int64", + "type": "integer" + }, + "timeoutSeconds": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "stdin": { + "type": "boolean" + }, + "stdinOnce": { + "type": "boolean" + }, + "terminationMessagePath": { + "type": "string" + }, + "terminationMessagePolicy": { + "type": "string" + }, + "tty": { + "type": "boolean" + }, + "volumeDevices": { + "items": { + "properties": { + "devicePath": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "devicePath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" + }, + "volumeMounts": { + "items": { + "properties": { + "mountPath": { + "type": "string" + }, + "mountPropagation": { + "type": "string" + }, + "name": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "recursiveReadOnly": { + "type": "string" + }, + "subPath": { + "type": "string" + }, + "subPathExpr": { + "type": "string" + } + }, + "required": [ + "mountPath", + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" + }, + "workingDir": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "steps": { + "items": { + "items": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "continueOn": { + "properties": { + "error": { + "type": "boolean" + }, + "failed": { + "type": "boolean" + } + }, + "type": "object" + }, + "hooks": { + "additionalProperties": { + "properties": { + "arguments": { + "properties": { + "artifacts": { + "items": { + "properties": { + "archive": { + "properties": { + "none": { + "type": "object" + }, + "tar": { + "properties": { + "compressionLevel": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "zip": { + "type": "object" + } + }, + "type": "object" + }, + "archiveLogs": { + "type": "boolean" + }, + "artifactGC": { + "properties": { + "podMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccountName": { + "type": "string" + }, + "strategy": { + "enum": [ + "", + "OnWorkflowCompletion", + "OnWorkflowDeletion", + "Never" + ], + "type": "string" + } + }, + "type": "object" + }, + "artifactory": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "url": { + "type": "string" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "azure": { + "properties": { + "accountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "blob": { + "type": "string" + }, + "container": { + "type": "string" + }, + "endpoint": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "blob", + "container", + "endpoint" + ], + "type": "object" + }, + "deleted": { + "type": "boolean" + }, + "from": { + "type": "string" + }, + "fromExpression": { + "type": "string" + }, + "gcs": { + "properties": { + "bucket": { + "type": "string" + }, + "key": { + "type": "string" + }, + "serviceAccountKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "git": { + "properties": { + "branch": { + "type": "string" + }, + "depth": { + "format": "int64", + "type": "integer" + }, + "disableSubmodules": { + "type": "boolean" + }, + "fetch": { + "items": { + "type": "string" + }, + "type": "array" + }, + "insecureIgnoreHostKey": { + "type": "boolean" + }, + "insecureSkipTLS": { + "type": "boolean" + }, + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "repo": { + "type": "string" + }, + "revision": { + "type": "string" + }, + "singleBranch": { + "type": "boolean" + }, + "sshPrivateKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "repo" + ], + "type": "object" + }, + "globalName": { + "type": "string" + }, + "hdfs": { + "properties": { + "addresses": { + "items": { + "type": "string" + }, + "type": "array" + }, + "dataTransferProtection": { + "type": "string" + }, + "force": { + "type": "boolean" + }, + "hdfsUser": { + "type": "string" + }, + "krbCCacheSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbConfigConfigMap": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbKeytabSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "krbRealm": { + "type": "string" + }, + "krbServicePrincipalName": { + "type": "string" + }, + "krbUsername": { + "type": "string" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "http": { + "properties": { + "auth": { + "properties": { + "basicAuth": { + "properties": { + "passwordSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "usernameSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "clientCert": { + "properties": { + "clientCertSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "oauth2": { + "properties": { + "clientIDSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "clientSecretSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "endpointParams": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "scopes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "tokenURLSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "headers": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "required": [ + "name", + "value" + ], + "type": "object" + }, + "type": "array" + }, + "url": { + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "oss": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "createBucketIfNotPresent": { + "type": "boolean" + }, + "endpoint": { + "type": "string" + }, + "key": { + "type": "string" + }, + "lifecycleRule": { + "properties": { + "markDeletionAfterDays": { + "format": "int32", + "type": "integer" + }, + "markInfrequentAccessAfterDays": { + "format": "int32", + "type": "integer" + } + }, + "type": "object" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "securityToken": { + "type": "string" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "path": { + "type": "string" + }, + "raw": { + "properties": { + "data": { + "type": "string" + } + }, + "required": [ + "data" + ], + "type": "object" + }, + "recurseMode": { + "type": "boolean" + }, + "s3": { + "properties": { + "accessKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "bucket": { + "type": "string" + }, + "caSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "createBucketIfNotPresent": { + "properties": { + "objectLocking": { + "type": "boolean" + } + }, + "type": "object" + }, + "encryptionOptions": { + "properties": { + "enableEncryption": { + "type": "boolean" + }, + "kmsEncryptionContext": { + "type": "string" + }, + "kmsKeyId": { + "type": "string" + }, + "serverSideCustomerKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "endpoint": { + "type": "string" + }, + "insecure": { + "type": "boolean" + }, + "key": { + "type": "string" + }, + "region": { + "type": "string" + }, + "roleARN": { + "type": "string" + }, + "secretKeySecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sessionTokenSecret": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "useSDKCreds": { + "type": "boolean" + } + }, + "type": "object" + }, + "subPath": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "parameters": { + "items": { + "properties": { + "default": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enum": { + "items": { + "type": "string" + }, + "type": "array" + }, + "globalName": { + "type": "string" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "valueFrom": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "default": { + "type": "string" + }, + "event": { + "type": "string" + }, + "expression": { + "type": "string" + }, + "jqFilter": { + "type": "string" + }, + "jsonPath": { + "type": "string" + }, + "parameter": { + "type": "string" + }, + "path": { + "type": "string" + }, + "supplied": { + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "expression": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "object" + }, + "inline": { + "x-kubernetes-preserve-unknown-fields": true + }, + "name": { + "type": "string" + }, + "onExit": { + "type": "string" + }, + "template": { + "type": "string" + }, + "templateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "template": { + "type": "string" + } + }, + "type": "object" + }, + "when": { + "type": "string" + }, + "withItems": { + "x-kubernetes-preserve-unknown-fields": true + }, + "withParam": { + "type": "string" + }, + "withSequence": { + "properties": { + "count": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "end": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "format": { + "type": "string" + }, + "start": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": "array" + }, + "suspend": { + "properties": { + "duration": { + "type": "string" + } + }, + "type": "object" + }, + "synchronization": { + "properties": { + "mutex": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "mutexes": { + "items": { + "properties": { + "database": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "semaphore": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "semaphores": { + "items": { + "properties": { + "configMapKeyRef": { + "properties": { + "key": { + "type": "string" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "database": { + "properties": { + "key": { + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "timeout": { + "type": "string" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumes": { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "default": "ext4", + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "default": false, + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "default": "xfs", + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + }, + "tolerations": { + "items": { + "properties": { + "effect": { + "type": "string" + }, + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "tolerationSeconds": { + "format": "int64", + "type": "integer" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "ttlStrategy": { + "properties": { + "secondsAfterCompletion": { + "format": "int32", + "type": "integer" + }, + "secondsAfterFailure": { + "format": "int32", + "type": "integer" + }, + "secondsAfterSuccess": { + "format": "int32", + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "volumeClaimGC": { + "properties": { + "strategy": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "volumeClaimTemplates": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + }, + "status": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "additionalProperties": { + "type": "string" + }, + "type": "object", + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "capacity": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "conditions": { + "items": { + "properties": { + "lastProbeTime": { + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentVolumeAttributesClassName": { + "type": "string" + }, + "modifyVolumeStatus": { + "properties": { + "status": { + "type": "string" + }, + "targetVolumeAttributesClassName": { + "type": "string" + } + }, + "required": [ + "status" + ], + "type": "object" + }, + "phase": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "volumes": { + "items": { + "properties": { + "awsElasticBlockStore": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "azureDisk": { + "properties": { + "cachingMode": { + "type": "string" + }, + "diskName": { + "type": "string" + }, + "diskURI": { + "type": "string" + }, + "fsType": { + "default": "ext4", + "type": "string" + }, + "kind": { + "type": "string" + }, + "readOnly": { + "default": false, + "type": "boolean" + } + }, + "required": [ + "diskName", + "diskURI" + ], + "type": "object" + }, + "azureFile": { + "properties": { + "readOnly": { + "type": "boolean" + }, + "secretName": { + "type": "string" + }, + "shareName": { + "type": "string" + } + }, + "required": [ + "secretName", + "shareName" + ], + "type": "object" + }, + "cephfs": { + "properties": { + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretFile": { + "type": "string" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "type": "string" + } + }, + "required": [ + "monitors" + ], + "type": "object" + }, + "cinder": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "configMap": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "csi": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "nodePublishSecretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "volumeAttributes": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "downwardAPI": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "emptyDir": { + "properties": { + "medium": { + "type": "string" + }, + "sizeLimit": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + } + }, + "type": "object" + }, + "ephemeral": { + "properties": { + "volumeClaimTemplate": { + "properties": { + "metadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "finalizers": { + "items": { + "type": "string" + }, + "type": "array" + }, + "generateName": { + "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, + "spec": { + "properties": { + "accessModes": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "dataSource": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "dataSourceRef": { + "properties": { + "apiGroup": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "resources": { + "properties": { + "limits": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + }, + "requests": { + "additionalProperties": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "type": "object" + } + }, + "type": "object" + }, + "selector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "storageClassName": { + "type": "string" + }, + "volumeAttributesClassName": { + "type": "string" + }, + "volumeMode": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "spec" + ], + "type": "object" + } + }, + "type": "object" + }, + "fc": { + "properties": { + "fsType": { + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "readOnly": { + "type": "boolean" + }, + "targetWWNs": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "wwids": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "flexVolume": { + "properties": { + "driver": { + "type": "string" + }, + "fsType": { + "type": "string" + }, + "options": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "driver" + ], + "type": "object" + }, + "flocker": { + "properties": { + "datasetName": { + "type": "string" + }, + "datasetUUID": { + "type": "string" + } + }, + "type": "object" + }, + "gcePersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "partition": { + "format": "int32", + "type": "integer" + }, + "pdName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "pdName" + ], + "type": "object" + }, + "gitRepo": { + "properties": { + "directory": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "revision": { + "type": "string" + } + }, + "required": [ + "repository" + ], + "type": "object" + }, + "glusterfs": { + "properties": { + "endpoints": { + "type": "string" + }, + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "endpoints", + "path" + ], + "type": "object" + }, + "hostPath": { + "properties": { + "path": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "image": { + "properties": { + "pullPolicy": { + "type": "string" + }, + "reference": { + "type": "string" + } + }, + "type": "object" + }, + "iscsi": { + "properties": { + "chapAuthDiscovery": { + "type": "boolean" + }, + "chapAuthSession": { + "type": "boolean" + }, + "fsType": { + "type": "string" + }, + "initiatorName": { + "type": "string" + }, + "iqn": { + "type": "string" + }, + "iscsiInterface": { + "default": "default", + "type": "string" + }, + "lun": { + "format": "int32", + "type": "integer" + }, + "portals": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "targetPortal": { + "type": "string" + } + }, + "required": [ + "iqn", + "lun", + "targetPortal" + ], + "type": "object" + }, + "name": { + "type": "string" + }, + "nfs": { + "properties": { + "path": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "server": { + "type": "string" + } + }, + "required": [ + "path", + "server" + ], + "type": "object" + }, + "persistentVolumeClaim": { + "properties": { + "claimName": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + } + }, + "required": [ + "claimName" + ], + "type": "object" + }, + "photonPersistentDisk": { + "properties": { + "fsType": { + "type": "string" + }, + "pdID": { + "type": "string" + } + }, + "required": [ + "pdID" + ], + "type": "object" + }, + "portworxVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "volumeID": { + "type": "string" + } + }, + "required": [ + "volumeID" + ], + "type": "object" + }, + "projected": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "sources": { + "items": { + "properties": { + "clusterTrustBundle": { + "properties": { + "labelSelector": { + "properties": { + "matchExpressions": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "required": [ + "key", + "operator" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "name": { + "type": "string" + }, + "optional": { + "type": "boolean" + }, + "path": { + "type": "string" + }, + "signerName": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "configMap": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "downwardAPI": { + "properties": { + "items": { + "items": { + "properties": { + "fieldRef": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + } + }, + "required": [ + "fieldPath" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + }, + "resourceFieldRef": { + "properties": { + "containerName": { + "type": "string" + }, + "divisor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, + "resource": { + "type": "string" + } + }, + "required": [ + "resource" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "required": [ + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "secret": { + "properties": { + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "name": { + "default": "", + "type": "string" + }, + "optional": { + "type": "boolean" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "serviceAccountToken": { + "properties": { + "audience": { + "type": "string" + }, + "expirationSeconds": { + "format": "int64", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "path" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + } + }, + "type": "object" + }, + "quobyte": { + "properties": { + "group": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "registry": { + "type": "string" + }, + "tenant": { + "type": "string" + }, + "user": { + "type": "string" + }, + "volume": { + "type": "string" + } + }, + "required": [ + "registry", + "volume" + ], + "type": "object" + }, + "rbd": { + "properties": { + "fsType": { + "type": "string" + }, + "image": { + "type": "string" + }, + "keyring": { + "default": "/etc/ceph/keyring", + "type": "string" + }, + "monitors": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "pool": { + "default": "rbd", + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "user": { + "default": "admin", + "type": "string" + } + }, + "required": [ + "image", + "monitors" + ], + "type": "object" + }, + "scaleIO": { + "properties": { + "fsType": { + "default": "xfs", + "type": "string" + }, + "gateway": { + "type": "string" + }, + "protectionDomain": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "sslEnabled": { + "type": "boolean" + }, + "storageMode": { + "default": "ThinProvisioned", + "type": "string" + }, + "storagePool": { + "type": "string" + }, + "system": { + "type": "string" + }, + "volumeName": { + "type": "string" + } + }, + "required": [ + "gateway", + "secretRef", + "system" + ], + "type": "object" + }, + "secret": { + "properties": { + "defaultMode": { + "format": "int32", + "type": "integer" + }, + "items": { + "items": { + "properties": { + "key": { + "type": "string" + }, + "mode": { + "format": "int32", + "type": "integer" + }, + "path": { + "type": "string" + } + }, + "required": [ + "key", + "path" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "type": "boolean" + }, + "secretName": { + "type": "string" + } + }, + "type": "object" + }, + "storageos": { + "properties": { + "fsType": { + "type": "string" + }, + "readOnly": { + "type": "boolean" + }, + "secretRef": { + "properties": { + "name": { + "default": "", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "volumeName": { + "type": "string" + }, + "volumeNamespace": { + "type": "string" + } + }, + "type": "object" + }, + "vsphereVolume": { + "properties": { + "fsType": { + "type": "string" + }, + "storagePolicyID": { + "type": "string" + }, + "storagePolicyName": { + "type": "string" + }, + "volumePath": { + "type": "string" + } + }, + "required": [ + "volumePath" + ], + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "workflowMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labelsFrom": { + "additionalProperties": { + "properties": { + "expression": { + "type": "string" + } + }, + "required": [ + "expression" + ], + "type": "object" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "workflowTemplateRef": { + "properties": { + "clusterScope": { + "type": "boolean" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "workflowSpec" + ], "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "additionalProperties": false }, "status": { - "type": "object", - "x-kubernetes-preserve-unknown-fields": true + "properties": { + "active": { + "items": { + "properties": { + "apiVersion": { + "type": "string" + }, + "fieldPath": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "resourceVersion": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "conditions": { + "items": { + "properties": { + "message": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "failed": { + "format": "int64", + "type": "integer" + }, + "lastScheduledTime": { + "format": "date-time", + "type": "string" + }, + "phase": { + "type": "string" + }, + "succeeded": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" } }, "required": [ diff --git a/master-standalone-strict/dbinstance-rds-v1alpha1.json b/master-standalone-strict/dbinstance-rds-v1alpha1.json index 9602c8b..9331e5e 100644 --- a/master-standalone-strict/dbinstance-rds-v1alpha1.json +++ b/master-standalone-strict/dbinstance-rds-v1alpha1.json @@ -2,141 +2,224 @@ "description": "DBInstance is the Schema for the DBInstances API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "DBInstanceSpec defines the desired state of DBInstance. \n Contains the details of an Amazon RDS DB instance. \n This data type is used as a response element in the DescribeDBInstances action.", + "description": "DBInstanceSpec defines the desired state of DBInstance.\n\nContains the details of an Amazon RDS DB instance.\n\nThis data type is used as a response element in the operations CreateDBInstance,\nCreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance,\nPromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3,\nRestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance.", "properties": { "allocatedStorage": { - "description": "The amount of storage (in gibibytes) to allocate for the DB instance. \n Type: Integer \n Amazon Aurora \n Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. \n MySQL \n Constraints to the amount of storage for each storage type are the following: \n * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. \n * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. \n * Magnetic storage (standard): Must be an integer from 5 to 3072. \n MariaDB \n Constraints to the amount of storage for each storage type are the following: \n * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. \n * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. \n * Magnetic storage (standard): Must be an integer from 5 to 3072. \n PostgreSQL \n Constraints to the amount of storage for each storage type are the following: \n * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. \n * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. \n * Magnetic storage (standard): Must be an integer from 5 to 3072. \n Oracle \n Constraints to the amount of storage for each storage type are the following: \n * General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. \n * Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. \n * Magnetic storage (standard): Must be an integer from 10 to 3072. \n SQL Server \n Constraints to the amount of storage for each storage type are the following: \n * General Purpose (SSD) storage (gp2): Enterprise and Standard editions: Must be an integer from 200 to 16384. Web and Express editions: Must be an integer from 20 to 16384. \n * Provisioned IOPS storage (io1): Enterprise and Standard editions: Must be an integer from 200 to 16384. Web and Express editions: Must be an integer from 100 to 16384. \n * Magnetic storage (standard): Enterprise and Standard editions: Must be an integer from 200 to 1024. Web and Express editions: Must be an integer from 20 to 1024.", + "description": "The amount of storage in gibibytes (GiB) to allocate for the DB instance.\n\nThis setting doesn't apply to Amazon Aurora DB instances. Aurora cluster\nvolumes automatically grow as the amount of data in your database increases,\nthough you are only charged for the space that you use in an Aurora cluster\nvolume.\n\n# Amazon RDS Custom\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 40\n to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server.\n\n - Provisioned IOPS storage (io1, io2): Must be an integer from 40 to 65536\n for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server.\n\n# RDS for Db2\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp3): Must be an integer from 20 to 65536.\n\n - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to\n 65536.\n\n# RDS for MariaDB\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20\n to 65536.\n\n - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to\n 65536.\n\n - Magnetic storage (standard): Must be an integer from 5 to 3072.\n\n# RDS for MySQL\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20\n to 65536.\n\n - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to\n 65536.\n\n - Magnetic storage (standard): Must be an integer from 5 to 3072.\n\n# RDS for Oracle\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20\n to 65536.\n\n - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to\n 65536.\n\n - Magnetic storage (standard): Must be an integer from 10 to 3072.\n\n# RDS for PostgreSQL\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20\n to 65536.\n\n - Provisioned IOPS storage (io1, io2): Must be an integer from 100 to\n 65536.\n\n - Magnetic storage (standard): Must be an integer from 5 to 3072.\n\n# RDS for SQL Server\n\nConstraints to the amount of storage for each storage type are the following:\n\n - General Purpose (SSD) storage (gp2, gp3): Enterprise and Standard editions:\n Must be an integer from 20 to 16384. Web and Express editions: Must be\n an integer from 20 to 16384.\n\n - Provisioned IOPS storage (io1, io2): Enterprise and Standard editions:\n Must be an integer from 100 to 16384. Web and Express editions: Must be\n an integer from 100 to 16384.\n\n - Magnetic storage (standard): Enterprise and Standard editions: Must\n be an integer from 20 to 1024. Web and Express editions: Must be an integer\n from 20 to 1024.", "format": "int64", "type": "integer" }, "autoMinorVersionUpgrade": { - "description": "A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.", + "description": "Specifies whether minor engine upgrades are applied automatically to the\nDB instance during the maintenance window. By default, minor engine upgrades\nare applied automatically.\n\nIf you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade\nto false.", "type": "boolean" }, "availabilityZone": { - "description": "The Availability Zone (AZ) where the database will be created. For information on AWS Regions and Availability Zones, see Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). \n Default: A random, system-chosen Availability Zone in the endpoint's AWS Region. \n Example: us-east-1d \n Constraint: The AvailabilityZone parameter can't be specified if the DB instance is a Multi-AZ deployment. The specified Availability Zone must be in the same AWS Region as the current endpoint. \n If you're creating a DB instance in an RDS on VMware environment, specify the identifier of the custom Availability Zone to create the DB instance in. \n For more information about RDS on VMware, see the RDS on VMware User Guide. (https://docs.aws.amazon.com/AmazonRDS/latest/RDSonVMwareUserGuide/rds-on-vmware.html)", - "type": "string" + "description": "The Availability Zone (AZ) where the database will be created. For information\non Amazon Web Services Regions and Availability Zones, see Regions and Availability\nZones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html).\n\nFor Amazon Aurora, each Aurora DB cluster hosts copies of its storage in\nthree separate Availability Zones. Specify one of these Availability Zones.\nAurora automatically chooses an appropriate Availability Zone if you don't\nspecify one.\n\nDefault: A random, system-chosen Availability Zone in the endpoint's Amazon\nWeb Services Region.\n\nConstraints:\n\n - The AvailabilityZone parameter can't be specified if the DB instance\n is a Multi-AZ deployment.\n\n - The specified Availability Zone must be in the same Amazon Web Services\n Region as the current endpoint.\n\nExample: us-east-1d", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "Value is immutable once set", + "rule": "self == oldSelf" + } + ] }, "backupRetentionPeriod": { - "description": "The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups. \n Amazon Aurora \n Not applicable. The retention period for automated backups is managed by the DB cluster. \n Default: 1 \n Constraints: \n * Must be a value from 0 to 35 \n * Can't be set to 0 if the DB instance is a source to read replicas", + "description": "The number of days for which automated backups are retained. Setting this\nparameter to a positive number enables backups. Setting this parameter to\n0 disables automated backups.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The retention period\nfor automated backups is managed by the DB cluster.\n\nDefault: 1\n\nConstraints:\n\n - Must be a value from 0 to 35.\n\n - Can't be set to 0 if the DB instance is a source to read replicas.\n\n - Can't be set to 0 for an RDS Custom for Oracle DB instance.", "format": "int64", "type": "integer" }, + "backupTarget": { + "description": "The location for storing automated backups and manual snapshots.\n\nValid Values:\n\n - outposts (Amazon Web Services Outposts)\n\n - region (Amazon Web Services Region)\n\nDefault: region\n\nFor more information, see Working with Amazon RDS on Amazon Web Services\nOutposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html)\nin the Amazon RDS User Guide.", + "type": "string" + }, + "caCertificateIdentifier": { + "description": "The CA certificate identifier to use for the DB instance's server certificate.\n\nThis setting doesn't apply to RDS Custom DB instances.\n\nFor more information, see Using SSL/TLS to encrypt a connection to a DB instance\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html)\nin the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to\na DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html)\nin the Amazon Aurora User Guide.", + "type": "string" + }, "characterSetName": { - "description": "For supported engines, indicates that the DB instance should be associated with the specified CharacterSet. \n Amazon Aurora \n Not applicable. The character set is managed by the DB cluster. For more information, see CreateDBCluster.", + "description": "For supported engines, the character set (CharacterSet) to associate the\nDB instance with.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora - The character set is managed by the DB cluster. For\n more information, see CreateDBCluster.\n\n - RDS Custom - However, if you need to change the character set, you can\n change it on the database itself.", "type": "string" }, "copyTagsToSnapshot": { - "description": "A value that indicates whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied. \n Amazon Aurora \n Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.", + "description": "Specifies whether to copy tags from the DB instance to snapshots of the DB\ninstance. By default, tags are not copied.\n\nThis setting doesn't apply to Amazon Aurora DB instances. Copying tags to\nsnapshots is managed by the DB cluster. Setting this value for an Aurora\nDB instance has no effect on the DB cluster setting.", "type": "boolean" }, + "customIAMInstanceProfile": { + "description": "The instance profile associated with the underlying Amazon EC2 instance of\nan RDS Custom DB instance.\n\nThis setting is required for RDS Custom.\n\nConstraints:\n\n - The profile must exist in your account.\n\n - The profile must have an IAM role that Amazon EC2 has permissions to\n assume.\n\n - The instance profile name and the associated IAM role name must start\n with the prefix AWSRDSCustom.\n\nFor the list of permissions required for the IAM role, see Configure IAM\nand your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc)\nin the Amazon RDS User Guide.", + "type": "string" + }, "dbClusterIdentifier": { - "description": "The identifier of the DB cluster that the instance will belong to.", + "description": "The identifier of the DB cluster that this DB instance will belong to.\n\nThis setting doesn't apply to RDS Custom DB instances.", + "type": "string" + }, + "dbClusterSnapshotIdentifier": { + "description": "The identifier for the Multi-AZ DB cluster snapshot to restore from.\n\nFor more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html)\nin the Amazon RDS User Guide.\n\nConstraints:\n\n - Must match the identifier of an existing Multi-AZ DB cluster snapshot.\n\n - Can't be specified when DBSnapshotIdentifier is specified.\n\n - Must be specified when DBSnapshotIdentifier isn't specified.\n\n - If you are restoring from a shared manual Multi-AZ DB cluster snapshot,\n the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot.\n\n - Can't be the identifier of an Aurora DB cluster snapshot.", "type": "string" }, "dbInstanceClass": { - "description": "The compute and memory capacity of the DB instance, for example, db.m4.large. Not all DB instance classes are available in all AWS Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) in the Amazon RDS User Guide.", + "description": "The compute and memory capacity of the DB instance, for example db.m5.large.\nNot all DB instance classes are available in all Amazon Web Services Regions,\nor for all database engines. For the full list of DB instance classes, and\navailability for your engine, see DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\nin the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html)\nin the Amazon Aurora User Guide.", "type": "string" }, "dbInstanceIdentifier": { - "description": "The DB instance identifier. This parameter is stored as a lowercase string. \n Constraints: \n * Must contain from 1 to 63 letters, numbers, or hyphens. \n * First character must be a letter. \n * Can't end with a hyphen or contain two consecutive hyphens. \n Example: mydbinstance", + "description": "The identifier for this DB instance. This parameter is stored as a lowercase\nstring.\n\nConstraints:\n\n - Must contain from 1 to 63 letters, numbers, or hyphens.\n\n - First character must be a letter.\n\n - Can't end with a hyphen or contain two consecutive hyphens.\n\nExample: mydbinstance", "type": "string" }, "dbName": { - "description": "The meaning of this parameter differs according to the database engine you use. \n MySQL \n The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. \n Constraints: \n * Must contain 1 to 64 letters or numbers. \n * Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). \n * Can't be a word reserved by the specified database engine \n MariaDB \n The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance. \n Constraints: \n * Must contain 1 to 64 letters or numbers. \n * Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). \n * Can't be a word reserved by the specified database engine \n PostgreSQL \n The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named postgres is created in the DB instance. \n Constraints: \n * Must contain 1 to 63 letters, numbers, or underscores. \n * Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9). \n * Can't be a word reserved by the specified database engine \n Oracle \n The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName. \n Default: ORCL \n Constraints: \n * Can't be longer than 8 characters \n SQL Server \n Not applicable. Must be null. \n Amazon Aurora MySQL \n The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster. \n Constraints: \n * It must contain 1 to 64 alphanumeric characters. \n * It can't be a word reserved by the database engine. \n Amazon Aurora PostgreSQL \n The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named postgres is created in the DB cluster. \n Constraints: \n * It must contain 1 to 63 alphanumeric characters. \n * It must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0 to 9). \n * It can't be a word reserved by the database engine.", + "description": "The meaning of this parameter differs according to the database engine you\nuse.\n\n# Amazon Aurora MySQL\n\nThe name of the database to create when the primary DB instance of the Aurora\nMySQL DB cluster is created. If this parameter isn't specified for an Aurora\nMySQL DB cluster, no database is created in the DB cluster.\n\nConstraints:\n\n - Must contain 1 to 64 alphanumeric characters.\n\n - Must begin with a letter. Subsequent characters can be letters, underscores,\n or digits (0-9).\n\n - Can't be a word reserved by the database engine.\n\n# Amazon Aurora PostgreSQL\n\nThe name of the database to create when the primary DB instance of the Aurora\nPostgreSQL DB cluster is created. A database named postgres is always created.\nIf this parameter is specified, an additional database with this name is\ncreated.\n\nConstraints:\n\n - It must contain 1 to 63 alphanumeric characters.\n\n - Must begin with a letter. Subsequent characters can be letters, underscores,\n or digits (0 to 9).\n\n - Can't be a word reserved by the database engine.\n\n# Amazon RDS Custom for Oracle\n\nThe Oracle System ID (SID) of the created RDS Custom DB instance. If you\ndon't specify a value, the default value is ORCL for non-CDBs and RDSCDB\nfor CDBs.\n\nDefault: ORCL\n\nConstraints:\n\n - Must contain 1 to 8 alphanumeric characters.\n\n - Must contain a letter.\n\n - Can't be a word reserved by the database engine.\n\n# Amazon RDS Custom for SQL Server\n\nNot applicable. Must be null.\n\n# RDS for Db2\n\nThe name of the database to create when the DB instance is created. If this\nparameter isn't specified, no database is created in the DB instance. In\nsome cases, we recommend that you don't add a database name. For more information,\nsee Additional considerations (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-db-instance-prereqs.html#db2-prereqs-additional-considerations)\nin the Amazon RDS User Guide.\n\nConstraints:\n\n - Must contain 1 to 64 letters or numbers.\n\n - Must begin with a letter. Subsequent characters can be letters, underscores,\n or digits (0-9).\n\n - Can't be a word reserved by the specified database engine.\n\n# RDS for MariaDB\n\nThe name of the database to create when the DB instance is created. If this\nparameter isn't specified, no database is created in the DB instance.\n\nConstraints:\n\n - Must contain 1 to 64 letters or numbers.\n\n - Must begin with a letter. Subsequent characters can be letters, underscores,\n or digits (0-9).\n\n - Can't be a word reserved by the specified database engine.\n\n# RDS for MySQL\n\nThe name of the database to create when the DB instance is created. If this\nparameter isn't specified, no database is created in the DB instance.\n\nConstraints:\n\n - Must contain 1 to 64 letters or numbers.\n\n - Must begin with a letter. Subsequent characters can be letters, underscores,\n or digits (0-9).\n\n - Can't be a word reserved by the specified database engine.\n\n# RDS for Oracle\n\nThe Oracle System ID (SID) of the created DB instance. If you don't specify\na value, the default value is ORCL. You can't specify the string null, or\nany other reserved word, for DBName.\n\nDefault: ORCL\n\nConstraints:\n\n - Can't be longer than 8 characters.\n\n# RDS for PostgreSQL\n\nThe name of the database to create when the DB instance is created. A database\nnamed postgres is always created. If this parameter is specified, an additional\ndatabase with this name is created.\n\nConstraints:\n\n - Must contain 1 to 63 letters, numbers, or underscores.\n\n - Must begin with a letter. Subsequent characters can be letters, underscores,\n or digits (0-9).\n\n - Can't be a word reserved by the specified database engine.\n\n# RDS for SQL Server\n\nNot applicable. Must be null.", "type": "string" }, "dbParameterGroupName": { - "description": "The name of the DB parameter group to associate with this DB instance. If you do not specify a value, then the default DB parameter group for the specified DB engine and version is used. \n Constraints: \n * Must be 1 to 255 letters, numbers, or hyphens. \n * First character must be a letter \n * Can't end with a hyphen or contain two consecutive hyphens", + "description": "The name of the DB parameter group to associate with this DB instance. If\nyou don't specify a value, then Amazon RDS uses the default DB parameter\ngroup for the specified DB engine and version.\n\nThis setting doesn't apply to RDS Custom DB instances.\n\nConstraints:\n\n - Must be 1 to 255 letters, numbers, or hyphens.\n\n - The first character must be a letter.\n\n - Can't end with a hyphen or contain two consecutive hyphens.", "type": "string" }, - "dbSecurityGroups": { - "description": "A list of DB security groups to associate with this DB instance. \n Default: The default DB security group for the database engine.", - "items": { - "type": "string" + "dbParameterGroupRef": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } }, - "type": "array" + "type": "object", + "additionalProperties": false + }, + "dbSnapshotIdentifier": { + "description": "The identifier for the DB snapshot to restore from.\n\nConstraints:\n\n - Must match the identifier of an existing DB snapshot.\n\n - Can't be specified when DBClusterSnapshotIdentifier is specified.\n\n - Must be specified when DBClusterSnapshotIdentifier isn't specified.\n\n - If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier\n must be the ARN of the shared DB snapshot.", + "type": "string" }, "dbSubnetGroupName": { - "description": "A DB subnet group to associate with this DB instance. \n If there is no DB subnet group, then it is a non-VPC DB instance.", + "description": "A DB subnet group to associate with this DB instance.\n\nConstraints:\n\n - Must match the name of an existing DB subnet group.\n\nExample: mydbsubnetgroup", "type": "string" }, + "dbSubnetGroupRef": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, "deletionProtection": { - "description": "A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled. For more information, see Deleting a DB Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). \n Amazon Aurora \n Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see CreateDBCluster. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.", + "description": "Specifies whether the DB instance has deletion protection enabled. The database\ncan't be deleted when deletion protection is enabled. By default, deletion\nprotection isn't enabled. For more information, see Deleting a DB Instance\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html).\n\nThis setting doesn't apply to Amazon Aurora DB instances. You can enable\nor disable deletion protection for the DB cluster. For more information,\nsee CreateDBCluster. DB instances in a DB cluster can be deleted even when\ndeletion protection is enabled for the DB cluster.", "type": "boolean" }, + "destinationRegion": { + "description": "DestinationRegion is used for presigning the request to a given region.", + "type": "string" + }, "domain": { - "description": "The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain. \n For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) in the Amazon RDS User Guide.", + "description": "The Active Directory directory ID to create the DB instance in. Currently,\nyou can create only Db2, MySQL, Microsoft SQL Server, Oracle, and PostgreSQL\nDB instances in an Active Directory Domain.\n\nFor more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora (The domain is managed by the DB cluster.)\n\n - RDS Custom", "type": "string" }, "domainIAMRoleName": { - "description": "Specify the name of the IAM role to be used when making API calls to the Directory Service.", + "description": "The name of the IAM role to use when making API calls to the Directory Service.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora (The domain is managed by the DB cluster.)\n\n - RDS Custom", "type": "string" }, "enableCloudwatchLogsExports": { - "description": "The list of log types that need to be enabled for exporting to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) in the Amazon Relational Database Service User Guide. \n Amazon Aurora \n Not applicable. CloudWatch Logs exports are managed by the DB cluster. \n MariaDB \n Possible values are audit, error, general, and slowquery. \n Microsoft SQL Server \n Possible values are agent and error. \n MySQL \n Possible values are audit, error, general, and slowquery. \n Oracle \n Possible values are alert, audit, listener, trace, and oemagent. \n PostgreSQL \n Possible values are postgresql and upgrade.", + "description": "The list of log types to enable for exporting to CloudWatch Logs. For more\ninformation, see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora (CloudWatch Logs exports are managed by the DB cluster.)\n\n - RDS Custom\n\nThe following values are valid for each DB engine:\n\n - RDS for Db2 - diag.log | notify.log\n\n - RDS for MariaDB - audit | error | general | slowquery\n\n - RDS for Microsoft SQL Server - agent | error\n\n - RDS for MySQL - audit | error | general | slowquery\n\n - RDS for Oracle - alert | audit | listener | trace | oemagent\n\n - RDS for PostgreSQL - postgresql | upgrade", "items": { "type": "string" }, "type": "array" }, "enableCustomerOwnedIP": { - "description": "A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. \n A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network. \n For more information about RDS on Outposts, see Working with Amazon RDS on AWS Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) in the Amazon RDS User Guide. \n For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing) in the AWS Outposts User Guide.", + "description": "Specifies whether to enable a customer-owned IP address (CoIP) for an RDS\non Outposts DB instance.\n\nA CoIP provides local or external connectivity to resources in your Outpost\nsubnets through your on-premises network. For some use cases, a CoIP can\nprovide lower latency for connections to the DB instance from outside of\nits virtual private cloud (VPC) on your local network.\n\nFor more information about RDS on Outposts, see Working with Amazon RDS on\nAmazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html)\nin the Amazon RDS User Guide.\n\nFor more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing)\nin the Amazon Web Services Outposts User Guide.", "type": "boolean" }, "enableIAMDatabaseAuthentication": { - "description": "A value that indicates whether to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. By default, mapping is disabled. \n This setting doesn't apply to Amazon Aurora. Mapping AWS IAM accounts to database accounts is managed by the DB cluster. \n For more information, see IAM Database Authentication for MySQL and PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) in the Amazon RDS User Guide.", - "type": "boolean" - }, - "enablePerformanceInsights": { - "description": "A value that indicates whether to enable Performance Insights for the DB instance. \n For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) in the Amazon Relational Database Service User Guide.", + "description": "Specifies whether to enable mapping of Amazon Web Services Identity and Access\nManagement (IAM) accounts to database accounts. By default, mapping isn't\nenabled.\n\nFor more information, see IAM Database Authentication for MySQL and PostgreSQL\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora (Mapping Amazon Web Services IAM accounts to database\n accounts is managed by the DB cluster.)\n\n - RDS Custom", "type": "boolean" }, "engine": { - "description": "The name of the database engine to be used for this instance. \n Not every database engine is available for every AWS Region. \n Valid Values: \n * aurora (for MySQL 5.6-compatible Aurora) \n * aurora-mysql (for MySQL 5.7-compatible Aurora) \n * aurora-postgresql \n * mariadb \n * mysql \n * oracle-ee \n * oracle-se2 \n * oracle-se1 \n * oracle-se \n * postgres \n * sqlserver-ee \n * sqlserver-se \n * sqlserver-ex \n * sqlserver-web", + "description": "The database engine to use for this DB instance.\n\nNot every database engine is available in every Amazon Web Services Region.\n\nValid Values:\n\n - aurora-mysql (for Aurora MySQL DB instances)\n\n - aurora-postgresql (for Aurora PostgreSQL DB instances)\n\n - custom-oracle-ee (for RDS Custom for Oracle DB instances)\n\n - custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances)\n\n - custom-oracle-se2 (for RDS Custom for Oracle DB instances)\n\n - custom-oracle-se2-cdb (for RDS Custom for Oracle DB instances)\n\n - custom-sqlserver-ee (for RDS Custom for SQL Server DB instances)\n\n - custom-sqlserver-se (for RDS Custom for SQL Server DB instances)\n\n - custom-sqlserver-web (for RDS Custom for SQL Server DB instances)\n\n - custom-sqlserver-dev (for RDS Custom for SQL Server DB instances)\n\n - db2-ae\n\n - db2-se\n\n - mariadb\n\n - mysql\n\n - oracle-ee\n\n - oracle-ee-cdb\n\n - oracle-se2\n\n - oracle-se2-cdb\n\n - postgres\n\n - sqlserver-ee\n\n - sqlserver-se\n\n - sqlserver-ex\n\n - sqlserver-web", "type": "string" }, "engineVersion": { - "description": "The version number of the database engine to use. \n For a list of valid engine versions, use the DescribeDBEngineVersions action. \n The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every AWS Region. \n Amazon Aurora \n Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster. \n MariaDB \n See MariaDB on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) in the Amazon RDS User Guide. \n Microsoft SQL Server \n See Microsoft SQL Server Versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) in the Amazon RDS User Guide. \n MySQL \n See MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) in the Amazon RDS User Guide. \n Oracle \n See Oracle Database Engine Release Notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) in the Amazon RDS User Guide. \n PostgreSQL \n See Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) in the Amazon RDS User Guide.", + "description": "The version number of the database engine to use.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The version number\nof the database engine the DB instance uses is managed by the DB cluster.\n\nFor a list of valid engine versions, use the DescribeDBEngineVersions operation.\n\nThe following are the database engines and links to information about the\nmajor and minor versions that are available with Amazon RDS. Not every database\nengine is available for every Amazon Web Services Region.\n\n# Amazon RDS Custom for Oracle\n\nA custom engine version (CEV) that you have previously created. This setting\nis required for RDS Custom for Oracle. The CEV name has the following format:\n19.customized_string. A valid CEV name is 19.my_cev1. For more information,\nsee Creating an RDS Custom for Oracle DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create)\nin the Amazon RDS User Guide.\n\n# Amazon RDS Custom for SQL Server\n\nSee RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html)\nin the Amazon RDS User Guide.\n\n# RDS for Db2\n\nFor information, see Db2 on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Db2.html#Db2.Concepts.VersionMgmt)\nin the Amazon RDS User Guide.\n\n# RDS for MariaDB\n\nFor information, see MariaDB on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt)\nin the Amazon RDS User Guide.\n\n# RDS for Microsoft SQL Server\n\nFor information, see Microsoft SQL Server versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport)\nin the Amazon RDS User Guide.\n\n# RDS for MySQL\n\nFor information, see MySQL on Amazon RDS versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt)\nin the Amazon RDS User Guide.\n\n# RDS for Oracle\n\nFor information, see Oracle Database Engine release notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html)\nin the Amazon RDS User Guide.\n\n# RDS for PostgreSQL\n\nFor information, see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts)\nin the Amazon RDS User Guide.", "type": "string" }, "iops": { - "description": "The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance. For information about valid Iops values, see Amazon RDS Provisioned IOPS Storage to Improve Performance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) in the Amazon RDS User Guide. \n Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must be a multiple between .5 and 50 of the storage amount for the DB instance. For SQL Server DB instances, must be a multiple between 1 and 50 of the storage amount for the DB instance.", + "description": "The amount of Provisioned IOPS (input/output operations per second) to initially\nallocate for the DB instance. For information about valid IOPS values, see\nAmazon RDS DB instance storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to Amazon Aurora DB instances. Storage is managed\nby the DB cluster.\n\nConstraints:\n\n - For RDS for Db2, MariaDB, MySQL, Oracle, and PostgreSQL - Must be a\n multiple between .5 and 50 of the storage amount for the DB instance.\n\n - For RDS for SQL Server - Must be a multiple between 1 and 50 of the\n storage amount for the DB instance.", "format": "int64", "type": "integer" }, "kmsKeyID": { - "description": "The AWS KMS key identifier for an encrypted DB instance. \n The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the AWS KMS customer master key (CMK). To use a CMK in a different AWS account, specify the key ARN or alias ARN. \n Amazon Aurora \n Not applicable. The AWS KMS key identifier is managed by the DB cluster. For more information, see CreateDBCluster. \n If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS uses your default CMK. There is a default CMK for your AWS account. Your AWS account has a different default CMK for each AWS Region.", + "description": "The Amazon Web Services KMS key identifier for an encrypted DB instance.\n\nThe Amazon Web Services KMS key identifier is the key ARN, key ID, alias\nARN, or alias name for the KMS key. To use a KMS key in a different Amazon\nWeb Services account, specify the key ARN or alias ARN.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The Amazon Web\nServices KMS key identifier is managed by the DB cluster. For more information,\nsee CreateDBCluster.\n\nIf StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId\nparameter, then Amazon RDS uses your default KMS key. There is a default\nKMS key for your Amazon Web Services account. Your Amazon Web Services account\nhas a different default KMS key for each Amazon Web Services Region.\n\nFor Amazon RDS Custom, a KMS key is required for DB instances. For most RDS\nengines, if you leave this parameter empty while enabling StorageEncrypted,\nthe engine uses the default KMS key. However, RDS Custom doesn't use the\ndefault key when this parameter is empty. You must explicitly specify a key.", "type": "string" }, + "kmsKeyRef": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, "licenseModel": { - "description": "License model information for this DB instance. \n Valid values: license-included | bring-your-own-license | general-public-license", + "description": "The license model information for this DB instance.\n\nLicense models for RDS for Db2 require additional configuration. The Bring\nYour Own License (BYOL) model requires a custom parameter group and an Amazon\nWeb Services License Manager self-managed license. The Db2 license through\nAmazon Web Services Marketplace model requires an Amazon Web Services Marketplace\nsubscription. For more information, see Amazon RDS for Db2 licensing options\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html)\nin the Amazon RDS User Guide.\n\nThe default for RDS for Db2 is bring-your-own-license.\n\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.\n\nValid Values:\n\n - RDS for Db2 - bring-your-own-license | marketplace-license\n\n - RDS for MariaDB - general-public-license\n\n - RDS for Microsoft SQL Server - license-included\n\n - RDS for MySQL - general-public-license\n\n - RDS for Oracle - bring-your-own-license | license-included\n\n - RDS for PostgreSQL - postgresql-license", "type": "string" }, + "manageMasterUserPassword": { + "description": "Specifies whether to manage the master user password with Amazon Web Services\nSecrets Manager.\n\nFor more information, see Password management with Amazon Web Services Secrets\nManager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html)\nin the Amazon RDS User Guide.\n\nConstraints:\n\n - Can't manage the master user password with Amazon Web Services Secrets\n Manager if MasterUserPassword is specified.", + "type": "boolean" + }, "masterUserPassword": { - "description": "The password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\". \n Amazon Aurora \n Not applicable. The password for the master user is managed by the DB cluster. \n MariaDB \n Constraints: Must contain from 8 to 41 characters. \n Microsoft SQL Server \n Constraints: Must contain from 8 to 128 characters. \n MySQL \n Constraints: Must contain from 8 to 41 characters. \n Oracle \n Constraints: Must contain from 8 to 30 characters. \n PostgreSQL \n Constraints: Must contain from 8 to 128 characters.", + "description": "The password for the master user.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The password for\nthe master user is managed by the DB cluster.\n\nConstraints:\n\n - Can't be specified if ManageMasterUserPassword is turned on.\n\n - Can include any printable ASCII character except \"/\", \"\"\", or \"@\". For\n RDS for Oracle, can't include the \"&\" (ampersand) or the \"'\" (single quotes)\n character.\n\nLength Constraints:\n\n - RDS for Db2 - Must contain from 8 to 255 characters.\n\n - RDS for MariaDB - Must contain from 8 to 41 characters.\n\n - RDS for Microsoft SQL Server - Must contain from 8 to 128 characters.\n\n - RDS for MySQL - Must contain from 8 to 41 characters.\n\n - RDS for Oracle - Must contain from 8 to 30 characters.\n\n - RDS for PostgreSQL - Must contain from 8 to 128 characters.", "properties": { "key": { "description": "Key is the key within the secret", "type": "string" }, "name": { - "description": "Name is unique within a namespace to reference a secret resource.", + "description": "name is unique within a namespace to reference a secret resource.", "type": "string" }, "namespace": { - "description": "Namespace defines the space within which the secret name must be unique.", + "description": "namespace defines the space within which the secret name must be unique.", "type": "string" } }, @@ -144,64 +227,101 @@ "key" ], "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "masterUserSecretKMSKeyID": { + "description": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically\ngenerated and managed in Amazon Web Services Secrets Manager.\n\nThis setting is valid only if the master user password is managed by RDS\nin Amazon Web Services Secrets Manager for the DB instance.\n\nThe Amazon Web Services KMS key identifier is the key ARN, key ID, alias\nARN, or alias name for the KMS key. To use a KMS key in a different Amazon\nWeb Services account, specify the key ARN or alias ARN.\n\nIf you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager\nKMS key is used to encrypt the secret. If the secret is in a different Amazon\nWeb Services account, then you can't use the aws/secretsmanager KMS key to\nencrypt the secret, and you must use a customer managed KMS key.\n\nThere is a default KMS key for your Amazon Web Services account. Your Amazon\nWeb Services account has a different default KMS key for each Amazon Web\nServices Region.", + "type": "string" + }, + "masterUserSecretKMSKeyRef": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", "additionalProperties": false }, "masterUsername": { - "description": "The name for the master user. \n Amazon Aurora \n Not applicable. The name for the master user is managed by the DB cluster. \n MariaDB \n Constraints: \n * Required for MariaDB. \n * Must be 1 to 16 letters or numbers. \n * Can't be a reserved word for the chosen database engine. \n Microsoft SQL Server \n Constraints: \n * Required for SQL Server. \n * Must be 1 to 128 letters or numbers. \n * The first character must be a letter. \n * Can't be a reserved word for the chosen database engine. \n MySQL \n Constraints: \n * Required for MySQL. \n * Must be 1 to 16 letters or numbers. \n * First character must be a letter. \n * Can't be a reserved word for the chosen database engine. \n Oracle \n Constraints: \n * Required for Oracle. \n * Must be 1 to 30 letters or numbers. \n * First character must be a letter. \n * Can't be a reserved word for the chosen database engine. \n PostgreSQL \n Constraints: \n * Required for PostgreSQL. \n * Must be 1 to 63 letters or numbers. \n * First character must be a letter. \n * Can't be a reserved word for the chosen database engine.", + "description": "The name for the master user.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The name for the\nmaster user is managed by the DB cluster.\n\nThis setting is required for RDS DB instances.\n\nConstraints:\n\n - Must be 1 to 16 letters, numbers, or underscores.\n\n - First character must be a letter.\n\n - Can't be a reserved word for the chosen database engine.", "type": "string" }, "maxAllocatedStorage": { - "description": "The upper limit to which Amazon RDS can automatically scale the storage of the DB instance. \n For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) in the Amazon RDS User Guide.", + "description": "The upper limit in gibibytes (GiB) to which Amazon RDS can automatically\nscale the storage of the DB instance.\n\nFor more information about this setting, including limitations that apply\nto it, see Managing capacity automatically with Amazon RDS storage autoscaling\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora (Storage is managed by the DB cluster.)\n\n - RDS Custom", "format": "int64", "type": "integer" }, "monitoringInterval": { - "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. \n If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0. \n Valid Values: 0, 1, 5, 10, 15, 30, 60", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics\nare collected for the DB instance. To disable collection of Enhanced Monitoring\nmetrics, specify 0.\n\nIf MonitoringRoleArn is specified, then you must set MonitoringInterval to\na value other than 0.\n\nThis setting doesn't apply to RDS Custom DB instances.\n\nValid Values: 0 | 1 | 5 | 10 | 15 | 30 | 60\n\nDefault: 0", "format": "int64", "type": "integer" }, "monitoringRoleARN": { - "description": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to Setting Up and Enabling Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) in the Amazon RDS User Guide. \n If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.", + "description": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics\nto Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess.\nFor information on creating a monitoring role, see Setting Up and Enabling\nEnhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling)\nin the Amazon RDS User Guide.\n\nIf MonitoringInterval is set to a value other than 0, then you must supply\na MonitoringRoleArn value.\n\nThis setting doesn't apply to RDS Custom DB instances.", "type": "string" }, "multiAZ": { - "description": "A value that indicates whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.", + "description": "Specifies whether the DB instance is a Multi-AZ deployment. You can't set\nthe AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.\n\nThis setting doesn't apply to the following DB instances:\n\n - Amazon Aurora (DB instance Availability Zones (AZs) are managed by the\n DB cluster.)\n\n - RDS Custom", "type": "boolean" }, "ncharCharacterSetName": { - "description": "The name of the NCHAR character set for the Oracle DB instance.", + "description": "The name of the NCHAR character set for the Oracle DB instance.\n\nThis setting doesn't apply to RDS Custom DB instances.", + "type": "string" + }, + "networkType": { + "description": "The network type of the DB instance.\n\nThe network type is determined by the DBSubnetGroup specified for the DB\ninstance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4\nand the IPv6 protocols (DUAL).\n\nFor more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html)\nin the Amazon RDS User Guide.\n\nValid Values: IPV4 | DUAL", "type": "string" }, "optionGroupName": { - "description": "A value that indicates that the DB instance should be associated with the specified option group. \n Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance once it is associated with a DB instance", + "description": "The option group to associate the DB instance with.\n\nPermanent options, such as the TDE option for Oracle Advanced Security TDE,\ncan't be removed from an option group. Also, that option group can't be removed\nfrom a DB instance after it is associated with a DB instance.\n\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.", "type": "string" }, + "performanceInsightsEnabled": { + "description": "Specifies whether to enable Performance Insights for the DB instance. For\nmore information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to RDS Custom DB instances.", + "type": "boolean" + }, "performanceInsightsKMSKeyID": { - "description": "The AWS KMS key identifier for encryption of Performance Insights data. \n The AWS KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the AWS KMS customer master key (CMK). \n If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default CMK. There is a default CMK for your AWS account. Your AWS account has a different default CMK for each AWS Region.", + "description": "The Amazon Web Services KMS key identifier for encryption of Performance\nInsights data.\n\nThe Amazon Web Services KMS key identifier is the key ARN, key ID, alias\nARN, or alias name for the KMS key.\n\nIf you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon\nRDS uses your default KMS key. There is a default KMS key for your Amazon\nWeb Services account. Your Amazon Web Services account has a different default\nKMS key for each Amazon Web Services Region.\n\nThis setting doesn't apply to RDS Custom DB instances.", "type": "string" }, "performanceInsightsRetentionPeriod": { - "description": "The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).", + "description": "The number of days to retain Performance Insights data.\n\nThis setting doesn't apply to RDS Custom DB instances.\n\nValid Values:\n\n - 7\n\n - month * 31, where month is a number of months from 1-23. Examples: 93\n (3 months * 31), 341 (11 months * 31), 589 (19 months * 31)\n\n - 731\n\nDefault: 7 days\n\nIf you specify a retention period that isn't valid, such as 94, Amazon RDS\nreturns an error.", "format": "int64", "type": "integer" }, "port": { - "description": "The port number on which the database accepts connections. \n MySQL \n Default: 3306 \n Valid values: 1150-65535 \n Type: Integer \n MariaDB \n Default: 3306 \n Valid values: 1150-65535 \n Type: Integer \n PostgreSQL \n Default: 5432 \n Valid values: 1150-65535 \n Type: Integer \n Oracle \n Default: 1521 \n Valid values: 1150-65535 \n SQL Server \n Default: 1433 \n Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156. \n Amazon Aurora \n Default: 3306 \n Valid values: 1150-65535 \n Type: Integer", + "description": "The port number on which the database accepts connections.\n\nThis setting doesn't apply to Aurora DB instances. The port number is managed\nby the cluster.\n\nValid Values: 1150-65535\n\nDefault:\n\n - RDS for Db2 - 50000\n\n - RDS for MariaDB - 3306\n\n - RDS for Microsoft SQL Server - 1433\n\n - RDS for MySQL - 3306\n\n - RDS for Oracle - 1521\n\n - RDS for PostgreSQL - 5432\n\nConstraints:\n\n - For RDS for Microsoft SQL Server, the value can't be 1234, 1434, 3260,\n 3343, 3389, 47001, or 49152-49156.", "format": "int64", "type": "integer" }, + "preSignedURL": { + "description": "When you are creating a read replica from one Amazon Web Services GovCloud\n(US) Region to another or from one China Amazon Web Services Region to another,\nthe URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica\nAPI operation in the source Amazon Web Services Region that contains the\nsource DB instance.\n\nThis setting applies only to Amazon Web Services GovCloud (US) Regions and\nChina Amazon Web Services Regions. It's ignored in other Amazon Web Services\nRegions.\n\nThis setting applies only when replicating from a source DB instance. Source\nDB clusters aren't supported in Amazon Web Services GovCloud (US) Regions\nand China Amazon Web Services Regions.\n\nYou must specify this parameter when you create an encrypted read replica\nfrom another Amazon Web Services Region by using the Amazon RDS API. Don't\nspecify PreSignedUrl when you are creating an encrypted read replica in the\nsame Amazon Web Services Region.\n\nThe presigned URL must be a valid request for the CreateDBInstanceReadReplica\nAPI operation that can run in the source Amazon Web Services Region that\ncontains the encrypted source DB instance. The presigned URL request must\ncontain the following parameter values:\n\n - DestinationRegion - The Amazon Web Services Region that the encrypted\n read replica is created in. This Amazon Web Services Region is the same\n one where the CreateDBInstanceReadReplica operation is called that contains\n this presigned URL. For example, if you create an encrypted DB instance\n in the us-west-1 Amazon Web Services Region, from a source DB instance\n in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica\n operation in the us-east-1 Amazon Web Services Region and provide a presigned\n URL that contains a call to the CreateDBInstanceReadReplica operation\n in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion\n in the presigned URL must be set to the us-east-1 Amazon Web Services\n Region.\n\n - KmsKeyId - The KMS key identifier for the key to use to encrypt the\n read replica in the destination Amazon Web Services Region. This is the\n same identifier for both the CreateDBInstanceReadReplica operation that\n is called in the destination Amazon Web Services Region, and the operation\n contained in the presigned URL.\n\n - SourceDBInstanceIdentifier - The DB instance identifier for the encrypted\n DB instance to be replicated. This identifier must be in the Amazon Resource\n Name (ARN) format for the source Amazon Web Services Region. For example,\n if you are creating an encrypted read replica from a DB instance in the\n us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier\n looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115.\n\nTo learn how to generate a Signature Version 4 signed request, see Authenticating\nRequests: Using Query Parameters (Amazon Web Services Signature Version 4)\n(https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html)\nand Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).\n\nIf you are using an Amazon Web Services SDK tool or the CLI, you can specify\nSourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl\nmanually. Specifying SourceRegion autogenerates a presigned URL that is a\nvalid request for the operation that can run in the source Amazon Web Services\nRegion.\n\nThis setting doesn't apply to RDS Custom DB instances.", + "type": "string" + }, "preferredBackupWindow": { - "description": "The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. For more information, see The Backup Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) in the Amazon RDS User Guide. \n Amazon Aurora \n Not applicable. The daily time range for creating automated backups is managed by the DB cluster. \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region. To see the time blocks available, see Adjusting the Preferred DB Instance Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) in the Amazon RDS User Guide. \n Constraints: \n * Must be in the format hh24:mi-hh24:mi. \n * Must be in Universal Coordinated Time (UTC). \n * Must not conflict with the preferred maintenance window. \n * Must be at least 30 minutes.", + "description": "The daily time range during which automated backups are created if automated\nbackups are enabled, using the BackupRetentionPeriod parameter. The default\nis a 30-minute window selected at random from an 8-hour block of time for\neach Amazon Web Services Region. For more information, see Backup window\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow)\nin the Amazon RDS User Guide.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The daily time\nrange for creating automated backups is managed by the DB cluster.\n\nConstraints:\n\n - Must be in the format hh24:mi-hh24:mi.\n\n - Must be in Universal Coordinated Time (UTC).\n\n - Must not conflict with the preferred maintenance window.\n\n - Must be at least 30 minutes.", "type": "string" }, "preferredMaintenanceWindow": { - "description": "The time range each week during which system maintenance can occur, in Universal Coordinated Time (UTC). For more information, see Amazon RDS Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance). \n Format: ddd:hh24:mi-ddd:hh24:mi \n The default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. \n Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. \n Constraints: Minimum 30-minute window.", + "description": "The time range each week during which system maintenance can occur. For more\ninformation, see Amazon RDS Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance)\nin the Amazon RDS User Guide.\n\nThe default is a 30-minute window selected at random from an 8-hour block\nof time for each Amazon Web Services Region, occurring on a random day of\nthe week.\n\nConstraints:\n\n - Must be in the format ddd:hh24:mi-ddd:hh24:mi.\n\n - The day values must be mon | tue | wed | thu | fri | sat | sun.\n\n - Must be in Universal Coordinated Time (UTC).\n\n - Must not conflict with the preferred backup window.\n\n - Must be at least 30 minutes.", "type": "string" }, "processorFeatures": { - "description": "The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.", + "description": "The number of CPU cores and the number of threads per core for the DB instance\nclass of the DB instance.\n\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.", "items": { - "description": "Contains the processor features of a DB instance class. \n To specify the number of CPU cores, use the coreCount feature name for the Name parameter. To specify the number of threads per core, use the threadsPerCore feature name for the Name parameter. \n You can set the processor features of the DB instance class for a DB instance when you call one of the following actions: \n * CreateDBInstance \n * ModifyDBInstance \n * RestoreDBInstanceFromDBSnapshot \n * RestoreDBInstanceFromS3 \n * RestoreDBInstanceToPointInTime \n You can view the valid processor values for a particular instance class by calling the DescribeOrderableDBInstanceOptions action and specifying the instance class for the DBInstanceClass parameter. \n In addition, you can use the following actions for DB instance class processor information: \n * DescribeDBInstances \n * DescribeDBSnapshots \n * DescribeValidDBInstanceModifications \n If you call DescribeDBInstances, ProcessorFeature returns non-null values only if the following conditions are met: \n * You are accessing an Oracle DB instance. \n * Your Oracle DB instance class supports configuring the number of CPU cores and threads per core. \n * The current number CPU cores and threads is set to a non-default value. \n For more information, see Configuring the Processor of the DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor) in the Amazon RDS User Guide.", + "description": "Contains the processor features of a DB instance class.\n\nTo specify the number of CPU cores, use the coreCount feature name for the\nName parameter. To specify the number of threads per core, use the threadsPerCore\nfeature name for the Name parameter.\n\nYou can set the processor features of the DB instance class for a DB instance\nwhen you call one of the following actions:\n\n - CreateDBInstance\n\n - ModifyDBInstance\n\n - RestoreDBInstanceFromDBSnapshot\n\n - RestoreDBInstanceFromS3\n\n - RestoreDBInstanceToPointInTime\n\nYou can view the valid processor values for a particular instance class by\ncalling the DescribeOrderableDBInstanceOptions action and specifying the\ninstance class for the DBInstanceClass parameter.\n\nIn addition, you can use the following actions for DB instance class processor\ninformation:\n\n - DescribeDBInstances\n\n - DescribeDBSnapshots\n\n - DescribeValidDBInstanceModifications\n\nIf you call DescribeDBInstances, ProcessorFeature returns non-null values\nonly if the following conditions are met:\n\n - You are accessing an Oracle DB instance.\n\n - Your Oracle DB instance class supports configuring the number of CPU\n cores and threads per core.\n\n - The current number CPU cores and threads is set to a non-default value.\n\nFor more information, see Configuring the processor for a DB instance class\nin RDS for Oracle (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor)\nin the Amazon RDS User Guide.", "properties": { "name": { "type": "string" @@ -215,26 +335,43 @@ "type": "array" }, "promotionTier": { - "description": "A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) in the Amazon Aurora User Guide. \n Default: 1 \n Valid Values: 0 - 15", + "description": "The order of priority in which an Aurora Replica is promoted to the primary\ninstance after a failure of the existing primary instance. For more information,\nsee Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraHighAvailability.html#Aurora.Managing.FaultTolerance)\nin the Amazon Aurora User Guide.\n\nThis setting doesn't apply to RDS Custom DB instances.\n\nDefault: 1\n\nValid Values: 0 - 15", "format": "int64", "type": "integer" }, "publiclyAccessible": { - "description": "A value that indicates whether the DB instance is publicly accessible. \n When the DB instance is publicly accessible, its DNS endpoint resolves to the private IP address from within the DB instance's VPC, and to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses, and that public access is not permitted if the security group assigned to the DB instance doesn't permit it. \n When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address. \n Default: The default behavior varies depending on whether DBSubnetGroupName is specified. \n If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies: \n * If the default VPC in the target region doesn’t have an Internet gateway attached to it, the DB instance is private. \n * If the default VPC in the target region has an Internet gateway attached to it, the DB instance is public. \n If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies: \n * If the subnets are part of a VPC that doesn’t have an Internet gateway attached to it, the DB instance is private. \n * If the subnets are part of a VPC that has an Internet gateway attached to it, the DB instance is public.", + "description": "Specifies whether the DB instance is publicly accessible.\n\nWhen the DB instance is publicly accessible and you connect from outside\nof the DB instance's virtual private cloud (VPC), its Domain Name System\n(DNS) endpoint resolves to the public IP address. When you connect from within\nthe same VPC as the DB instance, the endpoint resolves to the private IP\naddress. Access to the DB instance is ultimately controlled by the security\ngroup it uses. That public access is not permitted if the security group\nassigned to the DB instance doesn't permit it.\n\nWhen the DB instance isn't publicly accessible, it is an internal DB instance\nwith a DNS name that resolves to a private IP address.\n\nDefault: The default behavior varies depending on whether DBSubnetGroupName\nis specified.\n\nIf DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified,\nthe following applies:\n\n - If the default VPC in the target Region doesn’t have an internet gateway\n attached to it, the DB instance is private.\n\n - If the default VPC in the target Region has an internet gateway attached\n to it, the DB instance is public.\n\nIf DBSubnetGroupName is specified, and PubliclyAccessible isn't specified,\nthe following applies:\n\n - If the subnets are part of a VPC that doesn’t have an internet gateway\n attached to it, the DB instance is private.\n\n - If the subnets are part of a VPC that has an internet gateway attached\n to it, the DB instance is public.", "type": "boolean" }, + "replicaMode": { + "description": "The open mode of the replica database: mounted or read-only.\n\nThis parameter is only supported for Oracle DB instances.\n\nMounted DB replicas are included in Oracle Database Enterprise Edition. The\nmain use case for mounted replicas is cross-Region disaster recovery. The\nprimary database doesn't use Active Data Guard to transmit information to\nthe mounted replica. Because it doesn't accept user connections, a mounted\nreplica can't serve a read-only workload.\n\nYou can create a combination of mounted and read-only DB replicas for the\nsame primary DB instance. For more information, see Working with Oracle Read\nReplicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html)\nin the Amazon RDS User Guide.\n\nFor RDS Custom, you must specify this parameter and set it to mounted. The\nvalue won't be set by default. After replica creation, you can manage the\nopen mode manually.", + "type": "string" + }, + "sourceDBInstanceIdentifier": { + "description": "The identifier of the DB instance that will act as the source for the read\nreplica. Each DB instance can have up to 15 read replicas, with the exception\nof Oracle and SQL Server, which can have up to five.\n\nConstraints:\n\n - Must be the identifier of an existing Db2, MariaDB, MySQL, Oracle, PostgreSQL,\n or SQL Server DB instance.\n\n - Can't be specified if the SourceDBClusterIdentifier parameter is also\n specified.\n\n - For the limitations of Oracle read replicas, see Version and licensing\n considerations for RDS for Oracle replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.limitations.html#oracle-read-replicas.limitations.versions-and-licenses)\n in the Amazon RDS User Guide.\n\n - For the limitations of SQL Server read replicas, see Read replica limitations\n with SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.html#SQLServer.ReadReplicas.Limitations)\n in the Amazon RDS User Guide.\n\n - The specified DB instance must have automatic backups enabled, that\n is, its backup retention period must be greater than 0.\n\n - If the source DB instance is in the same Amazon Web Services Region\n as the read replica, specify a valid DB instance identifier.\n\n - If the source DB instance is in a different Amazon Web Services Region\n from the read replica, specify a valid DB instance ARN. For more information,\n see Constructing an ARN for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing)\n in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS\n Custom, which don't support cross-Region replicas.", + "type": "string" + }, + "sourceRegion": { + "description": "SourceRegion is the source region where the resource exists. This is not\nsent over the wire and is only used for presigning. This value should always\nhave the same region as the source ARN.", + "type": "string" + }, "storageEncrypted": { - "description": "A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted. \n Amazon Aurora \n Not applicable. The encryption for DB instances is managed by the DB cluster.", + "description": "Specifes whether the DB instance is encrypted. By default, it isn't encrypted.\n\nFor RDS Custom DB instances, either enable this setting or leave it unset.\nOtherwise, Amazon RDS reports an error.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The encryption\nfor DB instances is managed by the DB cluster.", "type": "boolean" }, + "storageThroughput": { + "description": "The storage throughput value for the DB instance.\n\nThis setting applies only to the gp3 storage type.\n\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.", + "format": "int64", + "type": "integer" + }, "storageType": { - "description": "Specifies the storage type to be associated with the DB instance. \n Valid values: standard | gp2 | io1 \n If you specify io1, you must also include a value for the Iops parameter. \n Default: io1 if the Iops parameter is specified, otherwise gp2", + "description": "The storage type to associate with the DB instance.\n\nIf you specify io1, io2, or gp3, you must also include a value for the Iops\nparameter.\n\nThis setting doesn't apply to Amazon Aurora DB instances. Storage is managed\nby the DB cluster.\n\nValid Values: gp2 | gp3 | io1 | io2 | standard\n\nDefault: io1, if the Iops parameter is specified. Otherwise, gp2.", "type": "string" }, "tags": { "description": "Tags to assign to the DB instance.", "items": { - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n\nFor more information, see Tagging Amazon RDS resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html)\nin the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS resources\n(https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html)\nin the Amazon Aurora User Guide.", "properties": { "key": { "type": "string" @@ -248,23 +385,48 @@ "type": "array" }, "tdeCredentialARN": { - "description": "The ARN from the key store with which to associate the instance for TDE encryption.", + "description": "The ARN from the key store with which to associate the instance for TDE encryption.\n\nThis setting doesn't apply to Amazon Aurora or RDS Custom DB instances.", "type": "string" }, "tdeCredentialPassword": { - "description": "The password for the given ARN from the key store in order to access the device.", + "description": "The password for the given ARN from the key store in order to access the\ndevice.\n\nThis setting doesn't apply to RDS Custom DB instances.", "type": "string" }, "timezone": { - "description": "The time zone of the DB instance. The time zone parameter is currently supported only by Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone).", + "description": "The time zone of the DB instance. The time zone parameter is currently supported\nonly by RDS for Db2 (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-time-zone)\nand RDS for SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone).", "type": "string" }, + "useDefaultProcessorFeatures": { + "description": "Specifies whether the DB instance class of the DB instance uses its default\nprocessor features.\n\nThis setting doesn't apply to RDS Custom.", + "type": "boolean" + }, "vpcSecurityGroupIDs": { - "description": "A list of Amazon EC2 VPC security groups to associate with this DB instance. \n Amazon Aurora \n Not applicable. The associated list of EC2 VPC security groups is managed by the DB cluster. \n Default: The default EC2 VPC security group for the DB subnet group's VPC.", + "description": "A list of Amazon EC2 VPC security groups to associate with this DB instance.\n\nThis setting doesn't apply to Amazon Aurora DB instances. The associated\nlist of EC2 VPC security groups is managed by the DB cluster.\n\nDefault: The default EC2 VPC security group for the DB subnet group's VPC.", "items": { "type": "string" }, "type": "array" + }, + "vpcSecurityGroupRefs": { + "items": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" } }, "required": [ @@ -279,26 +441,55 @@ "description": "DBInstanceStatus defines the observed state of DBInstance", "properties": { "ackResourceMetadata": { - "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource", + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { - "description": "ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an \"adopted\" resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR's Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270", + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { - "description": "OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.", + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region in which the resource exists or will exist.", "type": "string" } }, "required": [ - "ownerAccountID" + "ownerAccountID", + "region" ], "type": "object" }, + "activityStreamEngineNativeAuditFieldsIncluded": { + "description": "Indicates whether engine-native audit fields are included in the database\nactivity stream.", + "type": "boolean" + }, + "activityStreamKMSKeyID": { + "description": "The Amazon Web Services KMS key identifier used for encrypting messages in\nthe database activity stream. The Amazon Web Services KMS key identifier\nis the key ARN, key ID, alias ARN, or alias name for the KMS key.", + "type": "string" + }, + "activityStreamKinesisStreamName": { + "description": "The name of the Amazon Kinesis data stream used for the database activity\nstream.", + "type": "string" + }, + "activityStreamMode": { + "description": "The mode of the database activity stream. Database events such as a change\nor access generate an activity stream event. RDS for Oracle always handles\nthese events asynchronously.", + "type": "string" + }, + "activityStreamPolicyStatus": { + "description": "The status of the policy state of the activity stream.", + "type": "string" + }, + "activityStreamStatus": { + "description": "The status of the database activity stream.", + "type": "string" + }, "associatedRoles": { - "description": "The AWS Identity and Access Management (IAM) roles associated with the DB instance.", + "description": "The Amazon Web Services Identity and Access Management (IAM) roles associated\nwith the DB instance.", "items": { - "description": "Describes an AWS Identity and Access Management (IAM) role that is associated with a DB instance.", + "description": "Information about an Amazon Web Services Identity and Access Management (IAM)\nrole that is associated with a DB instance.", "properties": { "featureName": { "type": "string" @@ -314,14 +505,36 @@ }, "type": "array" }, - "caCertificateIdentifier": { - "description": "The identifier of the CA certificate for this DB instance.", + "automaticRestartTime": { + "description": "The time when a stopped DB instance is restarted automatically.", + "format": "date-time", + "type": "string" + }, + "automationMode": { + "description": "The automation mode of the RDS Custom DB instance: full or all paused. If\nfull, the DB instance automates monitoring and instance recovery. If all\npaused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes.", + "type": "string" + }, + "awsBackupRecoveryPointARN": { + "description": "The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services\nBackup.", "type": "string" }, + "certificateDetails": { + "description": "The details of the DB instance's server certificate.", + "properties": { + "cAIdentifier": { + "type": "string" + }, + "validTill": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, "conditions": { - "description": "All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource", + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", @@ -354,13 +567,13 @@ "type": "array" }, "customerOwnedIPEnabled": { - "description": "Specifies whether a customer-owned IP address (CoIP) is enabled for an RDS on Outposts DB instance. \n A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network. \n For more information about RDS on Outposts, see Working with Amazon RDS on AWS Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) in the Amazon RDS User Guide. \n For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing) in the AWS Outposts User Guide.", + "description": "Indicates whether a customer-owned IP address (CoIP) is enabled for an RDS\non Outposts DB instance.\n\nA CoIP provides local or external connectivity to resources in your Outpost\nsubnets through your on-premises network. For some use cases, a CoIP can\nprovide lower latency for connections to the DB instance from outside of\nits virtual private cloud (VPC) on your local network.\n\nFor more information about RDS on Outposts, see Working with Amazon RDS on\nAmazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html)\nin the Amazon RDS User Guide.\n\nFor more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing)\nin the Amazon Web Services Outposts User Guide.", "type": "boolean" }, "dbInstanceAutomatedBackupsReplications": { "description": "The list of replicated automated backups associated with the DB instance.", "items": { - "description": "Automated backups of a DB instance replicated to another AWS Region. They consist of system backups, transaction logs, and database instance properties.", + "description": "Automated backups of a DB instance replicated to another Amazon Web Services\nRegion. They consist of system backups, transaction logs, and database instance\nproperties.", "properties": { "dbInstanceAutomatedBackupsARN": { "type": "string" @@ -371,18 +584,18 @@ "type": "array" }, "dbInstancePort": { - "description": "Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this can be a different port than the DB cluster port.", + "description": "The port that the DB instance listens on. If the DB instance is part of a\nDB cluster, this can be a different port than the DB cluster port.", "format": "int64", "type": "integer" }, "dbInstanceStatus": { - "description": "Specifies the current state of this database. \n For information about DB instance statuses, see DB Instance Status (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Status.html) in the Amazon RDS User Guide.", + "description": "The current state of this database.\n\nFor information about DB instance statuses, see Viewing DB instance status\n(https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/accessing-monitoring.html#Overview.DBInstance.Status)\nin the Amazon RDS User Guide.", "type": "string" }, "dbParameterGroups": { - "description": "Provides the list of DB parameter groups applied to this DB instance.", + "description": "The list of DB parameter groups applied to this DB instance.", "items": { - "description": "The status of the DB parameter group. \n This data type is used as a response element in the following actions: \n * CreateDBInstance \n * CreateDBInstanceReadReplica \n * DeleteDBInstance \n * ModifyDBInstance \n * RebootDBInstance \n * RestoreDBInstanceFromDBSnapshot", + "description": "The status of the DB parameter group.\n\nThis data type is used as a response element in the following actions:\n\n - CreateDBInstance\n\n - CreateDBInstanceReadReplica\n\n - DeleteDBInstance\n\n - ModifyDBInstance\n\n - RebootDBInstance\n\n - RestoreDBInstanceFromDBSnapshot", "properties": { "dbParameterGroupName": { "type": "string" @@ -396,7 +609,7 @@ "type": "array" }, "dbSubnetGroup": { - "description": "Specifies information on the subnet group associated with the DB instance, including the name, description, and subnets in the subnet group.", + "description": "Information about the subnet group associated with the DB instance, including\nthe name, description, and subnets in the subnet group.", "properties": { "dbSubnetGroupARN": { "type": "string" @@ -412,10 +625,10 @@ }, "subnets": { "items": { - "description": "This data type is used as a response element for the DescribeDBSubnetGroups operation.", + "description": "This data type is used as a response element for the DescribeDBSubnetGroups\noperation.", "properties": { "subnetAvailabilityZone": { - "description": "Contains Availability Zone information. \n This data type is used as an element in the OrderableDBInstanceOption data type.", + "description": "Contains Availability Zone information.\n\nThis data type is used as an element in the OrderableDBInstanceOption data\ntype.", "properties": { "name": { "type": "string" @@ -427,7 +640,7 @@ "type": "string" }, "subnetOutpost": { - "description": "A data type that represents an Outpost. \n For more information about RDS on Outposts, see Amazon RDS on AWS Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) in the Amazon RDS User Guide.", + "description": "A data type that represents an Outpost.\n\nFor more information about RDS on Outposts, see Amazon RDS on Amazon Web\nServices Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html)\nin the Amazon RDS User Guide.", "properties": { "arn": { "type": "string" @@ -443,20 +656,30 @@ }, "type": "array" }, + "supportedNetworkTypes": { + "items": { + "type": "string" + }, + "type": "array" + }, "vpcID": { "type": "string" } }, "type": "object" }, + "dbSystemID": { + "description": "The Oracle system ID (Oracle SID) for a container database (CDB). The Oracle\nSID is also the name of the CDB. This setting is only valid for RDS Custom\nDB instances.", + "type": "string" + }, "dbiResourceID": { - "description": "The AWS Region-unique, immutable identifier for the DB instance. This identifier is found in AWS CloudTrail log entries whenever the AWS KMS customer master key (CMK) for the DB instance is accessed.", + "description": "The Amazon Web Services Region-unique, immutable identifier for the DB instance.\nThis identifier is found in Amazon Web Services CloudTrail log entries whenever\nthe Amazon Web Services KMS key for the DB instance is accessed.", "type": "string" }, "domainMemberships": { "description": "The Active Directory Domain membership records associated with the DB instance.", "items": { - "description": "An Active Directory Domain membership record associated with the DB instance or cluster.", + "description": "An Active Directory Domain membership record associated with the DB instance\nor cluster.", "properties": { "domain": { "type": "string" @@ -476,14 +699,14 @@ "type": "array" }, "enabledCloudwatchLogsExports": { - "description": "A list of log types that this DB instance is configured to export to CloudWatch Logs. \n Log types vary by DB engine. For information about the log types for each DB engine, see Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) in the Amazon RDS User Guide.", + "description": "A list of log types that this DB instance is configured to export to CloudWatch\nLogs.\n\nLog types vary by DB engine. For information about the log types for each\nDB engine, see Monitoring Amazon RDS log files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html)\nin the Amazon RDS User Guide.", "items": { "type": "string" }, "type": "array" }, "endpoint": { - "description": "Specifies the connection endpoint.", + "description": "The connection endpoint for the DB instance.\n\nThe endpoint might not be shown for instances with the status of creating.", "properties": { "address": { "type": "string" @@ -499,25 +722,25 @@ "type": "object" }, "enhancedMonitoringResourceARN": { - "description": "The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that receives the Enhanced Monitoring metrics data for the DB instance.", + "description": "The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that\nreceives the Enhanced Monitoring metrics data for the DB instance.", "type": "string" }, "iamDatabaseAuthenticationEnabled": { - "description": "True if mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false. \n IAM database authentication can be enabled for the following database engines \n * For MySQL 5.6, minor version 5.6.34 or higher \n * For MySQL 5.7, minor version 5.7.16 or higher \n * Aurora 5.6 or higher. To enable IAM database authentication for Aurora, see DBCluster Type.", + "description": "Indicates whether mapping of Amazon Web Services Identity and Access Management\n(IAM) accounts to database accounts is enabled for the DB instance.\n\nFor a list of engine versions that support IAM database authentication, see\nIAM database authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RDS_Fea_Regions_DB-eng.Feature.IamDatabaseAuthentication.html)\nin the Amazon RDS User Guide and IAM database authentication in Aurora (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.Aurora_Fea_Regions_DB-eng.Feature.IAMdbauth.html)\nin the Amazon Aurora User Guide.", "type": "boolean" }, "instanceCreateTime": { - "description": "Provides the date and time the DB instance was created.", + "description": "The date and time when the DB instance was created.", "format": "date-time", "type": "string" }, "latestRestorableTime": { - "description": "Specifies the latest time to which a database can be restored with point-in-time restore.", + "description": "The latest time to which a database in this DB instance can be restored with\npoint-in-time restore.", "format": "date-time", "type": "string" }, "listenerEndpoint": { - "description": "Specifies the listener connection endpoint for SQL Server Always On.", + "description": "The listener connection endpoint for SQL Server Always On.", "properties": { "address": { "type": "string" @@ -532,8 +755,23 @@ }, "type": "object" }, + "masterUserSecret": { + "description": "The secret managed by RDS in Amazon Web Services Secrets Manager for the\nmaster user password.\n\nFor more information, see Password management with Amazon Web Services Secrets\nManager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html)\nin the Amazon RDS User Guide.", + "properties": { + "kmsKeyID": { + "type": "string" + }, + "secretARN": { + "type": "string" + }, + "secretStatus": { + "type": "string" + } + }, + "type": "object" + }, "optionGroupMemberships": { - "description": "Provides the list of option group memberships for this DB instance.", + "description": "The list of option group memberships for this DB instance.", "items": { "description": "Provides information on the option groups the DB instance is a member of.", "properties": { @@ -549,12 +787,15 @@ "type": "array" }, "pendingModifiedValues": { - "description": "A value that specifies that changes to the DB instance are pending. This element is only included when changes are pending. Specific changes are identified by subelements.", + "description": "Information about pending changes to the DB instance. This information is\nreturned only when there are pending changes. Specific changes are identified\nby subelements.", "properties": { "allocatedStorage": { "format": "int64", "type": "integer" }, + "automationMode": { + "type": "string" + }, "backupRetentionPeriod": { "format": "int64", "type": "integer" @@ -591,7 +832,7 @@ "type": "boolean" }, "pendingCloudwatchLogsExports": { - "description": "A list of the log types whose configuration is still pending. In other words, these log types are in the process of being activated or deactivated.", + "description": "A list of the log types whose configuration is still pending. In other words,\nthese log types are in the process of being activated or deactivated.", "properties": { "logTypesToDisable": { "items": { @@ -614,7 +855,7 @@ }, "processorFeatures": { "items": { - "description": "Contains the processor features of a DB instance class. \n To specify the number of CPU cores, use the coreCount feature name for the Name parameter. To specify the number of threads per core, use the threadsPerCore feature name for the Name parameter. \n You can set the processor features of the DB instance class for a DB instance when you call one of the following actions: \n * CreateDBInstance \n * ModifyDBInstance \n * RestoreDBInstanceFromDBSnapshot \n * RestoreDBInstanceFromS3 \n * RestoreDBInstanceToPointInTime \n You can view the valid processor values for a particular instance class by calling the DescribeOrderableDBInstanceOptions action and specifying the instance class for the DBInstanceClass parameter. \n In addition, you can use the following actions for DB instance class processor information: \n * DescribeDBInstances \n * DescribeDBSnapshots \n * DescribeValidDBInstanceModifications \n If you call DescribeDBInstances, ProcessorFeature returns non-null values only if the following conditions are met: \n * You are accessing an Oracle DB instance. \n * Your Oracle DB instance class supports configuring the number of CPU cores and threads per core. \n * The current number CPU cores and threads is set to a non-default value. \n For more information, see Configuring the Processor of the DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor) in the Amazon RDS User Guide.", + "description": "Contains the processor features of a DB instance class.\n\nTo specify the number of CPU cores, use the coreCount feature name for the\nName parameter. To specify the number of threads per core, use the threadsPerCore\nfeature name for the Name parameter.\n\nYou can set the processor features of the DB instance class for a DB instance\nwhen you call one of the following actions:\n\n - CreateDBInstance\n\n - ModifyDBInstance\n\n - RestoreDBInstanceFromDBSnapshot\n\n - RestoreDBInstanceFromS3\n\n - RestoreDBInstanceToPointInTime\n\nYou can view the valid processor values for a particular instance class by\ncalling the DescribeOrderableDBInstanceOptions action and specifying the\ninstance class for the DBInstanceClass parameter.\n\nIn addition, you can use the following actions for DB instance class processor\ninformation:\n\n - DescribeDBInstances\n\n - DescribeDBSnapshots\n\n - DescribeValidDBInstanceModifications\n\nIf you call DescribeDBInstances, ProcessorFeature returns non-null values\nonly if the following conditions are met:\n\n - You are accessing an Oracle DB instance.\n\n - Your Oracle DB instance class supports configuring the number of CPU\n cores and threads per core.\n\n - The current number CPU cores and threads is set to a non-default value.\n\nFor more information, see Configuring the processor for a DB instance class\nin RDS for Oracle (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor)\nin the Amazon RDS User Guide.", "properties": { "name": { "type": "string" @@ -627,44 +868,53 @@ }, "type": "array" }, + "resumeFullAutomationModeTime": { + "format": "date-time", + "type": "string" + }, + "storageThroughput": { + "format": "int64", + "type": "integer" + }, "storageType": { "type": "string" } }, "type": "object" }, - "performanceInsightsEnabled": { - "description": "True if Performance Insights is enabled for the DB instance, and otherwise false.", - "type": "boolean" - }, "readReplicaDBClusterIdentifiers": { - "description": "Contains one or more identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica. For example, when you create an Aurora read replica of an RDS MySQL DB instance, the Aurora MySQL DB cluster for the Aurora read replica is shown. This output does not contain information about cross region Aurora read replicas. \n Currently, each RDS DB instance can have only one Aurora read replica.", + "description": "The identifiers of Aurora DB clusters to which the RDS DB instance is replicated\nas a read replica. For example, when you create an Aurora read replica of\nan RDS for MySQL DB instance, the Aurora MySQL DB cluster for the Aurora\nread replica is shown. This output doesn't contain information about cross-Region\nAurora read replicas.\n\nCurrently, each RDS DB instance can have only one Aurora read replica.", "items": { "type": "string" }, "type": "array" }, "readReplicaDBInstanceIdentifiers": { - "description": "Contains one or more identifiers of the read replicas associated with this DB instance.", + "description": "The identifiers of the read replicas associated with this DB instance.", "items": { "type": "string" }, "type": "array" }, + "readReplicaSourceDBClusterIdentifier": { + "description": "The identifier of the source DB cluster if this DB instance is a read replica.", + "type": "string" + }, "readReplicaSourceDBInstanceIdentifier": { - "description": "Contains the identifier of the source DB instance if this DB instance is a read replica.", + "description": "The identifier of the source DB instance if this DB instance is a read replica.", "type": "string" }, - "replicaMode": { - "description": "The open mode of an Oracle read replica. The default is open-read-only. For more information, see Working with Oracle Read Replicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) in the Amazon RDS User Guide. \n This attribute is only supported in RDS for Oracle.", + "resumeFullAutomationModeTime": { + "description": "The number of minutes to pause the automation. When the time period ends,\nRDS Custom resumes full automation. The minimum value is 60 (default). The\nmaximum value is 1,440.", + "format": "date-time", "type": "string" }, "secondaryAvailabilityZone": { - "description": "If present, specifies the name of the secondary Availability Zone for a DB instance with multi-AZ support.", + "description": "If present, specifies the name of the secondary Availability Zone for a DB\ninstance with multi-AZ support.", "type": "string" }, "statusInfos": { - "description": "The status of a read replica. If the instance isn't a read replica, this is blank.", + "description": "The status of a read replica. If the DB instance isn't a read replica, the\nvalue is blank.", "items": { "description": "Provides a list of status information for a DB instance.", "properties": { @@ -685,25 +935,10 @@ }, "type": "array" }, - "tagList": { - "items": { - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.", - "properties": { - "key": { - "type": "string" - }, - "value": { - "type": "string" - } - }, - "type": "object" - }, - "type": "array" - }, "vpcSecurityGroups": { - "description": "Provides a list of VPC security group elements that the DB instance belongs to.", + "description": "The list of Amazon EC2 VPC security groups that the DB instance belongs to.", "items": { - "description": "This data type is used as a response element for queries on VPC security group membership.", + "description": "This data type is used as a response element for queries on VPC security\ngroup membership.", "properties": { "status": { "type": "string" diff --git a/master-standalone-strict/dbparametergroup-rds-v1alpha1.json b/master-standalone-strict/dbparametergroup-rds-v1alpha1.json new file mode 100644 index 0000000..443a6f1 --- /dev/null +++ b/master-standalone-strict/dbparametergroup-rds-v1alpha1.json @@ -0,0 +1,172 @@ +{ + "description": "DBParameterGroup is the Schema for the DBParameterGroups API", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "DBParameterGroupSpec defines the desired state of DBParameterGroup.\n\nContains the details of an Amazon RDS DB parameter group.\n\nThis data type is used as a response element in the DescribeDBParameterGroups\naction.", + "properties": { + "description": { + "description": "The description for the DB parameter group.", + "type": "string" + }, + "family": { + "description": "The DB parameter group family name. A DB parameter group can be associated\nwith one and only one DB parameter group family, and can be applied only\nto a DB instance running a database engine and engine version compatible\nwith that DB parameter group family.\n\nTo list all of the available parameter group families for a DB engine, use\nthe following command:\n\naws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"\n--engine\n\nFor example, to list all of the available parameter group families for the\nMySQL DB engine, use the following command:\n\naws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\"\n--engine mysql\n\nThe output contains duplicates.\n\nThe following are the valid DB engine values:\n\n - aurora-mysql\n\n - aurora-postgresql\n\n - db2-ae\n\n - db2-se\n\n - mysql\n\n - oracle-ee\n\n - oracle-ee-cdb\n\n - oracle-se2\n\n - oracle-se2-cdb\n\n - postgres\n\n - sqlserver-ee\n\n - sqlserver-se\n\n - sqlserver-ex\n\n - sqlserver-web", + "type": "string" + }, + "name": { + "description": "The name of the DB parameter group.\n\nConstraints:\n\n - Must be 1 to 255 letters, numbers, or hyphens.\n\n - First character must be a letter\n\n - Can't end with a hyphen or contain two consecutive hyphens\n\nThis value is stored as a lowercase string.", + "type": "string" + }, + "parameterOverrides": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "tags": { + "description": "Tags to assign to the DB parameter group.", + "items": { + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n\nFor more information, see Tagging Amazon RDS resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html)\nin the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS resources\n(https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html)\nin the Amazon Aurora User Guide.", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "description", + "family", + "name" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "description": "DBParameterGroupStatus defines the observed state of DBParameterGroup", + "properties": { + "ackResourceMetadata": { + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", + "properties": { + "arn": { + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", + "type": "string" + }, + "ownerAccountID": { + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region in which the resource exists or will exist.", + "type": "string" + } + }, + "required": [ + "ownerAccountID", + "region" + ], + "type": "object" + }, + "conditions": { + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", + "items": { + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string" + }, + "type": { + "description": "Type is the type of the Condition", + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "parameterOverrideStatuses": { + "description": "A list of Parameter values.", + "items": { + "description": "This data type is used as a request parameter in the ModifyDBParameterGroup\nand ResetDBParameterGroup actions.\n\nThis data type is used as a response element in the DescribeEngineDefaultParameters\nand DescribeDBParameters actions.", + "properties": { + "allowedValues": { + "type": "string" + }, + "applyMethod": { + "type": "string" + }, + "applyType": { + "type": "string" + }, + "dataType": { + "type": "string" + }, + "description": { + "type": "string" + }, + "isModifiable": { + "type": "boolean" + }, + "minimumEngineVersion": { + "type": "string" + }, + "parameterName": { + "type": "string" + }, + "parameterValue": { + "type": "string" + }, + "source": { + "type": "string" + }, + "supportedEngineModes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/dbsubnetgroup-rds-v1alpha1.json b/master-standalone-strict/dbsubnetgroup-rds-v1alpha1.json index 6aa8515..a719a21 100644 --- a/master-standalone-strict/dbsubnetgroup-rds-v1alpha1.json +++ b/master-standalone-strict/dbsubnetgroup-rds-v1alpha1.json @@ -2,25 +2,25 @@ "description": "DBSubnetGroup is the Schema for the DBSubnetGroups API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "DBSubnetGroupSpec defines the desired state of DBSubnetGroup. \n Contains the details of an Amazon RDS DB subnet group. \n This data type is used as a response element in the DescribeDBSubnetGroups action.", + "description": "DBSubnetGroupSpec defines the desired state of DBSubnetGroup.\n\nContains the details of an Amazon RDS DB subnet group.\n\nThis data type is used as a response element in the DescribeDBSubnetGroups\naction.", "properties": { "description": { "description": "The description for the DB subnet group.", "type": "string" }, "name": { - "description": "The name for the DB subnet group. This value is stored as a lowercase string. \n Constraints: Must contain no more than 255 letters, numbers, periods, underscores, spaces, or hyphens. Must not be default. \n Example: mySubnetgroup", + "description": "The name for the DB subnet group. This value is stored as a lowercase string.\n\nConstraints:\n\n - Must contain no more than 255 letters, numbers, periods, underscores,\n spaces, or hyphens.\n\n - Must not be default.\n\n - First character must be a letter.\n\nExample: mydbsubnetgroup", "type": "string" }, "subnetIDs": { @@ -30,10 +30,31 @@ }, "type": "array" }, + "subnetRefs": { + "items": { + "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", + "properties": { + "from": { + "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, "tags": { "description": "Tags to assign to the DB subnet group.", "items": { - "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.", + "description": "Metadata assigned to an Amazon RDS resource consisting of a key-value pair.\n\nFor more information, see Tagging Amazon RDS resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html)\nin the Amazon RDS User Guide or Tagging Amazon Aurora and Amazon RDS resources\n(https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html)\nin the Amazon Aurora User Guide.", "properties": { "key": { "type": "string" @@ -49,8 +70,7 @@ }, "required": [ "description", - "name", - "subnetIDs" + "name" ], "type": "object", "additionalProperties": false @@ -59,26 +79,31 @@ "description": "DBSubnetGroupStatus defines the observed state of DBSubnetGroup", "properties": { "ackResourceMetadata": { - "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource", + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { - "description": "ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an \"adopted\" resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR's Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270", + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { - "description": "OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.", + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region in which the resource exists or will exist.", "type": "string" } }, "required": [ - "ownerAccountID" + "ownerAccountID", + "region" ], "type": "object" }, "conditions": { - "description": "All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource", + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", @@ -117,10 +142,10 @@ "subnets": { "description": "Contains a list of Subnet elements.", "items": { - "description": "This data type is used as a response element for the DescribeDBSubnetGroups operation.", + "description": "This data type is used as a response element for the DescribeDBSubnetGroups\noperation.", "properties": { "subnetAvailabilityZone": { - "description": "Contains Availability Zone information. \n This data type is used as an element in the OrderableDBInstanceOption data type.", + "description": "Contains Availability Zone information.\n\nThis data type is used as an element in the OrderableDBInstanceOption data\ntype.", "properties": { "name": { "type": "string" @@ -132,7 +157,7 @@ "type": "string" }, "subnetOutpost": { - "description": "A data type that represents an Outpost. \n For more information about RDS on Outposts, see Amazon RDS on AWS Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) in the Amazon RDS User Guide.", + "description": "A data type that represents an Outpost.\n\nFor more information about RDS on Outposts, see Amazon RDS on Amazon Web\nServices Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html)\nin the Amazon RDS User Guide.", "properties": { "arn": { "type": "string" @@ -148,6 +173,13 @@ }, "type": "array" }, + "supportedNetworkTypes": { + "description": "The network type of the DB subnet group.\n\nValid values:\n\n * IPV4\n\n * DUAL\n\nA DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6\nprotocols (DUAL).\n\nFor more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html)\nin the Amazon RDS User Guide.", + "items": { + "type": "string" + }, + "type": "array" + }, "vpcID": { "description": "Provides the VpcId of the DB subnet group.", "type": "string" diff --git a/master-standalone-strict/destinationrule-networking-v1.json b/master-standalone-strict/destinationrule-networking-v1.json new file mode 100644 index 0000000..4ae7ba5 --- /dev/null +++ b/master-standalone-strict/destinationrule-networking-v1.json @@ -0,0 +1,2459 @@ +{ + "properties": { + "spec": { + "description": "Configuration affecting load balancing, outlier detection, etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html", + "properties": { + "exportTo": { + "description": "A list of namespaces to which this destination rule is exported.", + "items": { + "type": "string" + }, + "type": "array" + }, + "host": { + "description": "The name of a service from the service registry.", + "type": "string" + }, + "subsets": { + "description": "One or more named sets that represent individual versions of a service.", + "items": { + "properties": { + "labels": { + "additionalProperties": { + "type": "string" + }, + "description": "Labels apply a filter over the endpoints of a service in the service registry.", + "type": "object" + }, + "name": { + "description": "Name of the subset.", + "type": "string" + }, + "trafficPolicy": { + "description": "Traffic policies that apply to this subset.", + "properties": { + "connectionPool": { + "properties": { + "http": { + "description": "HTTP connection pool settings.", + "properties": { + "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", + "enum": [ + "DEFAULT", + "DO_NOT_UPGRADE", + "UPGRADE" + ], + "type": "string" + }, + "http1MaxPendingRequests": { + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", + "format": "int32", + "type": "integer" + }, + "http2MaxRequests": { + "description": "Maximum number of active requests to a destination.", + "format": "int32", + "type": "integer" + }, + "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" + }, + "maxRequestsPerConnection": { + "description": "Maximum number of requests per connection to a backend.", + "format": "int32", + "type": "integer" + }, + "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", + "format": "int32", + "type": "integer" + }, + "useClientProtocol": { + "description": "If set to true, client protocol will be preserved while initiating connection to backend.", + "type": "boolean" + } + }, + "type": "object" + }, + "tcp": { + "description": "Settings common to both HTTP and TCP upstream connections.", + "properties": { + "connectTimeout": { + "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", + "type": "string" + }, + "maxConnectionDuration": { + "description": "The maximum duration of a connection.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConnections": { + "description": "Maximum number of HTTP1 /TCP connections to a destination host.", + "format": "int32", + "type": "integer" + }, + "tcpKeepalive": { + "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", + "properties": { + "interval": { + "description": "The time duration between keep-alive probes.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "time": { + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "loadBalancer": { + "description": "Settings controlling the load balancer algorithms.", + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ] + } + }, + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + } + }, + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + ], + "properties": { + "httpCookie": { + "description": "Hash based on HTTP cookie.", + "properties": { + "name": { + "description": "Name of the cookie.", + "type": "string" + }, + "path": { + "description": "Path to set for the cookie.", + "type": "string" + }, + "ttl": { + "description": "Lifetime of the cookie.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "httpHeaderName": { + "description": "Hash based on a specific HTTP header.", + "type": "string" + }, + "httpQueryParameterName": { + "description": "Hash based on a specific HTTP query parameter.", + "type": "string" + }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, + "type": "integer" + }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "useSourceIp": { + "description": "Hash based on the source IP address.", + "type": "boolean" + } + }, + "type": "object" + }, + "localityLbSetting": { + "properties": { + "distribute": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating locality, '/' separated, e.g.", + "type": "string" + }, + "to": { + "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "enabled": { + "description": "Enable locality load balancing.", + "nullable": true, + "type": "boolean" + }, + "failover": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating region.", + "type": "string" + }, + "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "failoverPriority": { + "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", + "enum": [ + "UNSPECIFIED", + "LEAST_CONN", + "RANDOM", + "PASSTHROUGH", + "ROUND_ROBIN", + "LEAST_REQUEST" + ], + "type": "string" + }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, + "warmupDurationSecs": { + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object" + }, + "outlierDetection": { + "properties": { + "baseEjectionTime": { + "description": "Minimum ejection duration.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveErrors": { + "format": "int32", + "type": "integer" + }, + "consecutiveGatewayErrors": { + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "interval": { + "description": "Time interval between ejection sweep analysis.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", + "format": "int32", + "type": "integer" + }, + "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", + "format": "int32", + "type": "integer" + }, + "splitExternalLocalOriginErrors": { + "description": "Determines whether to distinguish local origin failures from external errors.", + "type": "boolean" + } + }, + "type": "object" + }, + "portLevelSettings": { + "description": "Traffic policies specific to individual ports.", + "items": { + "properties": { + "connectionPool": { + "properties": { + "http": { + "description": "HTTP connection pool settings.", + "properties": { + "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", + "enum": [ + "DEFAULT", + "DO_NOT_UPGRADE", + "UPGRADE" + ], + "type": "string" + }, + "http1MaxPendingRequests": { + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", + "format": "int32", + "type": "integer" + }, + "http2MaxRequests": { + "description": "Maximum number of active requests to a destination.", + "format": "int32", + "type": "integer" + }, + "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" + }, + "maxRequestsPerConnection": { + "description": "Maximum number of requests per connection to a backend.", + "format": "int32", + "type": "integer" + }, + "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", + "format": "int32", + "type": "integer" + }, + "useClientProtocol": { + "description": "If set to true, client protocol will be preserved while initiating connection to backend.", + "type": "boolean" + } + }, + "type": "object" + }, + "tcp": { + "description": "Settings common to both HTTP and TCP upstream connections.", + "properties": { + "connectTimeout": { + "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", + "type": "string" + }, + "maxConnectionDuration": { + "description": "The maximum duration of a connection.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConnections": { + "description": "Maximum number of HTTP1 /TCP connections to a destination host.", + "format": "int32", + "type": "integer" + }, + "tcpKeepalive": { + "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", + "properties": { + "interval": { + "description": "The time duration between keep-alive probes.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "time": { + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "loadBalancer": { + "description": "Settings controlling the load balancer algorithms.", + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ] + } + }, + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + } + }, + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + ], + "properties": { + "httpCookie": { + "description": "Hash based on HTTP cookie.", + "properties": { + "name": { + "description": "Name of the cookie.", + "type": "string" + }, + "path": { + "description": "Path to set for the cookie.", + "type": "string" + }, + "ttl": { + "description": "Lifetime of the cookie.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "httpHeaderName": { + "description": "Hash based on a specific HTTP header.", + "type": "string" + }, + "httpQueryParameterName": { + "description": "Hash based on a specific HTTP query parameter.", + "type": "string" + }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, + "type": "integer" + }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "useSourceIp": { + "description": "Hash based on the source IP address.", + "type": "boolean" + } + }, + "type": "object" + }, + "localityLbSetting": { + "properties": { + "distribute": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating locality, '/' separated, e.g.", + "type": "string" + }, + "to": { + "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "enabled": { + "description": "Enable locality load balancing.", + "nullable": true, + "type": "boolean" + }, + "failover": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating region.", + "type": "string" + }, + "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "failoverPriority": { + "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", + "enum": [ + "UNSPECIFIED", + "LEAST_CONN", + "RANDOM", + "PASSTHROUGH", + "ROUND_ROBIN", + "LEAST_REQUEST" + ], + "type": "string" + }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, + "warmupDurationSecs": { + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object" + }, + "outlierDetection": { + "properties": { + "baseEjectionTime": { + "description": "Minimum ejection duration.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveErrors": { + "format": "int32", + "type": "integer" + }, + "consecutiveGatewayErrors": { + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "interval": { + "description": "Time interval between ejection sweep analysis.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", + "format": "int32", + "type": "integer" + }, + "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", + "format": "int32", + "type": "integer" + }, + "splitExternalLocalOriginErrors": { + "description": "Determines whether to distinguish local origin failures from external errors.", + "type": "boolean" + } + }, + "type": "object" + }, + "port": { + "description": "Specifies the number of a port on the destination service on which this policy is being applied.", + "properties": { + "number": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "tls": { + "description": "TLS related settings for connections to the upstream service.", + "properties": { + "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, + "clientCertificate": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", + "nullable": true, + "type": "boolean" + }, + "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", + "enum": [ + "DISABLE", + "SIMPLE", + "MUTUAL", + "ISTIO_MUTUAL" + ], + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "sni": { + "description": "SNI string to present to the server during TLS handshake.", + "type": "string" + }, + "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 4096, + "type": "array" + }, + "proxyProtocol": { + "description": "The upstream PROXY protocol settings.", + "properties": { + "version": { + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", + "enum": [ + "V1", + "V2" + ], + "type": "string" + } + }, + "type": "object" + }, + "tls": { + "description": "TLS related settings for connections to the upstream service.", + "properties": { + "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, + "clientCertificate": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", + "nullable": true, + "type": "boolean" + }, + "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", + "enum": [ + "DISABLE", + "SIMPLE", + "MUTUAL", + "ISTIO_MUTUAL" + ], + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "sni": { + "description": "SNI string to present to the server during TLS handshake.", + "type": "string" + }, + "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "tunnel": { + "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", + "properties": { + "protocol": { + "description": "Specifies which protocol to use for tunneling the downstream connection.", + "type": "string" + }, + "targetHost": { + "description": "Specifies a host to which the downstream connection is tunneled.", + "type": "string" + }, + "targetPort": { + "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "targetHost", + "targetPort" + ], + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array" + }, + "trafficPolicy": { + "description": "Traffic policies to apply (load balancing policy, connection pool sizes, outlier detection).", + "properties": { + "connectionPool": { + "properties": { + "http": { + "description": "HTTP connection pool settings.", + "properties": { + "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", + "enum": [ + "DEFAULT", + "DO_NOT_UPGRADE", + "UPGRADE" + ], + "type": "string" + }, + "http1MaxPendingRequests": { + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", + "format": "int32", + "type": "integer" + }, + "http2MaxRequests": { + "description": "Maximum number of active requests to a destination.", + "format": "int32", + "type": "integer" + }, + "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" + }, + "maxRequestsPerConnection": { + "description": "Maximum number of requests per connection to a backend.", + "format": "int32", + "type": "integer" + }, + "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", + "format": "int32", + "type": "integer" + }, + "useClientProtocol": { + "description": "If set to true, client protocol will be preserved while initiating connection to backend.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "tcp": { + "description": "Settings common to both HTTP and TCP upstream connections.", + "properties": { + "connectTimeout": { + "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", + "type": "string" + }, + "maxConnectionDuration": { + "description": "The maximum duration of a connection.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConnections": { + "description": "Maximum number of HTTP1 /TCP connections to a destination host.", + "format": "int32", + "type": "integer" + }, + "tcpKeepalive": { + "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", + "properties": { + "interval": { + "description": "The time duration between keep-alive probes.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "time": { + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "loadBalancer": { + "description": "Settings controlling the load balancer algorithms.", + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ] + } + }, + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + } + }, + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + ], + "properties": { + "httpCookie": { + "description": "Hash based on HTTP cookie.", + "properties": { + "name": { + "description": "Name of the cookie.", + "type": "string" + }, + "path": { + "description": "Path to set for the cookie.", + "type": "string" + }, + "ttl": { + "description": "Lifetime of the cookie.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "httpHeaderName": { + "description": "Hash based on a specific HTTP header.", + "type": "string" + }, + "httpQueryParameterName": { + "description": "Hash based on a specific HTTP query parameter.", + "type": "string" + }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, + "type": "integer" + }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "useSourceIp": { + "description": "Hash based on the source IP address.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "localityLbSetting": { + "properties": { + "distribute": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating locality, '/' separated, e.g.", + "type": "string" + }, + "to": { + "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "enabled": { + "description": "Enable locality load balancing.", + "nullable": true, + "type": "boolean" + }, + "failover": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating region.", + "type": "string" + }, + "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "failoverPriority": { + "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", + "enum": [ + "UNSPECIFIED", + "LEAST_CONN", + "RANDOM", + "PASSTHROUGH", + "ROUND_ROBIN", + "LEAST_REQUEST" + ], + "type": "string" + }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, + "warmupDurationSecs": { + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object", + "additionalProperties": false + }, + "outlierDetection": { + "properties": { + "baseEjectionTime": { + "description": "Minimum ejection duration.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveErrors": { + "format": "int32", + "type": "integer" + }, + "consecutiveGatewayErrors": { + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "interval": { + "description": "Time interval between ejection sweep analysis.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", + "format": "int32", + "type": "integer" + }, + "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", + "format": "int32", + "type": "integer" + }, + "splitExternalLocalOriginErrors": { + "description": "Determines whether to distinguish local origin failures from external errors.", + "type": "boolean" + } + }, + "type": "object", + "additionalProperties": false + }, + "portLevelSettings": { + "description": "Traffic policies specific to individual ports.", + "items": { + "properties": { + "connectionPool": { + "properties": { + "http": { + "description": "HTTP connection pool settings.", + "properties": { + "h2UpgradePolicy": { + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", + "enum": [ + "DEFAULT", + "DO_NOT_UPGRADE", + "UPGRADE" + ], + "type": "string" + }, + "http1MaxPendingRequests": { + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", + "format": "int32", + "type": "integer" + }, + "http2MaxRequests": { + "description": "Maximum number of active requests to a destination.", + "format": "int32", + "type": "integer" + }, + "idleTimeout": { + "description": "The idle timeout for upstream connection pool connections.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" + }, + "maxRequestsPerConnection": { + "description": "Maximum number of requests per connection to a backend.", + "format": "int32", + "type": "integer" + }, + "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", + "format": "int32", + "type": "integer" + }, + "useClientProtocol": { + "description": "If set to true, client protocol will be preserved while initiating connection to backend.", + "type": "boolean" + } + }, + "type": "object" + }, + "tcp": { + "description": "Settings common to both HTTP and TCP upstream connections.", + "properties": { + "connectTimeout": { + "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", + "type": "string" + }, + "maxConnectionDuration": { + "description": "The maximum duration of a connection.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConnections": { + "description": "Maximum number of HTTP1 /TCP connections to a destination host.", + "format": "int32", + "type": "integer" + }, + "tcpKeepalive": { + "description": "If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.", + "properties": { + "interval": { + "description": "The time duration between keep-alive probes.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "time": { + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "loadBalancer": { + "description": "Settings controlling the load balancer algorithms.", + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ] + } + }, + { + "required": [ + "simple" + ] + }, + { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + } + }, + { + "required": [ + "httpHeaderName" + ] + }, + { + "required": [ + "httpCookie" + ] + }, + { + "required": [ + "useSourceIp" + ] + }, + { + "required": [ + "httpQueryParameterName" + ] + } + ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + ], + "properties": { + "httpCookie": { + "description": "Hash based on HTTP cookie.", + "properties": { + "name": { + "description": "Name of the cookie.", + "type": "string" + }, + "path": { + "description": "Path to set for the cookie.", + "type": "string" + }, + "ttl": { + "description": "Lifetime of the cookie.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "httpHeaderName": { + "description": "Hash based on a specific HTTP header.", + "type": "string" + }, + "httpQueryParameterName": { + "description": "Hash based on a specific HTTP query parameter.", + "type": "string" + }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, + "type": "integer" + }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "useSourceIp": { + "description": "Hash based on the source IP address.", + "type": "boolean" + } + }, + "type": "object" + }, + "localityLbSetting": { + "properties": { + "distribute": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating locality, '/' separated, e.g.", + "type": "string" + }, + "to": { + "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "description": "Map of upstream localities to traffic distribution weights.", + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "enabled": { + "description": "Enable locality load balancing.", + "nullable": true, + "type": "boolean" + }, + "failover": { + "description": "Optional: only one of distribute, failover or failoverPriority can be set.", + "items": { + "properties": { + "from": { + "description": "Originating region.", + "type": "string" + }, + "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "failoverPriority": { + "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", + "enum": [ + "UNSPECIFIED", + "LEAST_CONN", + "RANDOM", + "PASSTHROUGH", + "ROUND_ROBIN", + "LEAST_REQUEST" + ], + "type": "string" + }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, + "warmupDurationSecs": { + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + } + }, + "type": "object" + }, + "outlierDetection": { + "properties": { + "baseEjectionTime": { + "description": "Minimum ejection duration.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "consecutive5xxErrors": { + "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveErrors": { + "format": "int32", + "type": "integer" + }, + "consecutiveGatewayErrors": { + "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, + "nullable": true, + "type": "integer" + }, + "interval": { + "description": "Time interval between ejection sweep analysis.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", + "format": "int32", + "type": "integer" + }, + "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", + "format": "int32", + "type": "integer" + }, + "splitExternalLocalOriginErrors": { + "description": "Determines whether to distinguish local origin failures from external errors.", + "type": "boolean" + } + }, + "type": "object" + }, + "port": { + "description": "Specifies the number of a port on the destination service on which this policy is being applied.", + "properties": { + "number": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, + "tls": { + "description": "TLS related settings for connections to the upstream service.", + "properties": { + "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, + "clientCertificate": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", + "nullable": true, + "type": "boolean" + }, + "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", + "enum": [ + "DISABLE", + "SIMPLE", + "MUTUAL", + "ISTIO_MUTUAL" + ], + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "sni": { + "description": "SNI string to present to the server during TLS handshake.", + "type": "string" + }, + "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "maxItems": 4096, + "type": "array" + }, + "proxyProtocol": { + "description": "The upstream PROXY protocol settings.", + "properties": { + "version": { + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", + "enum": [ + "V1", + "V2" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "tls": { + "description": "TLS related settings for connections to the upstream service.", + "properties": { + "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", + "type": "string" + }, + "clientCertificate": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", + "type": "string" + }, + "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", + "nullable": true, + "type": "boolean" + }, + "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", + "enum": [ + "DISABLE", + "SIMPLE", + "MUTUAL", + "ISTIO_MUTUAL" + ], + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `MUTUAL`.", + "type": "string" + }, + "sni": { + "description": "SNI string to present to the server during TLS handshake.", + "type": "string" + }, + "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "tunnel": { + "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", + "properties": { + "protocol": { + "description": "Specifies which protocol to use for tunneling the downstream connection.", + "type": "string" + }, + "targetHost": { + "description": "Specifies a host to which the downstream connection is tunneled.", + "type": "string" + }, + "targetPort": { + "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "targetHost", + "targetPort" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "workloadSelector": { + "description": "Criteria used to select the specific set of pods/VMs on which this `DestinationRule` configuration should be applied.", + "properties": { + "matchLabels": { + "additionalProperties": { + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] + }, + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "host" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" +} diff --git a/master-standalone-strict/destinationrule-networking-v1alpha3.json b/master-standalone-strict/destinationrule-networking-v1alpha3.json index 874e877..4ae7ba5 100644 --- a/master-standalone-strict/destinationrule-networking-v1alpha3.json +++ b/master-standalone-strict/destinationrule-networking-v1alpha3.json @@ -15,12 +15,14 @@ "type": "string" }, "subsets": { + "description": "One or more named sets that represent individual versions of a service.", "items": { "properties": { "labels": { "additionalProperties": { "type": "string" }, + "description": "Labels apply a filter over the endpoints of a service in the service registry.", "type": "object" }, "name": { @@ -36,7 +38,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -45,18 +47,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -64,6 +77,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -79,11 +93,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -95,13 +125,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -124,58 +170,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -189,8 +183,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -239,15 +240,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -265,6 +289,9 @@ "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "httpHeaderName": { @@ -275,9 +302,33 @@ "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, "type": "integer" }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -297,6 +348,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -308,7 +361,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -321,6 +374,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -339,6 +393,7 @@ "type": "object" }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -349,9 +404,47 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -360,10 +453,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -373,22 +474,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -409,7 +523,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -418,18 +532,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -437,6 +562,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -452,11 +578,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -468,13 +610,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -497,58 +655,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -562,8 +668,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -612,15 +725,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -638,6 +774,9 @@ "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "httpHeaderName": { @@ -648,9 +787,33 @@ "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, "type": "integer" }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -670,6 +833,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -681,7 +846,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -694,6 +859,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -712,6 +878,7 @@ "type": "object" }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -722,9 +889,47 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -733,10 +938,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -746,22 +959,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -773,8 +999,11 @@ "type": "object" }, "port": { + "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -784,6 +1013,11 @@ "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -791,13 +1025,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -815,6 +1052,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -826,12 +1064,32 @@ }, "type": "object" }, + "maxItems": 4096, "type": "array" }, + "proxyProtocol": { + "description": "The upstream PROXY protocol settings.", + "properties": { + "version": { + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", + "enum": [ + "V1", + "V2" + ], + "type": "string" + } + }, + "type": "object" + }, "tls": { "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -839,13 +1097,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -863,6 +1124,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -872,6 +1134,7 @@ "type": "object" }, "tunnel": { + "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", "properties": { "protocol": { "description": "Specifies which protocol to use for tunneling the downstream connection.", @@ -883,20 +1146,30 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, + "required": [ + "targetHost", + "targetPort" + ], "type": "object" } }, "type": "object" } }, + "required": [ + "name" + ], "type": "object" }, "type": "array" }, "trafficPolicy": { + "description": "Traffic policies to apply (load balancing policy, connection pool sizes, outlier detection).", "properties": { "connectionPool": { "properties": { @@ -904,7 +1177,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -913,18 +1186,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -932,6 +1216,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -948,11 +1233,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -964,13 +1265,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -996,58 +1313,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -1061,8 +1326,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -1111,15 +1383,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -1137,20 +1432,49 @@ "type": "string" } }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "httpHeaderName": { + "description": "Hash based on a specific HTTP header.", + "type": "string" + }, + "httpQueryParameterName": { + "description": "Hash based on a specific HTTP query parameter.", + "type": "string" + }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, + "type": "integer" + }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, "type": "object", "additionalProperties": false }, - "httpHeaderName": { - "description": "Hash based on a specific HTTP header.", - "type": "string" - }, - "httpQueryParameterName": { - "description": "Hash based on a specific HTTP query parameter.", - "type": "string" - }, - "minimumRingSize": { - "type": "integer" - }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -1171,6 +1495,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1182,7 +1508,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -1195,6 +1521,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -1214,6 +1541,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1224,9 +1552,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1236,10 +1603,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1249,22 +1624,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -1286,7 +1674,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -1295,18 +1683,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -1314,6 +1713,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -1329,11 +1729,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1345,13 +1761,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -1374,58 +1806,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -1439,8 +1819,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -1489,15 +1876,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -1515,6 +1925,9 @@ "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "httpHeaderName": { @@ -1525,9 +1938,33 @@ "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, "type": "integer" }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -1547,6 +1984,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1558,7 +1997,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -1571,6 +2010,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -1589,6 +2029,7 @@ "type": "object" }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1599,9 +2040,47 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -1610,10 +2089,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1623,22 +2110,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -1650,8 +2150,11 @@ "type": "object" }, "port": { + "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1661,6 +2164,11 @@ "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -1668,13 +2176,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1692,6 +2203,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -1703,12 +2215,33 @@ }, "type": "object" }, + "maxItems": 4096, "type": "array" }, + "proxyProtocol": { + "description": "The upstream PROXY protocol settings.", + "properties": { + "version": { + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", + "enum": [ + "V1", + "V2" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "tls": { "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -1716,13 +2249,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1740,6 +2276,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -1750,6 +2287,7 @@ "additionalProperties": false }, "tunnel": { + "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", "properties": { "protocol": { "description": "Specifies which protocol to use for tunneling the downstream connection.", @@ -1761,9 +2299,15 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, + "required": [ + "targetHost", + "targetPort" + ], "type": "object", "additionalProperties": false } @@ -1772,22 +2316,141 @@ "additionalProperties": false }, "workloadSelector": { + "description": "Criteria used to select the specific set of pods/VMs on which this `DestinationRule` configuration should be applied.", "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] }, - "type": "object" + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", "additionalProperties": false } }, + "required": [ + "host" + ], "type": "object", "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/destinationrule-networking-v1beta1.json b/master-standalone-strict/destinationrule-networking-v1beta1.json index 874e877..4ae7ba5 100644 --- a/master-standalone-strict/destinationrule-networking-v1beta1.json +++ b/master-standalone-strict/destinationrule-networking-v1beta1.json @@ -15,12 +15,14 @@ "type": "string" }, "subsets": { + "description": "One or more named sets that represent individual versions of a service.", "items": { "properties": { "labels": { "additionalProperties": { "type": "string" }, + "description": "Labels apply a filter over the endpoints of a service in the service registry.", "type": "object" }, "name": { @@ -36,7 +38,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -45,18 +47,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -64,6 +77,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -79,11 +93,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -95,13 +125,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -124,58 +170,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -189,8 +183,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -239,15 +240,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -265,6 +289,9 @@ "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "httpHeaderName": { @@ -275,9 +302,33 @@ "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, "type": "integer" }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -297,6 +348,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -308,7 +361,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -321,6 +374,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -339,6 +393,7 @@ "type": "object" }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -349,9 +404,47 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -360,10 +453,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -373,22 +474,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -409,7 +523,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -418,18 +532,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -437,6 +562,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -452,11 +578,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -468,13 +610,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -497,58 +655,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -562,8 +668,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -612,15 +725,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -638,6 +774,9 @@ "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "httpHeaderName": { @@ -648,9 +787,33 @@ "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, "type": "integer" }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -670,6 +833,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -681,7 +846,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -694,6 +859,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -712,6 +878,7 @@ "type": "object" }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -722,9 +889,47 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -733,10 +938,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -746,22 +959,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -773,8 +999,11 @@ "type": "object" }, "port": { + "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -784,6 +1013,11 @@ "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -791,13 +1025,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -815,6 +1052,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -826,12 +1064,32 @@ }, "type": "object" }, + "maxItems": 4096, "type": "array" }, + "proxyProtocol": { + "description": "The upstream PROXY protocol settings.", + "properties": { + "version": { + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", + "enum": [ + "V1", + "V2" + ], + "type": "string" + } + }, + "type": "object" + }, "tls": { "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -839,13 +1097,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -863,6 +1124,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -872,6 +1134,7 @@ "type": "object" }, "tunnel": { + "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", "properties": { "protocol": { "description": "Specifies which protocol to use for tunneling the downstream connection.", @@ -883,20 +1146,30 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, + "required": [ + "targetHost", + "targetPort" + ], "type": "object" } }, "type": "object" } }, + "required": [ + "name" + ], "type": "object" }, "type": "array" }, "trafficPolicy": { + "description": "Traffic policies to apply (load balancing policy, connection pool sizes, outlier detection).", "properties": { "connectionPool": { "properties": { @@ -904,7 +1177,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -913,18 +1186,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -932,6 +1216,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -948,11 +1233,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -964,13 +1265,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -996,58 +1313,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -1061,8 +1326,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -1111,15 +1383,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -1137,20 +1432,49 @@ "type": "string" } }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "httpHeaderName": { + "description": "Hash based on a specific HTTP header.", + "type": "string" + }, + "httpQueryParameterName": { + "description": "Hash based on a specific HTTP query parameter.", + "type": "string" + }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object", + "additionalProperties": false + }, + "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, + "type": "integer" + }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, "type": "object", "additionalProperties": false }, - "httpHeaderName": { - "description": "Hash based on a specific HTTP header.", - "type": "string" - }, - "httpQueryParameterName": { - "description": "Hash based on a specific HTTP query parameter.", - "type": "string" - }, - "minimumRingSize": { - "type": "integer" - }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -1171,6 +1495,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1182,7 +1508,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -1195,6 +1521,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -1214,6 +1541,7 @@ "additionalProperties": false }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1224,9 +1552,48 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object", + "additionalProperties": false + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object", @@ -1236,10 +1603,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1249,22 +1624,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -1286,7 +1674,7 @@ "description": "HTTP connection pool settings.", "properties": { "h2UpgradePolicy": { - "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.", + "description": "Specify if http1.1 connection should be upgraded to http2 for the associated destination.\n\nValid Options: DEFAULT, DO_NOT_UPGRADE, UPGRADE", "enum": [ "DEFAULT", "DO_NOT_UPGRADE", @@ -1295,18 +1683,29 @@ "type": "string" }, "http1MaxPendingRequests": { - "description": "Maximum number of pending HTTP requests to a destination.", + "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection.", "format": "int32", "type": "integer" }, "http2MaxRequests": { - "description": "Maximum number of requests to a backend.", + "description": "Maximum number of active requests to a destination.", "format": "int32", "type": "integer" }, "idleTimeout": { "description": "The idle timeout for upstream connection pool connections.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "maxConcurrentStreams": { + "description": "The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection.", + "format": "int32", + "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum number of requests per connection to a backend.", @@ -1314,6 +1713,7 @@ "type": "integer" }, "maxRetries": { + "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time.", "format": "int32", "type": "integer" }, @@ -1329,11 +1729,27 @@ "properties": { "connectTimeout": { "description": "TCP connection timeout.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "idleTimeout": { + "description": "The idle timeout for TCP connections.", "type": "string" }, "maxConnectionDuration": { "description": "The maximum duration of a connection.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxConnections": { "description": "Maximum number of HTTP1 /TCP connections to a destination host.", @@ -1345,13 +1761,29 @@ "properties": { "interval": { "description": "The time duration between keep-alive probes.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "probes": { + "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "time": { - "type": "string" + "description": "The time duration a connection needs to be idle before keep-alive probes start being sent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -1374,58 +1806,6 @@ ] }, { - "properties": { - "consistentHash": { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ] - }, - { - "required": [ - "httpCookie" - ] - }, - { - "required": [ - "useSourceIp" - ] - }, - { - "required": [ - "httpQueryParameterName" - ] - } - ] - } - }, "required": [ "consistentHash" ] @@ -1439,8 +1819,15 @@ ] }, { - "properties": { - "consistentHash": { + "required": [ + "consistentHash" + ] + } + ], + "properties": { + "consistentHash": { + "allOf": [ + { "oneOf": [ { "not": { @@ -1489,15 +1876,38 @@ ] } ] + }, + { + "oneOf": [ + { + "not": { + "anyOf": [ + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] + } + }, + { + "required": [ + "ringHash" + ] + }, + { + "required": [ + "maglev" + ] + } + ] } - }, - "required": [ - "consistentHash" - ] - } - ], - "properties": { - "consistentHash": { + ], "properties": { "httpCookie": { "description": "Hash based on HTTP cookie.", @@ -1515,6 +1925,9 @@ "type": "string" } }, + "required": [ + "name" + ], "type": "object" }, "httpHeaderName": { @@ -1525,9 +1938,33 @@ "description": "Hash based on a specific HTTP query parameter.", "type": "string" }, + "maglev": { + "description": "The Maglev load balancer implements consistent hashing to backend hosts.", + "properties": { + "tableSize": { + "description": "The table size for Maglev hashing.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "minimumRingSize": { + "description": "Deprecated.", + "minimum": 0, "type": "integer" }, + "ringHash": { + "description": "The ring/modulo hash load balancer implements consistent hashing to backend hosts.", + "properties": { + "minimumRingSize": { + "description": "The minimum number of virtual nodes to use for the hash ring.", + "minimum": 0, + "type": "integer" + } + }, + "type": "object" + }, "useSourceIp": { "description": "Hash based on the source IP address.", "type": "boolean" @@ -1547,6 +1984,8 @@ }, "to": { "additionalProperties": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "description": "Map of upstream localities to traffic distribution weights.", @@ -1558,7 +1997,7 @@ "type": "array" }, "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety.", + "description": "Enable locality load balancing.", "nullable": true, "type": "boolean" }, @@ -1571,6 +2010,7 @@ "type": "string" }, "to": { + "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", "type": "string" } }, @@ -1589,6 +2029,7 @@ "type": "object" }, "simple": { + "description": "\n\nValid Options: LEAST_CONN, RANDOM, PASSTHROUGH, ROUND_ROBIN, LEAST_REQUEST", "enum": [ "UNSPECIFIED", "LEAST_CONN", @@ -1599,9 +2040,47 @@ ], "type": "string" }, + "warmup": { + "description": "Represents the warmup configuration of Service.", + "properties": { + "aggression": { + "description": "This parameter controls the speed of traffic increase over the warmup duration.", + "format": "double", + "minimum": 1, + "nullable": true, + "type": "number" + }, + "duration": { + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] + }, + "minimumPercent": { + "format": "double", + "maximum": 100, + "minimum": 0, + "nullable": true, + "type": "number" + } + }, + "required": [ + "duration" + ], + "type": "object" + }, "warmupDurationSecs": { - "description": "Represents the warmup duration of Service.", - "type": "string" + "description": "Deprecated: use `warmup` instead.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] } }, "type": "object" @@ -1610,10 +2089,18 @@ "properties": { "baseEjectionTime": { "description": "Minimum ejection duration.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "consecutive5xxErrors": { "description": "Number of 5xx errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, @@ -1623,22 +2110,35 @@ }, "consecutiveGatewayErrors": { "description": "Number of gateway errors before a host is ejected from the connection pool.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "consecutiveLocalOriginFailures": { + "description": "The number of consecutive locally originated failures before ejection occurs.", + "maximum": 4294967295, + "minimum": 0, "nullable": true, "type": "integer" }, "interval": { "description": "Time interval between ejection sweep analysis.", - "type": "string" + "type": "string", + "x-kubernetes-validations": [ + { + "message": "must be a valid duration greater than 1ms", + "rule": "duration(self) >= duration('1ms')" + } + ] }, "maxEjectionPercent": { + "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected.", "format": "int32", "type": "integer" }, "minHealthPercent": { + "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least `minHealthPercent` hosts in healthy mode.", "format": "int32", "type": "integer" }, @@ -1650,8 +2150,11 @@ "type": "object" }, "port": { + "description": "Specifies the number of a port on the destination service on which this policy is being applied.", "properties": { "number": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -1661,6 +2164,11 @@ "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -1668,13 +2176,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1692,6 +2203,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -1703,12 +2215,33 @@ }, "type": "object" }, + "maxItems": 4096, "type": "array" }, + "proxyProtocol": { + "description": "The upstream PROXY protocol settings.", + "properties": { + "version": { + "description": "The PROXY protocol version to use.\n\nValid Options: V1, V2", + "enum": [ + "V1", + "V2" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "tls": { "description": "TLS related settings for connections to the upstream service.", "properties": { "caCertificates": { + "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented server certificate.", "type": "string" }, "clientCertificate": { @@ -1716,13 +2249,16 @@ "type": "string" }, "credentialName": { + "description": "The name of the secret that holds the TLS certs for the client including the CA certificates.", "type": "string" }, "insecureSkipVerify": { + "description": "`insecureSkipVerify` specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host.", "nullable": true, "type": "boolean" }, "mode": { + "description": "Indicates whether connections to this port should be secured using TLS.\n\nValid Options: DISABLE, SIMPLE, MUTUAL, ISTIO_MUTUAL", "enum": [ "DISABLE", "SIMPLE", @@ -1740,6 +2276,7 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate.", "items": { "type": "string" }, @@ -1750,6 +2287,7 @@ "additionalProperties": false }, "tunnel": { + "description": "Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule.", "properties": { "protocol": { "description": "Specifies which protocol to use for tunneling the downstream connection.", @@ -1761,9 +2299,15 @@ }, "targetPort": { "description": "Specifies a port to which the downstream connection is tunneled.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, + "required": [ + "targetHost", + "targetPort" + ], "type": "object", "additionalProperties": false } @@ -1772,22 +2316,141 @@ "additionalProperties": false }, "workloadSelector": { + "description": "Criteria used to select the specific set of pods/VMs on which this `DestinationRule` configuration should be applied.", "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] }, - "type": "object" + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", "additionalProperties": false } }, + "required": [ + "host" + ], "type": "object", "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/ecrauthorizationtoken-generators-v1alpha1.json b/master-standalone-strict/ecrauthorizationtoken-generators-v1alpha1.json index cdc6f48..3ebe0a0 100644 --- a/master-standalone-strict/ecrauthorizationtoken-generators-v1alpha1.json +++ b/master-standalone-strict/ecrauthorizationtoken-generators-v1alpha1.json @@ -32,10 +32,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -56,15 +62,24 @@ "description": "The AccessKeyID is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -75,15 +90,24 @@ "description": "The SecretAccessKey is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -94,15 +118,24 @@ "description": "The SessionToken used for authentication\nThis must be defined if AccessKeyID and SecretAccessKey are temporary credentials\nsee: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -124,6 +157,10 @@ "role": { "description": "You can assume a role before making calls to the\ndesired AWS service.", "type": "string" + }, + "scope": { + "description": "Scope specifies the ECR service scope.\nValid options are private and public.", + "type": "string" } }, "required": [ diff --git a/master-standalone-strict/envoyfilter-networking-v1alpha3.json b/master-standalone-strict/envoyfilter-networking-v1alpha3.json index 373b1be..2aa6499 100644 --- a/master-standalone-strict/envoyfilter-networking-v1alpha3.json +++ b/master-standalone-strict/envoyfilter-networking-v1alpha3.json @@ -8,6 +8,7 @@ "items": { "properties": { "applyTo": { + "description": "Specifies where in the Envoy configuration, the patch should be applied.\n\nValid Options: LISTENER, FILTER_CHAIN, NETWORK_FILTER, HTTP_FILTER, ROUTE_CONFIGURATION, VIRTUAL_HOST, HTTP_ROUTE, CLUSTER, EXTENSION_CONFIG, BOOTSTRAP, LISTENER_FILTER", "enum": [ "INVALID", "LISTENER", @@ -19,7 +20,8 @@ "HTTP_ROUTE", "CLUSTER", "EXTENSION_CONFIG", - "BOOTSTRAP" + "BOOTSTRAP", + "LISTENER_FILTER" ], "type": "string" }, @@ -73,6 +75,8 @@ }, "portNumber": { "description": "The service port for which this cluster was generated.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "service": { @@ -87,7 +91,7 @@ "type": "object" }, "context": { - "description": "The specific config generation context to match on.", + "description": "The specific config generation context to match on.\n\nValid Options: ANY, SIDECAR_INBOUND, SIDECAR_OUTBOUND, GATEWAY", "enum": [ "ANY", "SIDECAR_INBOUND", @@ -108,6 +112,8 @@ }, "destinationPort": { "description": "The destination_port value used by a filter chain's match condition.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "filter": { @@ -118,6 +124,7 @@ "type": "string" }, "subFilter": { + "description": "The next level filter within this filter to match upon.", "properties": { "name": { "description": "The filter name to match on.", @@ -144,6 +151,10 @@ }, "type": "object" }, + "listenerFilter": { + "description": "Match a specific listener filter.", + "type": "string" + }, "name": { "description": "Match a specific listener by its name.", "type": "string" @@ -152,6 +163,9 @@ "type": "string" }, "portNumber": { + "description": "The service port/gateway port to which traffic is being sent/received.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, @@ -164,9 +178,11 @@ "additionalProperties": { "type": "string" }, + "description": "Match on the node metadata supplied by a proxy when connecting to istiod.", "type": "object" }, "proxyVersion": { + "description": "A regular expression in golang regex format (RE2) that can be used to select proxies using a specific version of istio proxy.", "type": "string" } }, @@ -176,6 +192,7 @@ "description": "Match on envoy HTTP route configuration attributes.", "properties": { "gateway": { + "description": "The Istio gateway config's namespace/name for which this route configuration was generated.", "type": "string" }, "name": { @@ -187,18 +204,27 @@ "type": "string" }, "portNumber": { + "description": "The service port number or gateway server port number for which this route configuration was generated.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "vhost": { + "description": "Match a specific virtual host in a route configuration and apply the patch to the virtual host.", "properties": { + "domainName": { + "description": "Match a domain name in a virtual host.", + "type": "string" + }, "name": { + "description": "The VirtualHosts objects generated by Istio are named as host:port, where the host typically corresponds to the VirtualService's host field or the hostname of a service in the registry.", "type": "string" }, "route": { "description": "Match a specific route within the virtual host.", "properties": { "action": { - "description": "Match a route with specific action type.", + "description": "Match a route with specific action type.\n\nValid Options: ANY, ROUTE, REDIRECT, DIRECT_RESPONSE", "enum": [ "ANY", "ROUTE", @@ -208,6 +234,7 @@ "type": "string" }, "name": { + "description": "The Route objects generated by default are named as default.", "type": "string" } }, @@ -226,7 +253,7 @@ "description": "The patch to apply along with the operation.", "properties": { "filterClass": { - "description": "Determines the filter insertion order.", + "description": "Determines the filter insertion order.\n\nValid Options: AUTHN, AUTHZ, STATS", "enum": [ "UNSPECIFIED", "AUTHN", @@ -236,7 +263,7 @@ "type": "string" }, "operation": { - "description": "Determines how the patch should be applied.", + "description": "Determines how the patch should be applied.\n\nValid Options: MERGE, ADD, REMOVE, INSERT_BEFORE, INSERT_AFTER, INSERT_FIRST, REPLACE", "enum": [ "INVALID", "MERGE", @@ -267,12 +294,65 @@ "format": "int32", "type": "integer" }, + "targetRefs": { + "description": "Optional.", + "items": { + "properties": { + "group": { + "description": "group is the group of the target resource.", + "maxLength": 253, + "pattern": "^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "kind": { + "description": "kind is kind of the target resource.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$", + "type": "string" + }, + "name": { + "description": "name is the name of the target resource.", + "maxLength": 253, + "minLength": 1, + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace of the referent.", + "type": "string", + "x-kubernetes-validations": [ + { + "message": "cross namespace referencing is not currently supported", + "rule": "self.size() == 0" + } + ] + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "maxItems": 16, + "type": "array" + }, "workloadSelector": { + "description": "Criteria used to select the specific set of pods/VMs on which this patch configuration should be applied.", "properties": { "labels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard is not supported in selector", + "rule": "!self.contains(\"*\")" + } + ] }, + "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied.", + "maxProperties": 256, "type": "object" } }, @@ -281,9 +361,111 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of targetRefs or workloadSelector can be set", + "rule": "(has(self.workloadSelector) ? 1 : 0) + (has(self.targetRefs) ? 1 : 0) <= 1" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/experiment-argoproj-v1alpha1.json b/master-standalone-strict/experiment-argoproj-v1alpha1.json index 9cbfdd8..8b201cd 100644 --- a/master-standalone-strict/experiment-argoproj-v1alpha1.json +++ b/master-standalone-strict/experiment-argoproj-v1alpha1.json @@ -83,6 +83,24 @@ }, "type": "array" }, + "analysisRunMetadata": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, "dryRun": { "items": { "properties": { @@ -174,9 +192,15 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "service": { + "properties": { + "name": { + "type": "string" + } + }, "type": "object" }, "template": { @@ -262,7 +286,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "weight": { "format": "int32", @@ -331,7 +356,8 @@ "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" } @@ -339,7 +365,8 @@ "required": [ "nodeSelectorTerms" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -384,7 +411,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -419,7 +461,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -485,7 +528,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -520,7 +578,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -582,7 +641,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -617,7 +691,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -683,7 +758,22 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "namespaceSelector": { "properties": { @@ -718,7 +808,8 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "namespaces": { "items": { @@ -787,7 +878,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -801,7 +893,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -827,7 +920,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -844,7 +938,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -869,7 +964,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -883,7 +979,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -957,6 +1054,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1041,6 +1150,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1352,8 +1473,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -1363,6 +1521,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -1731,7 +1892,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -1745,7 +1907,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -1771,7 +1934,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -1788,7 +1952,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1813,7 +1978,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -1827,7 +1993,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -1901,6 +2068,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -1985,6 +2164,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2296,8 +2487,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -2307,6 +2535,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -2626,6 +2857,9 @@ "hostPID": { "type": "boolean" }, + "hostUsers": { + "type": "boolean" + }, "hostname": { "type": "string" }, @@ -2636,7 +2870,8 @@ "type": "string" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "type": "array" }, @@ -2681,7 +2916,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "fieldRef": { "properties": { @@ -2695,7 +2931,8 @@ "required": [ "fieldPath" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { "properties": { @@ -2721,7 +2958,8 @@ "required": [ "resource" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "secretKeyRef": { "properties": { @@ -2738,7 +2976,8 @@ "required": [ "key" ], - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2763,7 +3002,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" }, "prefix": { "type": "string" @@ -2777,7 +3017,8 @@ "type": "boolean" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" } }, "type": "object" @@ -2851,6 +3092,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -2935,6 +3188,18 @@ ], "type": "object" }, + "sleep": { + "properties": { + "seconds": { + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { "properties": { "host": { @@ -3246,8 +3511,45 @@ }, "type": "object" }, + "resizePolicy": { + "items": { + "properties": { + "resourceName": { + "type": "string" + }, + "restartPolicy": { + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { "properties": { + "claims": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "x-kubernetes-preserve-unknown-fields": true }, @@ -3257,6 +3559,9 @@ }, "type": "object" }, + "restartPolicy": { + "type": "string" + }, "securityContext": { "properties": { "allowPrivilegeEscalation": { @@ -3607,6 +3912,35 @@ }, "type": "array" }, + "resourceClaims": { + "items": { + "properties": { + "name": { + "type": "string" + }, + "source": { + "properties": { + "resourceClaimName": { + "type": "string" + }, + "resourceClaimTemplateName": { + "type": "string" + } + }, + "type": "object" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "restartPolicy": { "type": "string" }, @@ -3616,6 +3950,24 @@ "schedulerName": { "type": "string" }, + "schedulingGates": { + "items": { + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "securityContext": { "properties": { "fsGroup": { @@ -3791,12 +4143,30 @@ "type": "object" } }, - "type": "object" + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "matchLabelKeys": { + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" }, "maxSkew": { "format": "int32", "type": "integer" }, + "minDomains": { + "format": "int32", + "type": "integer" + }, + "nodeAffinityPolicy": { + "type": "string" + }, + "nodeTaintsPolicy": { + "type": "string" + }, "topologyKey": { "type": "string" }, diff --git a/master-standalone-strict/externalsecret-external-secrets-v1.json b/master-standalone-strict/externalsecret-external-secrets-v1.json new file mode 100644 index 0000000..698a084 --- /dev/null +++ b/master-standalone-strict/externalsecret-external-secrets-v1.json @@ -0,0 +1,672 @@ +{ + "description": "ExternalSecret is the Schema for the external-secrets API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "ExternalSecretSpec defines the desired state of ExternalSecret.", + "properties": { + "data": { + "description": "Data defines the connection between the Kubernetes Secret keys and the Provider data", + "items": { + "description": "ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data.", + "properties": { + "remoteRef": { + "description": "RemoteRef points to the remote secret and defines\nwhich secret (version/property/..) to fetch.", + "properties": { + "conversionStrategy": { + "default": "Default", + "description": "Used to define a conversion Strategy", + "enum": [ + "Default", + "Unicode" + ], + "type": "string" + }, + "decodingStrategy": { + "default": "None", + "description": "Used to define a decoding Strategy", + "enum": [ + "Auto", + "Base64", + "Base64URL", + "None" + ], + "type": "string" + }, + "key": { + "description": "Key is the key used in the Provider, mandatory", + "type": "string" + }, + "metadataPolicy": { + "default": "None", + "description": "Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None", + "enum": [ + "None", + "Fetch" + ], + "type": "string" + }, + "property": { + "description": "Used to select a specific property of the Provider value (if a map), if supported", + "type": "string" + }, + "version": { + "description": "Used to select a specific version of the Provider value, if supported", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "secretKey": { + "description": "The key in the Kubernetes Secret to store the value.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "sourceRef": { + "description": "SourceRef allows you to override the source\nfrom which the value will be pulled.", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "generatorRef": { + "description": "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", + "properties": { + "apiVersion": { + "default": "generators.external-secrets.io/v1alpha1", + "description": "Specify the apiVersion of the generator resource", + "type": "string" + }, + "kind": { + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], + "type": "string" + }, + "name": { + "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storeRef": { + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "name": { + "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "required": [ + "remoteRef", + "secretKey" + ], + "type": "object" + }, + "type": "array" + }, + "dataFrom": { + "description": "DataFrom is used to fetch all properties from a specific Provider data\nIf multiple entries are specified, the Secret keys are merged in the specified order", + "items": { + "properties": { + "extract": { + "description": "Used to extract multiple key/value pairs from one secret\nNote: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.", + "properties": { + "conversionStrategy": { + "default": "Default", + "description": "Used to define a conversion Strategy", + "enum": [ + "Default", + "Unicode" + ], + "type": "string" + }, + "decodingStrategy": { + "default": "None", + "description": "Used to define a decoding Strategy", + "enum": [ + "Auto", + "Base64", + "Base64URL", + "None" + ], + "type": "string" + }, + "key": { + "description": "Key is the key used in the Provider, mandatory", + "type": "string" + }, + "metadataPolicy": { + "default": "None", + "description": "Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None", + "enum": [ + "None", + "Fetch" + ], + "type": "string" + }, + "property": { + "description": "Used to select a specific property of the Provider value (if a map), if supported", + "type": "string" + }, + "version": { + "description": "Used to select a specific version of the Provider value, if supported", + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "find": { + "description": "Used to find secrets based on tags or regular expressions\nNote: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.", + "properties": { + "conversionStrategy": { + "default": "Default", + "description": "Used to define a conversion Strategy", + "enum": [ + "Default", + "Unicode" + ], + "type": "string" + }, + "decodingStrategy": { + "default": "None", + "description": "Used to define a decoding Strategy", + "enum": [ + "Auto", + "Base64", + "Base64URL", + "None" + ], + "type": "string" + }, + "name": { + "description": "Finds secrets based on the name.", + "properties": { + "regexp": { + "description": "Finds secrets base", + "type": "string" + } + }, + "type": "object" + }, + "path": { + "description": "A root path to start the find operations.", + "type": "string" + }, + "tags": { + "additionalProperties": { + "type": "string" + }, + "description": "Find secrets based on tags.", + "type": "object" + } + }, + "type": "object" + }, + "rewrite": { + "description": "Used to rewrite secret Keys after getting them from the secret Provider\nMultiple Rewrite operations can be provided. They are applied in a layered order (first to last)", + "items": { + "properties": { + "regexp": { + "description": "Used to rewrite with regular expressions.\nThe resulting key will be the output of a regexp.ReplaceAll operation.", + "properties": { + "source": { + "description": "Used to define the regular expression of a re.Compiler.", + "type": "string" + }, + "target": { + "description": "Used to define the target pattern of a ReplaceAll operation.", + "type": "string" + } + }, + "required": [ + "source", + "target" + ], + "type": "object" + }, + "transform": { + "description": "Used to apply string transformation on the secrets.\nThe resulting key will be the output of the template applied by the operation.", + "properties": { + "template": { + "description": "Used to define the template to apply on the secret name.\n`.value ` will specify the secret name in the template.", + "type": "string" + } + }, + "required": [ + "template" + ], + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "sourceRef": { + "description": "SourceRef points to a store or generator\nwhich contains secret values ready to use.\nUse this in combination with Extract or Find pull values out of\na specific SecretStore.\nWhen sourceRef points to a generator Extract or Find is not supported.\nThe generator returns a static map of values", + "maxProperties": 1, + "minProperties": 1, + "properties": { + "generatorRef": { + "description": "GeneratorRef points to a generator custom resource.", + "properties": { + "apiVersion": { + "default": "generators.external-secrets.io/v1alpha1", + "description": "Specify the apiVersion of the generator resource", + "type": "string" + }, + "kind": { + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], + "type": "string" + }, + "name": { + "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "kind", + "name" + ], + "type": "object" + }, + "storeRef": { + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "name": { + "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + }, + "refreshInterval": { + "default": "1h", + "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h.", + "type": "string" + }, + "refreshPolicy": { + "description": "RefreshPolicy determines how the ExternalSecret should be refreshed:\n- CreatedOnce: Creates the Secret only if it does not exist and does not update it thereafter\n- Periodic: Synchronizes the Secret from the external source at regular intervals specified by refreshInterval.\n No periodic updates occur if refreshInterval is 0.\n- OnChange: Only synchronizes the Secret when the ExternalSecret's metadata or specification changes", + "enum": [ + "CreatedOnce", + "Periodic", + "OnChange" + ], + "type": "string" + }, + "secretStoreRef": { + "description": "SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.", + "properties": { + "kind": { + "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], + "type": "string" + }, + "name": { + "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "target": { + "default": { + "creationPolicy": "Owner", + "deletionPolicy": "Retain" + }, + "description": "ExternalSecretTarget defines the Kubernetes Secret to be created\nThere can be only one target per ExternalSecret.", + "properties": { + "creationPolicy": { + "default": "Owner", + "description": "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"", + "enum": [ + "Owner", + "Orphan", + "Merge", + "None" + ], + "type": "string" + }, + "deletionPolicy": { + "default": "Retain", + "description": "DeletionPolicy defines rules on how to delete the resulting Secret.\nDefaults to \"Retain\"", + "enum": [ + "Delete", + "Merge", + "Retain" + ], + "type": "string" + }, + "immutable": { + "description": "Immutable defines if the final secret will be immutable", + "type": "boolean" + }, + "name": { + "description": "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "template": { + "description": "Template defines a blueprint for the created Secret resource.", + "properties": { + "data": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "engineVersion": { + "default": "v2", + "description": "EngineVersion specifies the template engine version\nthat should be used to compile/execute the\ntemplate specified in .data and .templateFrom[].", + "enum": [ + "v2" + ], + "type": "string" + }, + "mergePolicy": { + "default": "Replace", + "enum": [ + "Replace", + "Merge" + ], + "type": "string" + }, + "metadata": { + "description": "ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.", + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + } + }, + "type": "object", + "additionalProperties": false + }, + "templateFrom": { + "items": { + "properties": { + "configMap": { + "properties": { + "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", + "items": { + "properties": { + "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "templateAs": { + "default": "Values", + "enum": [ + "Values", + "KeysAndValues" + ], + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "items", + "name" + ], + "type": "object" + }, + "literal": { + "type": "string" + }, + "secret": { + "properties": { + "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", + "items": { + "properties": { + "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "templateAs": { + "default": "Values", + "enum": [ + "Values", + "KeysAndValues" + ], + "type": "string" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "type": "array" + }, + "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "required": [ + "items", + "name" + ], + "type": "object" + }, + "target": { + "default": "Data", + "enum": [ + "Data", + "Annotations", + "Labels" + ], + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "binding": { + "description": "Binding represents a servicebinding.io Provisioned Service reference to the secret", + "properties": { + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "refreshTime": { + "description": "refreshTime is the time and date the external secret was fetched and\nthe target secret updated", + "format": "date-time", + "nullable": true, + "type": "string" + }, + "syncedResourceVersion": { + "description": "SyncedResourceVersion keeps track of the last synced version", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/externalsecret-external-secrets-v1beta1.json b/master-standalone-strict/externalsecret-external-secrets-v1beta1.json index 6acb458..698a084 100644 --- a/master-standalone-strict/externalsecret-external-secrets-v1beta1.json +++ b/master-standalone-strict/externalsecret-external-secrets-v1beta1.json @@ -71,15 +71,19 @@ "type": "object" }, "secretKey": { - "description": "SecretKey defines the key in which the controller stores\nthe value. This is the key in the Kind=Secret", + "description": "The key in the Kubernetes Secret to store the value.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "sourceRef": { - "description": "SourceRef allows you to override the source\nfrom which the value will pulled from.", + "description": "SourceRef allows you to override the source\nfrom which the value will be pulled.", "maxProperties": 1, + "minProperties": 1, "properties": { "generatorRef": { - "description": "GeneratorRef points to a generator custom resource.\n\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", + "description": "GeneratorRef points to a generator custom resource.\n\nDeprecated: The generatorRef is not implemented in .data[].\nthis will be removed with v1.", "properties": { "apiVersion": { "default": "generators.external-secrets.io/v1alpha1", @@ -87,11 +91,29 @@ "type": "string" }, "kind": { - "description": "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.", + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], "type": "string" }, "name": { "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -106,16 +128,20 @@ "properties": { "kind": { "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], "type": "string" }, "name": { "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object" } }, @@ -274,6 +300,7 @@ "sourceRef": { "description": "SourceRef points to a store or generator\nwhich contains secret values ready to use.\nUse this in combination with Extract or Find pull values out of\na specific SecretStore.\nWhen sourceRef points to a generator Extract or Find is not supported.\nThe generator returns a static map of values", "maxProperties": 1, + "minProperties": 1, "properties": { "generatorRef": { "description": "GeneratorRef points to a generator custom resource.", @@ -284,11 +311,29 @@ "type": "string" }, "kind": { - "description": "Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.", + "description": "Specify the Kind of the generator resource", + "enum": [ + "ACRAccessToken", + "ClusterGenerator", + "ECRAuthorizationToken", + "Fake", + "GCRAccessToken", + "GithubAccessToken", + "QuayAccessToken", + "Password", + "STSSessionToken", + "UUID", + "VaultDynamicSecret", + "Webhook", + "Grafana" + ], "type": "string" }, "name": { "description": "Specify the name of the generator resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -303,16 +348,20 @@ "properties": { "kind": { "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], "type": "string" }, "name": { "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object" } }, @@ -325,7 +374,16 @@ }, "refreshInterval": { "default": "1h", - "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nMay be set to zero to fetch and create it once. Defaults to 1h.", + "description": "RefreshInterval is the amount of time before the values are read again from the SecretStore provider,\nspecified as Golang Duration strings.\nValid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\"\nExample values: \"1h\", \"2h30m\", \"10s\"\nMay be set to zero to fetch and create it once. Defaults to 1h.", + "type": "string" + }, + "refreshPolicy": { + "description": "RefreshPolicy determines how the ExternalSecret should be refreshed:\n- CreatedOnce: Creates the Secret only if it does not exist and does not update it thereafter\n- Periodic: Synchronizes the Secret from the external source at regular intervals specified by refreshInterval.\n No periodic updates occur if refreshInterval is 0.\n- OnChange: Only synchronizes the Secret when the ExternalSecret's metadata or specification changes", + "enum": [ + "CreatedOnce", + "Periodic", + "OnChange" + ], "type": "string" }, "secretStoreRef": { @@ -333,16 +391,20 @@ "properties": { "kind": { "description": "Kind of the SecretStore resource (SecretStore or ClusterSecretStore)\nDefaults to `SecretStore`", + "enum": [ + "SecretStore", + "ClusterSecretStore" + ], "type": "string" }, "name": { "description": "Name of the SecretStore resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, - "required": [ - "name" - ], "type": "object", "additionalProperties": false }, @@ -355,7 +417,7 @@ "properties": { "creationPolicy": { "default": "Owner", - "description": "CreationPolicy defines rules on how to create the resulting Secret\nDefaults to 'Owner'", + "description": "CreationPolicy defines rules on how to create the resulting Secret.\nDefaults to \"Owner\"", "enum": [ "Owner", "Orphan", @@ -366,7 +428,7 @@ }, "deletionPolicy": { "default": "Retain", - "description": "DeletionPolicy defines rules on how to delete the resulting Secret\nDefaults to 'Retain'", + "description": "DeletionPolicy defines rules on how to delete the resulting Secret.\nDefaults to \"Retain\"", "enum": [ "Delete", "Merge", @@ -379,7 +441,10 @@ "type": "boolean" }, "name": { - "description": "Name defines the name of the Secret resource to be managed\nThis field is immutable\nDefaults to the .metadata.name of the ExternalSecret resource", + "description": "The name of the Secret resource to be managed.\nDefaults to the .metadata.name of the ExternalSecret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "template": { @@ -395,7 +460,6 @@ "default": "v2", "description": "EngineVersion specifies the template engine version\nthat should be used to compile/execute the\ntemplate specified in .data and .templateFrom[].", "enum": [ - "v1", "v2" ], "type": "string" @@ -433,9 +497,14 @@ "configMap": { "properties": { "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", "items": { "properties": { "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "templateAs": { @@ -455,6 +524,10 @@ "type": "array" }, "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -470,9 +543,14 @@ "secret": { "properties": { "items": { + "description": "A list of keys in the ConfigMap/Secret to use as templates for Secret data", "items": { "properties": { "key": { + "description": "A key in the ConfigMap/Secret", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "templateAs": { @@ -492,6 +570,10 @@ "type": "array" }, "name": { + "description": "The name of the ConfigMap/Secret resource", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" } }, @@ -536,7 +618,8 @@ "description": "Binding represents a servicebinding.io Provisioned Service reference to the secret", "properties": { "name": { - "description": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, diff --git a/master-standalone-strict/gateway-networking-v1.json b/master-standalone-strict/gateway-networking-v1.json new file mode 100644 index 0000000..54a221a --- /dev/null +++ b/master-standalone-strict/gateway-networking-v1.json @@ -0,0 +1,317 @@ +{ + "properties": { + "spec": { + "description": "Configuration affecting edge load balancer. See more details at: https://istio.io/docs/reference/config/networking/gateway.html", + "properties": { + "selector": { + "additionalProperties": { + "type": "string" + }, + "description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied.", + "type": "object" + }, + "servers": { + "description": "A list of server specifications.", + "items": { + "properties": { + "bind": { + "description": "The ip or the Unix domain socket to which the listener should be bound to.", + "type": "string" + }, + "defaultEndpoint": { + "type": "string" + }, + "hosts": { + "description": "One or more hosts exposed by this gateway.", + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "description": "An optional name of the server, when set must be unique across all servers.", + "type": "string" + }, + "port": { + "description": "The Port on which the proxy should listen for incoming connections.", + "properties": { + "name": { + "description": "Label assigned to the port.", + "type": "string" + }, + "number": { + "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + }, + "protocol": { + "description": "The protocol exposed on the port.", + "type": "string" + }, + "targetPort": { + "maximum": 4294967295, + "minimum": 0, + "type": "integer" + } + }, + "required": [ + "number", + "protocol", + "name" + ], + "type": "object" + }, + "tls": { + "description": "Set of TLS related options that govern the server's behavior.", + "properties": { + "caCertificates": { + "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", + "type": "string" + }, + "cipherSuites": { + "description": "Optional: If specified, only support the specified cipher list.", + "items": { + "type": "string" + }, + "type": "array" + }, + "credentialName": { + "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates.", + "type": "string" + }, + "credentialNames": { + "description": "Same as CredentialName but for multiple certificates.", + "items": { + "type": "string" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "httpsRedirect": { + "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.", + "type": "boolean" + }, + "maxProtocolVersion": { + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", + "enum": [ + "TLS_AUTO", + "TLSV1_0", + "TLSV1_1", + "TLSV1_2", + "TLSV1_3" + ], + "type": "string" + }, + "minProtocolVersion": { + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", + "enum": [ + "TLS_AUTO", + "TLSV1_0", + "TLSV1_1", + "TLSV1_2", + "TLSV1_3" + ], + "type": "string" + }, + "mode": { + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", + "enum": [ + "PASSTHROUGH", + "SIMPLE", + "MUTUAL", + "AUTO_PASSTHROUGH", + "ISTIO_MUTUAL", + "OPTIONAL_MUTUAL" + ], + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + }, + "serverCertificate": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + }, + "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.", + "items": { + "type": "string" + }, + "type": "array" + }, + "tlsCertificates": { + "description": "Only one of `server_certificate`, `private_key` or `credential_name` or `credential_names` or `tls_certificates` should be specified.", + "items": { + "properties": { + "caCertificates": { + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + }, + "serverCertificate": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, + "verifyCertificateHash": { + "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates.", + "items": { + "type": "string" + }, + "type": "array" + }, + "verifyCertificateSpki": { + "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of credentialNames or tlsCertificates can be set", + "rule": "(has(self.tlsCertificates) ? 1 : 0) + (has(self.credentialNames) ? 1 : 0) <= 1" + }, + { + "message": "only one of credentialName or credentialNames can be set", + "rule": "(has(self.credentialName) ? 1 : 0) + (has(self.credentialNames) ? 1 : 0) <= 1" + }, + { + "message": "only one of credentialName or tlsCertificates can be set", + "rule": "(has(self.credentialNames) ? 1 : 0) + (has(self.tlsCertificates) ? 1 : 0) <= 1" + } + ] + } + }, + "required": [ + "port", + "hosts" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" +} diff --git a/master-standalone-strict/gateway-networking-v1alpha3.json b/master-standalone-strict/gateway-networking-v1alpha3.json index 0bc0681..54a221a 100644 --- a/master-standalone-strict/gateway-networking-v1alpha3.json +++ b/master-standalone-strict/gateway-networking-v1alpha3.json @@ -7,6 +7,7 @@ "additionalProperties": { "type": "string" }, + "description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied.", "type": "object" }, "servers": { @@ -14,6 +15,7 @@ "items": { "properties": { "bind": { + "description": "The ip or the Unix domain socket to which the listener should be bound to.", "type": "string" }, "defaultEndpoint": { @@ -31,6 +33,7 @@ "type": "string" }, "port": { + "description": "The Port on which the proxy should listen for incoming connections.", "properties": { "name": { "description": "Label assigned to the port.", @@ -38,6 +41,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -45,16 +50,27 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, + "required": [ + "number", + "protocol", + "name" + ], "type": "object" }, "tls": { "description": "Set of TLS related options that govern the server's behavior.", "properties": { "caCertificates": { - "description": "REQUIRED if mode is `MUTUAL`.", + "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", "type": "string" }, "cipherSuites": { @@ -65,13 +81,24 @@ "type": "array" }, "credentialName": { + "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates.", "type": "string" }, + "credentialNames": { + "description": "Same as CredentialName but for multiple certificates.", + "items": { + "type": "string" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, "httpsRedirect": { + "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.", "type": "boolean" }, "maxProtocolVersion": { - "description": "Optional: Maximum TLS protocol version.", + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -82,7 +109,7 @@ "type": "string" }, "minProtocolVersion": { - "description": "Optional: Minimum TLS protocol version.", + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -93,12 +120,14 @@ "type": "string" }, "mode": { + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", "MUTUAL", "AUTO_PASSTHROUGH", - "ISTIO_MUTUAL" + "ISTIO_MUTUAL", + "OPTIONAL_MUTUAL" ], "type": "string" }, @@ -111,27 +140,70 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.", "items": { "type": "string" }, "type": "array" }, + "tlsCertificates": { + "description": "Only one of `server_certificate`, `private_key` or `credential_name` or `credential_names` or `tls_certificates` should be specified.", + "items": { + "properties": { + "caCertificates": { + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + }, + "serverCertificate": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, "verifyCertificateHash": { + "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates.", "items": { "type": "string" }, "type": "array" }, "verifyCertificateSpki": { + "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates.", "items": { "type": "string" }, "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of credentialNames or tlsCertificates can be set", + "rule": "(has(self.tlsCertificates) ? 1 : 0) + (has(self.credentialNames) ? 1 : 0) <= 1" + }, + { + "message": "only one of credentialName or credentialNames can be set", + "rule": "(has(self.credentialName) ? 1 : 0) + (has(self.credentialNames) ? 1 : 0) <= 1" + }, + { + "message": "only one of credentialName or tlsCertificates can be set", + "rule": "(has(self.credentialNames) ? 1 : 0) + (has(self.tlsCertificates) ? 1 : 0) <= 1" + } + ] } }, + "required": [ + "port", + "hosts" + ], "type": "object" }, "type": "array" @@ -141,6 +213,102 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/gateway-networking-v1beta1.json b/master-standalone-strict/gateway-networking-v1beta1.json index 0bc0681..54a221a 100644 --- a/master-standalone-strict/gateway-networking-v1beta1.json +++ b/master-standalone-strict/gateway-networking-v1beta1.json @@ -7,6 +7,7 @@ "additionalProperties": { "type": "string" }, + "description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied.", "type": "object" }, "servers": { @@ -14,6 +15,7 @@ "items": { "properties": { "bind": { + "description": "The ip or the Unix domain socket to which the listener should be bound to.", "type": "string" }, "defaultEndpoint": { @@ -31,6 +33,7 @@ "type": "string" }, "port": { + "description": "The Port on which the proxy should listen for incoming connections.", "properties": { "name": { "description": "Label assigned to the port.", @@ -38,6 +41,8 @@ }, "number": { "description": "A valid non-negative integer port number.", + "maximum": 4294967295, + "minimum": 0, "type": "integer" }, "protocol": { @@ -45,16 +50,27 @@ "type": "string" }, "targetPort": { + "maximum": 4294967295, + "minimum": 0, "type": "integer" } }, + "required": [ + "number", + "protocol", + "name" + ], "type": "object" }, "tls": { "description": "Set of TLS related options that govern the server's behavior.", "properties": { "caCertificates": { - "description": "REQUIRED if mode is `MUTUAL`.", + "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`.", + "type": "string" + }, + "caCrl": { + "description": "OPTIONAL: The path to the file containing the certificate revocation list (CRL) to use in verifying a presented client side certificate.", "type": "string" }, "cipherSuites": { @@ -65,13 +81,24 @@ "type": "array" }, "credentialName": { + "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates.", "type": "string" }, + "credentialNames": { + "description": "Same as CredentialName but for multiple certificates.", + "items": { + "type": "string" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, "httpsRedirect": { + "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.", "type": "boolean" }, "maxProtocolVersion": { - "description": "Optional: Maximum TLS protocol version.", + "description": "Optional: Maximum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -82,7 +109,7 @@ "type": "string" }, "minProtocolVersion": { - "description": "Optional: Minimum TLS protocol version.", + "description": "Optional: Minimum TLS protocol version.\n\nValid Options: TLS_AUTO, TLSV1_0, TLSV1_1, TLSV1_2, TLSV1_3", "enum": [ "TLS_AUTO", "TLSV1_0", @@ -93,12 +120,14 @@ "type": "string" }, "mode": { + "description": "Optional: Indicates whether connections to this port should be secured using TLS.\n\nValid Options: PASSTHROUGH, SIMPLE, MUTUAL, AUTO_PASSTHROUGH, ISTIO_MUTUAL, OPTIONAL_MUTUAL", "enum": [ "PASSTHROUGH", "SIMPLE", "MUTUAL", "AUTO_PASSTHROUGH", - "ISTIO_MUTUAL" + "ISTIO_MUTUAL", + "OPTIONAL_MUTUAL" ], "type": "string" }, @@ -111,27 +140,70 @@ "type": "string" }, "subjectAltNames": { + "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.", "items": { "type": "string" }, "type": "array" }, + "tlsCertificates": { + "description": "Only one of `server_certificate`, `private_key` or `credential_name` or `credential_names` or `tls_certificates` should be specified.", + "items": { + "properties": { + "caCertificates": { + "type": "string" + }, + "privateKey": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + }, + "serverCertificate": { + "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`.", + "type": "string" + } + }, + "type": "object" + }, + "maxItems": 2, + "minItems": 1, + "type": "array" + }, "verifyCertificateHash": { + "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates.", "items": { "type": "string" }, "type": "array" }, "verifyCertificateSpki": { + "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates.", "items": { "type": "string" }, "type": "array" } }, - "type": "object" + "type": "object", + "x-kubernetes-validations": [ + { + "message": "only one of credentialNames or tlsCertificates can be set", + "rule": "(has(self.tlsCertificates) ? 1 : 0) + (has(self.credentialNames) ? 1 : 0) <= 1" + }, + { + "message": "only one of credentialName or credentialNames can be set", + "rule": "(has(self.credentialName) ? 1 : 0) + (has(self.credentialNames) ? 1 : 0) <= 1" + }, + { + "message": "only one of credentialName or tlsCertificates can be set", + "rule": "(has(self.credentialNames) ? 1 : 0) + (has(self.tlsCertificates) ? 1 : 0) <= 1" + } + ] } }, + "required": [ + "port", + "hosts" + ], "type": "object" }, "type": "array" @@ -141,6 +213,102 @@ "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/gcraccesstoken-generators-v1alpha1.json b/master-standalone-strict/gcraccesstoken-generators-v1alpha1.json index 89dfb99..d7bd3db 100644 --- a/master-standalone-strict/gcraccesstoken-generators-v1alpha1.json +++ b/master-standalone-strict/gcraccesstoken-generators-v1alpha1.json @@ -23,15 +23,24 @@ "description": "The SecretAccessKey is used for authentication", "properties": { "key": { - "description": "The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be\ndefaulted, in others it may be required.", + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", "type": "string" }, "name": { "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, @@ -65,10 +74,16 @@ }, "name": { "description": "The name of the ServiceAccount resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", "type": "string" }, "namespace": { - "description": "Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults\nto the namespace of the referent.", + "description": "Namespace of the resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", "type": "string" } }, diff --git a/master-standalone-strict/generatorstate-generators-v1alpha1.json b/master-standalone-strict/generatorstate-generators-v1alpha1.json new file mode 100644 index 0000000..21779ae --- /dev/null +++ b/master-standalone-strict/generatorstate-generators-v1alpha1.json @@ -0,0 +1,72 @@ +{ + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "garbageCollectionDeadline": { + "description": "GarbageCollectionDeadline is the time after which the generator state\nwill be deleted.\nIt is set by the controller which creates the generator state and\ncan be set configured by the user.\nIf the garbage collection deadline is not set the generator state will not be deleted.", + "format": "date-time", + "type": "string" + }, + "resource": { + "description": "Resource is the generator manifest that produced the state.\nIt is a snapshot of the generator manifest at the time the state was produced.\nThis manifest will be used to delete the resource. Any configuration that is referenced\nin the manifest should be available at the time of garbage collection. If that is not the case deletion will\nbe blocked by a finalizer.", + "x-kubernetes-preserve-unknown-fields": true + }, + "state": { + "description": "State is the state that was produced by the generator implementation.", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "required": [ + "resource", + "state" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "items": { + "properties": { + "lastTransitionTime": { + "format": "date-time", + "type": "string" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "status", + "type" + ], + "type": "object" + }, + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/githubaccesstoken-generators-v1alpha1.json b/master-standalone-strict/githubaccesstoken-generators-v1alpha1.json new file mode 100644 index 0000000..7b25f6e --- /dev/null +++ b/master-standalone-strict/githubaccesstoken-generators-v1alpha1.json @@ -0,0 +1,99 @@ +{ + "description": "GithubAccessToken generates ghs_ accessToken", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "properties": { + "appID": { + "type": "string" + }, + "auth": { + "description": "Auth configures how ESO authenticates with a Github instance.", + "properties": { + "privateKey": { + "properties": { + "secretRef": { + "description": "A reference to a specific 'key' within a Secret resource.\nIn some instances, `key` is a required field.", + "properties": { + "key": { + "description": "A key in the referenced Secret.\nSome instances of this field may be defaulted, in others it may be required.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + }, + "namespace": { + "description": "The namespace of the Secret resource being referred to.\nIgnored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.", + "maxLength": 63, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "secretRef" + ], + "type": "object", + "additionalProperties": false + } + }, + "required": [ + "privateKey" + ], + "type": "object", + "additionalProperties": false + }, + "installID": { + "type": "string" + }, + "permissions": { + "additionalProperties": { + "type": "string" + }, + "description": "Map of permissions the token will have. If omitted, defaults to all permissions the GitHub App has.", + "type": "object" + }, + "repositories": { + "description": "List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App\nis installed to.", + "items": { + "type": "string" + }, + "type": "array" + }, + "url": { + "description": "URL configures the Github instance URL. Defaults to https://github.com/.", + "type": "string" + } + }, + "required": [ + "appID", + "auth", + "installID" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/master-standalone-strict/globaltable-dynamodb-v1alpha1.json b/master-standalone-strict/globaltable-dynamodb-v1alpha1.json index c7129b0..7ccb232 100644 --- a/master-standalone-strict/globaltable-dynamodb-v1alpha1.json +++ b/master-standalone-strict/globaltable-dynamodb-v1alpha1.json @@ -2,18 +2,18 @@ "description": "GlobalTable is the Schema for the GlobalTables API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "GlobalTableSpec defines the desired state of GlobalTable. \n Represents the properties of a global table.", + "description": "GlobalTableSpec defines the desired state of GlobalTable.\n\nRepresents the properties of a global table.", "properties": { "globalTableName": { "description": "The global table name.", @@ -44,14 +44,14 @@ "description": "GlobalTableStatus defines the observed state of GlobalTable", "properties": { "ackResourceMetadata": { - "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member that is used to contain resource sync state, account ownership, constructed ARN for the resource", + "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { - "description": "ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an \"adopted\" resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR's Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270", + "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { - "description": "OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.", + "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { @@ -66,9 +66,9 @@ "type": "object" }, "conditions": { - "description": "All CRS managed by ACK have a common `Status.Conditions` member that contains a collection of `ackv1alpha1.Condition` objects that describe the various terminal states of the CR and its backend AWS service API resource", + "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { - "description": "Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource", + "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", @@ -106,7 +106,7 @@ "type": "string" }, "globalTableStatus": { - "description": "The current state of the global table: \n * CREATING - The global table is being created. \n * UPDATING - The global table is being updated. \n * DELETING - The global table is being deleted. \n * ACTIVE - The global table is ready for use.", + "description": "The current state of the global table:\n\n * CREATING - The global table is being created.\n\n * UPDATING - The global table is being updated.\n\n * DELETING - The global table is being deleted.\n\n * ACTIVE - The global table is ready for use.", "type": "string" } }, diff --git a/master-standalone-strict/grafana-generators-v1alpha1.json b/master-standalone-strict/grafana-generators-v1alpha1.json new file mode 100644 index 0000000..b2e3164 --- /dev/null +++ b/master-standalone-strict/grafana-generators-v1alpha1.json @@ -0,0 +1,115 @@ +{ + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "GrafanaSpec controls the behavior of the grafana generator.", + "properties": { + "auth": { + "description": "Auth is the authentication configuration to authenticate\nagainst the Grafana instance.", + "properties": { + "basic": { + "description": "Basic auth credentials used to authenticate against the Grafana instance.\nNote: you need a token which has elevated permissions to create service accounts.\nSee here for the documentation on basic roles offered by Grafana:\nhttps://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/", + "properties": { + "password": { + "description": "A basic auth password used to authenticate against the Grafana instance.", + "properties": { + "key": { + "description": "The key where the token is found.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "username": { + "description": "A basic auth username used to authenticate against the Grafana instance.", + "type": "string" + } + }, + "required": [ + "password", + "username" + ], + "type": "object", + "additionalProperties": false + }, + "token": { + "description": "A service account token used to authenticate against the Grafana instance.\nNote: you need a token which has elevated permissions to create service accounts.\nSee here for the documentation on basic roles offered by Grafana:\nhttps://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/", + "properties": { + "key": { + "description": "The key where the token is found.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[-._a-zA-Z0-9]+$", + "type": "string" + }, + "name": { + "description": "The name of the Secret resource being referred to.", + "maxLength": 253, + "minLength": 1, + "pattern": "^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "serviceAccount": { + "description": "ServiceAccount is the configuration for the service account that\nis supposed to be generated by the generator.", + "properties": { + "name": { + "description": "Name is the name of the service account that will be created by ESO.", + "type": "string" + }, + "role": { + "description": "Role is the role of the service account.\nSee here for the documentation on basic roles offered by Grafana:\nhttps://grafana.com/docs/grafana/latest/administration/roles-and-permissions/access-control/rbac-fixed-basic-role-definitions/", + "type": "string" + } + }, + "required": [ + "name", + "role" + ], + "type": "object", + "additionalProperties": false + }, + "url": { + "description": "URL is the URL of the Grafana instance.", + "type": "string" + } + }, + "required": [ + "auth", + "serviceAccount", + "url" + ], + "type": "object", + "additionalProperties": false + } + }, + "type": "object" +} diff --git a/master-standalone-strict/helmrepository-source-v1.json b/master-standalone-strict/helmrepository-source-v1.json new file mode 100644 index 0000000..5289010 --- /dev/null +++ b/master-standalone-strict/helmrepository-source-v1.json @@ -0,0 +1,251 @@ +{ + "description": "HelmRepository is the Schema for the helmrepositories API.", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "type": "object" + }, + "spec": { + "description": "HelmRepositorySpec specifies the required configuration to produce an\nArtifact for a Helm repository index YAML.", + "properties": { + "accessFrom": { + "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", + "properties": { + "namespaceSelectors": { + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", + "items": { + "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", + "properties": { + "matchLabels": { + "additionalProperties": { + "type": "string" + }, + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "namespaceSelectors" + ], + "type": "object", + "additionalProperties": false + }, + "certSecretRef": { + "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`.", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "insecure": { + "description": "Insecure allows connecting to a non-TLS HTTP container registry.\nThis field is only taken into account if the .spec.type field is set to 'oci'.", + "type": "boolean" + }, + "interval": { + "description": "Interval at which the HelmRepository URL is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", + "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", + "type": "string" + }, + "passCredentials": { + "description": "PassCredentials allows the credentials from the SecretRef to be passed\non to a host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the\nindex differ from the defined URL.\nEnabling this should be done with caution, as it can potentially result\nin credentials getting stolen in a MITM-attack.", + "type": "boolean" + }, + "provider": { + "default": "generic", + "description": "Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.\nThis field is optional, and only taken into account if the .spec.type field is set to 'oci'.\nWhen not specified, defaults to 'generic'.", + "enum": [ + "generic", + "aws", + "azure", + "gcp" + ], + "type": "string" + }, + "secretRef": { + "description": "SecretRef specifies the Secret containing authentication credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the secret must contain 'username' and 'password'\nfields.\nSupport for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys is deprecated. Please use `.spec.certSecretRef` instead.", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "suspend": { + "description": "Suspend tells the controller to suspend the reconciliation of this\nHelmRepository.", + "type": "boolean" + }, + "timeout": { + "description": "Timeout is used for the index fetch operation for an HTTPS helm repository,\nand for remote OCI Repository operations like pulling for an OCI helm\nchart by the associated HelmChart.\nIts default value is 60s.", + "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", + "type": "string" + }, + "type": { + "description": "Type of the HelmRepository.\nWhen this field is set to \"oci\", the URL field value must be prefixed with \"oci://\".", + "enum": [ + "default", + "oci" + ], + "type": "string" + }, + "url": { + "description": "URL of the Helm repository, a valid URL contains at least a protocol and\nhost.", + "pattern": "^(http|https|oci)://.*$", + "type": "string" + } + }, + "required": [ + "url" + ], + "type": "object", + "additionalProperties": false + }, + "status": { + "default": { + "observedGeneration": -1 + }, + "description": "HelmRepositoryStatus records the observed state of the HelmRepository.", + "properties": { + "artifact": { + "description": "Artifact represents the last successful HelmRepository reconciliation.", + "properties": { + "digest": { + "description": "Digest is the digest of the file in the form of ':'.", + "pattern": "^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$", + "type": "string" + }, + "lastUpdateTime": { + "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", + "format": "date-time", + "type": "string" + }, + "metadata": { + "additionalProperties": { + "type": "string" + }, + "description": "Metadata holds upstream information such as OCI annotations.", + "type": "object" + }, + "path": { + "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", + "type": "string" + }, + "revision": { + "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "type": "string" + }, + "size": { + "description": "Size is the number of bytes in the file.", + "format": "int64", + "type": "integer" + }, + "url": { + "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", + "type": "string" + } + }, + "required": [ + "lastUpdateTime", + "path", + "revision", + "url" + ], + "type": "object" + }, + "conditions": { + "description": "Conditions holds the conditions for the HelmRepository.", + "items": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", + "properties": { + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", + "maxLength": 32768, + "type": "string" + }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", + "format": "int64", + "minimum": 0, + "type": "integer" + }, + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", + "maxLength": 1024, + "minLength": 1, + "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "enum": [ + "True", + "False", + "Unknown" + ], + "type": "string" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "maxLength": 316, + "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", + "type": "string" + } + }, + "required": [ + "lastTransitionTime", + "message", + "reason", + "status", + "type" + ], + "type": "object" + }, + "type": "array" + }, + "lastHandledReconcileAt": { + "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", + "type": "string" + }, + "observedGeneration": { + "description": "ObservedGeneration is the last observed generation of the HelmRepository\nobject.", + "format": "int64", + "type": "integer" + }, + "url": { + "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact data is recommended.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" +} diff --git a/master-standalone-strict/helmrepository-source-v1beta1.json b/master-standalone-strict/helmrepository-source-v1beta1.json index 700d9a3..575dfa9 100644 --- a/master-standalone-strict/helmrepository-source-v1beta1.json +++ b/master-standalone-strict/helmrepository-source-v1beta1.json @@ -2,11 +2,11 @@ "description": "HelmRepository is the Schema for the helmrepositories API", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -19,15 +19,15 @@ "description": "AccessFrom defines an Access Control List for allowing cross-namespace references to this object.", "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", "properties": { "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -47,11 +47,11 @@ "type": "string" }, "passCredentials": { - "description": "PassCredentials allows the credentials from the SecretRef to be passed on to a host that does not match the host as defined in URL. This may be required if the host of the advertised chart URLs in the index differ from the defined URL. Enabling this should be done with caution, as it can potentially result in credentials getting stolen in a MITM-attack.", + "description": "PassCredentials allows the credentials from the SecretRef to be passed on to\na host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the index\ndiffer from the defined URL.\nEnabling this should be done with caution, as it can potentially result in\ncredentials getting stolen in a MITM-attack.", "type": "boolean" }, "secretRef": { - "description": "The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caFile fields.", + "description": "The name of the secret containing authentication credentials for the Helm\nrepository.\nFor HTTP/S basic auth the secret must contain username and\npassword fields.\nFor TLS the secret must contain a certFile and keyFile, and/or\ncaFile fields.", "properties": { "name": { "description": "Name of the referent.", @@ -99,7 +99,7 @@ "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of this artifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of this\nartifact.", "format": "date-time", "type": "string" }, @@ -108,7 +108,7 @@ "type": "string" }, "revision": { - "description": "Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc.", + "description": "Revision is a human readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm\nchart version, etc.", "type": "string" }, "url": { @@ -117,6 +117,7 @@ } }, "required": [ + "lastUpdateTime", "path", "url" ], @@ -125,26 +126,26 @@ "conditions": { "description": "Conditions holds the conditions for the HelmRepository.", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", @@ -160,7 +161,7 @@ "type": "string" }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" @@ -178,7 +179,7 @@ "type": "array" }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", "type": "string" }, "observedGeneration": { diff --git a/master-standalone-strict/helmrepository-source-v1beta2.json b/master-standalone-strict/helmrepository-source-v1beta2.json index 39ea0a4..5289010 100644 --- a/master-standalone-strict/helmrepository-source-v1beta2.json +++ b/master-standalone-strict/helmrepository-source-v1beta2.json @@ -2,32 +2,32 @@ "description": "HelmRepository is the Schema for the helmrepositories API.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "HelmRepositorySpec specifies the required configuration to produce an Artifact for a Helm repository index YAML.", + "description": "HelmRepositorySpec specifies the required configuration to produce an\nArtifact for a Helm repository index YAML.", "properties": { "accessFrom": { - "description": "AccessFrom specifies an Access Control List for allowing cross-namespace references to this object. NOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", + "description": "AccessFrom specifies an Access Control List for allowing cross-namespace\nreferences to this object.\nNOTE: Not implemented, provisional as of https://github.com/fluxcd/flux2/pull/2092", "properties": { "namespaceSelectors": { - "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies. Items in this list are evaluated using a logical OR operation.", + "description": "NamespaceSelectors is the list of namespace selectors to which this ACL applies.\nItems in this list are evaluated using a logical OR operation.", "items": { - "description": "NamespaceSelector selects the namespaces to which this ACL applies. An empty map of MatchLabels matches all namespaces in a cluster.", + "description": "NamespaceSelector selects the namespaces to which this ACL applies.\nAn empty map of MatchLabels matches all namespaces in a cluster.", "properties": { "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -42,18 +42,36 @@ "type": "object", "additionalProperties": false }, + "certSecretRef": { + "description": "CertSecretRef can be given the name of a Secret containing\neither or both of\n\n- a PEM-encoded client certificate (`tls.crt`) and private\nkey (`tls.key`);\n- a PEM-encoded CA certificate (`ca.crt`)\n\nand whichever are supplied, will be used for connecting to the\nregistry. The client cert and key are useful if you are\nauthenticating with a certificate; the CA cert is useful if\nyou are using a self-signed server certificate. The Secret must\nbe of type `Opaque` or `kubernetes.io/tls`.\n\nIt takes precedence over the values specified in the Secret referred\nto by `.spec.secretRef`.", + "properties": { + "name": { + "description": "Name of the referent.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object", + "additionalProperties": false + }, + "insecure": { + "description": "Insecure allows connecting to a non-TLS HTTP container registry.\nThis field is only taken into account if the .spec.type field is set to 'oci'.", + "type": "boolean" + }, "interval": { - "description": "Interval at which to check the URL for updates.", + "description": "Interval at which the HelmRepository URL is checked for updates.\nThis interval is approximate and may be subject to jitter to ensure\nefficient use of resources.", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", "type": "string" }, "passCredentials": { - "description": "PassCredentials allows the credentials from the SecretRef to be passed on to a host that does not match the host as defined in URL. This may be required if the host of the advertised chart URLs in the index differ from the defined URL. Enabling this should be done with caution, as it can potentially result in credentials getting stolen in a MITM-attack.", + "description": "PassCredentials allows the credentials from the SecretRef to be passed\non to a host that does not match the host as defined in URL.\nThis may be required if the host of the advertised chart URLs in the\nindex differ from the defined URL.\nEnabling this should be done with caution, as it can potentially result\nin credentials getting stolen in a MITM-attack.", "type": "boolean" }, "provider": { "default": "generic", - "description": "Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'. This field is optional, and only taken into account if the .spec.type field is set to 'oci'. When not specified, defaults to 'generic'.", + "description": "Provider used for authentication, can be 'aws', 'azure', 'gcp' or 'generic'.\nThis field is optional, and only taken into account if the .spec.type field is set to 'oci'.\nWhen not specified, defaults to 'generic'.", "enum": [ "generic", "aws", @@ -63,7 +81,7 @@ "type": "string" }, "secretRef": { - "description": "SecretRef specifies the Secret containing authentication credentials for the HelmRepository. For HTTP/S basic auth the secret must contain 'username' and 'password' fields. For TLS the secret must contain a 'certFile' and 'keyFile', and/or 'caFile' fields.", + "description": "SecretRef specifies the Secret containing authentication credentials\nfor the HelmRepository.\nFor HTTP/S basic auth the secret must contain 'username' and 'password'\nfields.\nSupport for TLS auth using the 'certFile' and 'keyFile', and/or 'caFile'\nkeys is deprecated. Please use `.spec.certSecretRef` instead.", "properties": { "name": { "description": "Name of the referent.", @@ -77,17 +95,16 @@ "additionalProperties": false }, "suspend": { - "description": "Suspend tells the controller to suspend the reconciliation of this HelmRepository.", + "description": "Suspend tells the controller to suspend the reconciliation of this\nHelmRepository.", "type": "boolean" }, "timeout": { - "default": "60s", - "description": "Timeout is used for the index fetch operation for an HTTPS helm repository, and for remote OCI Repository operations like pulling for an OCI helm repository. Its default value is 60s.", + "description": "Timeout is used for the index fetch operation for an HTTPS helm repository,\nand for remote OCI Repository operations like pulling for an OCI helm\nchart by the associated HelmChart.\nIts default value is 60s.", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", "type": "string" }, "type": { - "description": "Type of the HelmRepository. When this field is set to \"oci\", the URL field value must be prefixed with \"oci://\".", + "description": "Type of the HelmRepository.\nWhen this field is set to \"oci\", the URL field value must be prefixed with \"oci://\".", "enum": [ "default", "oci" @@ -95,12 +112,12 @@ "type": "string" }, "url": { - "description": "URL of the Helm repository, a valid URL contains at least a protocol and host.", + "description": "URL of the Helm repository, a valid URL contains at least a protocol and\nhost.", + "pattern": "^(http|https|oci)://.*$", "type": "string" } }, "required": [ - "interval", "url" ], "type": "object", @@ -121,7 +138,7 @@ "type": "string" }, "lastUpdateTime": { - "description": "LastUpdateTime is the timestamp corresponding to the last update of the Artifact.", + "description": "LastUpdateTime is the timestamp corresponding to the last update of the\nArtifact.", "format": "date-time", "type": "string" }, @@ -133,11 +150,11 @@ "type": "object" }, "path": { - "description": "Path is the relative file path of the Artifact. It can be used to locate the file in the root of the Artifact storage on the local file system of the controller managing the Source.", + "description": "Path is the relative file path of the Artifact. It can be used to locate\nthe file in the root of the Artifact storage on the local file system of\nthe controller managing the Source.", "type": "string" }, "revision": { - "description": "Revision is a human-readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", + "description": "Revision is a human-readable identifier traceable in the origin source\nsystem. It can be a Git commit SHA, Git tag, a Helm chart version, etc.", "type": "string" }, "size": { @@ -146,7 +163,7 @@ "type": "integer" }, "url": { - "description": "URL is the HTTP address of the Artifact as exposed by the controller managing the Source. It can be used to retrieve the Artifact for consumption, e.g. by another controller applying the Artifact contents.", + "description": "URL is the HTTP address of the Artifact as exposed by the controller\nmanaging the Source. It can be used to retrieve the Artifact for\nconsumption, e.g. by another controller applying the Artifact contents.", "type": "string" } }, @@ -161,26 +178,26 @@ "conditions": { "description": "Conditions holds the conditions for the HelmRepository.", "items": { - "description": "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }", + "description": "Condition contains details for one aspect of the current state of this API Resource.", "properties": { "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.\nThis should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", "format": "date-time", "type": "string" }, "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "description": "message is a human readable message indicating details about the transition.\nThis may be an empty string.", "maxLength": 32768, "type": "string" }, "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "minimum": 0, "type": "integer" }, "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition.\nProducers of specific condition types may define expected values and meanings for this field,\nand whether the values are considered a guaranteed API.\nThe value should be a CamelCase string.\nThis field may not be empty.", "maxLength": 1024, "minLength": 1, "pattern": "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$", @@ -196,7 +213,7 @@ "type": "string" }, "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "maxLength": 316, "pattern": "^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$", "type": "string" @@ -214,16 +231,16 @@ "type": "array" }, "lastHandledReconcileAt": { - "description": "LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.", + "description": "LastHandledReconcileAt holds the value of the most recent\nreconcile request value, so a change of the annotation value\ncan be detected.", "type": "string" }, "observedGeneration": { - "description": "ObservedGeneration is the last observed generation of the HelmRepository object.", + "description": "ObservedGeneration is the last observed generation of the HelmRepository\nobject.", "format": "int64", "type": "integer" }, "url": { - "description": "URL is the dynamic fetch link for the latest Artifact. It is provided on a \"best effort\" basis, and using the precise HelmRepositoryStatus.Artifact data is recommended.", + "description": "URL is the dynamic fetch link for the latest Artifact.\nIt is provided on a \"best effort\" basis, and using the precise\nHelmRepositoryStatus.Artifact data is recommended.", "type": "string" } }, diff --git a/master-standalone-strict/peerauthentication-security-v1.json b/master-standalone-strict/peerauthentication-security-v1.json new file mode 100644 index 0000000..b812052 --- /dev/null +++ b/master-standalone-strict/peerauthentication-security-v1.json @@ -0,0 +1,193 @@ +{ + "properties": { + "spec": { + "description": "Peer authentication configuration for workloads. See more details at: https://istio.io/docs/reference/config/security/peer_authentication.html", + "properties": { + "mtls": { + "description": "Mutual TLS settings for workload.", + "properties": { + "mode": { + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", + "enum": [ + "UNSET", + "DISABLE", + "PERMISSIVE", + "STRICT" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, + "portLevelMtls": { + "additionalProperties": { + "properties": { + "mode": { + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", + "enum": [ + "UNSET", + "DISABLE", + "PERMISSIVE", + "STRICT" + ], + "type": "string" + } + }, + "type": "object" + }, + "description": "Port specific mutual TLS settings.", + "minProperties": 1, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "self.all(key, 0 < int(key) && int(key) <= 65535)" + } + ] + }, + "selector": { + "description": "The selector determines the workloads to apply the PeerAuthentication on.", + "properties": { + "matchLabels": { + "additionalProperties": { + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] + }, + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] + } + }, + "type": "object", + "additionalProperties": false + } + }, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "portLevelMtls requires selector", + "rule": "has(self.portLevelMtls) ? (((has(self.selector) && has(self.selector.matchLabels)) ? self.selector.matchLabels : {}).size() > 0) : true" + } + ], + "additionalProperties": false + }, + "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, + "type": "object", + "x-kubernetes-preserve-unknown-fields": true + } + }, + "type": "object" +} diff --git a/master-standalone-strict/peerauthentication-security-v1beta1.json b/master-standalone-strict/peerauthentication-security-v1beta1.json index 22609ad..b812052 100644 --- a/master-standalone-strict/peerauthentication-security-v1beta1.json +++ b/master-standalone-strict/peerauthentication-security-v1beta1.json @@ -1,13 +1,13 @@ { "properties": { "spec": { - "description": "PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar.", + "description": "Peer authentication configuration for workloads. See more details at: https://istio.io/docs/reference/config/security/peer_authentication.html", "properties": { "mtls": { "description": "Mutual TLS settings for workload.", "properties": { "mode": { - "description": "Defines the mTLS mode used for peer authentication.", + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", "enum": [ "UNSET", "DISABLE", @@ -24,7 +24,7 @@ "additionalProperties": { "properties": { "mode": { - "description": "Defines the mTLS mode used for peer authentication.", + "description": "Defines the mTLS mode used for peer authentication.\n\nValid Options: DISABLE, PERMISSIVE, STRICT", "enum": [ "UNSET", "DISABLE", @@ -37,16 +37,42 @@ "type": "object" }, "description": "Port specific mutual TLS settings.", - "type": "object" + "minProperties": 1, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "port must be between 1-65535", + "rule": "self.all(key, 0 < int(key) && int(key) <= 65535)" + } + ] }, "selector": { - "description": "The selector determines the workloads to apply the ChannelAuthentication on.", + "description": "The selector determines the workloads to apply the PeerAuthentication on.", "properties": { "matchLabels": { "additionalProperties": { - "type": "string" + "maxLength": 63, + "type": "string", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label value match", + "rule": "!self.contains(\"*\")" + } + ] }, - "type": "object" + "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied.", + "maxProperties": 4096, + "type": "object", + "x-kubernetes-validations": [ + { + "message": "wildcard not allowed in label key match", + "rule": "self.all(key, !key.contains(\"*\"))" + }, + { + "message": "key must not be empty", + "rule": "self.all(key, key.size() != 0)" + } + ] } }, "type": "object", @@ -54,9 +80,111 @@ } }, "type": "object", + "x-kubernetes-validations": [ + { + "message": "portLevelMtls requires selector", + "rule": "has(self.portLevelMtls) ? (((has(self.selector) && has(self.selector.matchLabels)) ? self.selector.matchLabels : {}).size() > 0) : true" + } + ], "additionalProperties": false }, "status": { + "properties": { + "conditions": { + "description": "Current service state of the resource.", + "items": { + "properties": { + "lastProbeTime": { + "description": "Last time we probed the condition.", + "format": "date-time", + "type": "string" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "Resource Generation to which the Condition refers.", + "x-kubernetes-int-or-string": true + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition.", + "type": "string" + }, + "type": { + "description": "Type is the type of the condition.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, + "observedGeneration": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "x-kubernetes-int-or-string": true + }, + "validationMessages": { + "description": "Includes any errors or warnings detected by Istio's analyzers.", + "items": { + "properties": { + "documentationUrl": { + "description": "A url pointing to the Istio documentation for this specific error type.", + "type": "string" + }, + "level": { + "description": "Represents how severe a message is.\n\nValid Options: UNKNOWN, ERROR, WARNING, INFO", + "enum": [ + "UNKNOWN", + "ERROR", + "WARNING", + "INFO" + ], + "type": "string" + }, + "type": { + "properties": { + "code": { + "description": "A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify the message type.", + "type": "string" + }, + "name": { + "description": "A human-readable name for the message type.", + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "type": "array" + } + }, "type": "object", "x-kubernetes-preserve-unknown-fields": true } diff --git a/master-standalone-strict/podmonitor-monitoring-v1.json b/master-standalone-strict/podmonitor-monitoring-v1.json index 1965069..15dd908 100644 --- a/master-standalone-strict/podmonitor-monitoring-v1.json +++ b/master-standalone-strict/podmonitor-monitoring-v1.json @@ -1,12 +1,12 @@ { - "description": "PodMonitor defines monitoring for a set of pods.", + "description": "The `PodMonitor` custom resource definition (CRD) defines how `Prometheus` and `PrometheusAgent` can scrape metrics from a group of pods.\nAmong other things, it allows to specify:\n* The pods to scrape via label selectors.\n* The container ports to scrape.\n* Authentication credentials to use.\n* Target and metric relabeling.\n\n`Prometheus` and `PrometheusAgent` objects select `PodMonitor` objects using label and namespace selectors.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -16,40 +16,65 @@ "description": "Specification of desired Pod selection for target discovery by Prometheus.", "properties": { "attachMetadata": { - "description": "Attaches node metadata to discovered targets. Only valid for role: pod. Only valid in Prometheus versions 2.35.0 and newer.", + "description": "`attachMetadata` defines additional metadata which is added to the\ndiscovered targets.\n\nIt requires Prometheus >= v2.35.0.", "properties": { "node": { - "description": "When set to true, Prometheus must have permissions to get Nodes.", + "description": "When set to true, Prometheus attaches node metadata to the discovered\ntargets.\n\nThe Prometheus service account must have the `list` and `watch`\npermissions on the `Nodes` objects.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, + "bodySizeLimit": { + "description": "When defined, bodySizeLimit specifies a job level limit on the size\nof uncompressed response body that will be accepted by Prometheus.\n\nIt requires Prometheus >= v2.28.0.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", + "type": "string" + }, + "convertClassicHistogramsToNHCB": { + "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", + "type": "boolean" + }, + "fallbackScrapeProtocol": { + "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, "jobLabel": { - "description": "The label to use to retrieve the job name from.", + "description": "The label to use to retrieve the job name from.\n`jobLabel` selects the label from the associated Kubernetes `Pod`\nobject which will be used as the `job` label for all metrics.\n\nFor example if `jobLabel` is set to `foo` and the Kubernetes `Pod`\nobject is labeled with `foo: bar`, then Prometheus adds the `job=\"bar\"`\nlabel to all ingested metrics.\n\nIf the value of this field is empty, the `job` label of the metrics\ndefaults to the namespace and name of the PodMonitor object (e.g. `/`).", "type": "string" }, + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", + "format": "int64", + "type": "integer" + }, "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\n\nIt requires Prometheus >= v2.27.0.", "format": "int64", "type": "integer" }, "namespaceSelector": { - "description": "Selector to select which namespaces the Endpoints objects are discovered from.", + "description": "`namespaceSelector` defines in which namespace(s) Prometheus should discover the pods.\nBy default, the pods are discovered in the same namespace as the `PodMonitor` object but it is possible to select pods across different/all namespaces.", "properties": { "any": { - "description": "Boolean describing whether all namespaces are selected in contrast to a list restricting them.", + "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", "type": "boolean" }, "matchNames": { @@ -63,23 +88,42 @@ "type": "object", "additionalProperties": false }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, "podMetricsEndpoints": { - "description": "A list of endpoints allowed as part of this PodMonitor.", + "description": "Defines how to scrape metrics from the selected pods.", "items": { - "description": "PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics.", + "description": "PodMetricsEndpoint defines an endpoint serving Prometheus metrics to be scraped by\nPrometheus.", "properties": { "authorization": { - "description": "Authorization section for this endpoint", + "description": "`authorization` configures the Authorization header credentials to use when\nscraping the target.\n\nCannot be set at the same time as `basicAuth`, or `oauth2`.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -94,24 +138,25 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, "basicAuth": { - "description": "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint", + "description": "`basicAuth` configures the Basic Authentication credentials to use when\nscraping the target.\n\nCannot be set at the same time as `authorization`, or `oauth2`.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -126,14 +171,15 @@ "x-kubernetes-map-type": "atomic" }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -151,14 +197,15 @@ "type": "object" }, "bearerTokenSecret": { - "description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator.", + "description": "`bearerTokenSecret` specifies a key of a Secret containing the bearer\ntoken for scraping targets. The secret needs to be in the same namespace\nas the PodMonitor object and readable by the Prometheus Operator.\n\nDeprecated: use `authorization` instead.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -173,34 +220,38 @@ "x-kubernetes-map-type": "atomic" }, "enableHttp2": { - "description": "Whether to enable HTTP2.", + "description": "`enableHttp2` can be used to disable HTTP2 when scraping the target.", + "type": "boolean" + }, + "filterRunning": { + "description": "When true, the pods which are not running (e.g. either in Failed or\nSucceeded state) are dropped during the target discovery.\n\nIf unset, the filtering is enabled.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase", "type": "boolean" }, "followRedirects": { - "description": "FollowRedirects configures whether scrape requests follow HTTP 3xx redirects.", + "description": "`followRedirects` defines whether the scrape requests should follow HTTP\n3xx redirects.", "type": "boolean" }, "honorLabels": { - "description": "HonorLabels chooses the metric's labels on collisions with target labels.", + "description": "When true, `honorLabels` preserves the metric's labels when they collide\nwith the target's labels.", "type": "boolean" }, "honorTimestamps": { - "description": "HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data.", + "description": "`honorTimestamps` controls whether Prometheus preserves the timestamps\nwhen exposed by the target.", "type": "boolean" }, "interval": { - "description": "Interval at which metrics should be scraped If not specified Prometheus' global scrape interval is used.", + "description": "Interval at which Prometheus scrapes the metrics from the target.\n\nIf empty, Prometheus uses the global scrape interval.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "metricRelabelings": { - "description": "MetricRelabelConfigs to apply to samples before ingestion.", + "description": "`metricRelabelings` configures the relabeling rules to apply to the\nsamples before ingestion.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -219,38 +270,42 @@ "lowercase", "Lowercase", "uppercase", - "Uppercase" + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" ], "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, "regex": { - "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, "replacement": { - "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { - "description": "Separator placed between concatenated source label values. default is ';'.", + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.", + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, "type": "array" }, "targetLabel": { - "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -259,10 +314,10 @@ "type": "array" }, "oauth2": { - "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "`oauth2` configures the OAuth2 settings to use when scraping the target.\n\nIt requires Prometheus >= 2.27.0.\n\nCannot be set at the same time as `authorization`, or `basicAuth`.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -272,7 +327,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -294,7 +350,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -312,14 +369,15 @@ "type": "object" }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -337,18 +395,223 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object" + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -367,29 +630,36 @@ }, "type": "array" }, - "description": "Optional HTTP URL parameters", + "description": "`params` define optional HTTP URL parameters.", "type": "object" }, "path": { - "description": "HTTP path to scrape for metrics. If empty, Prometheus uses the default value (e.g. `/metrics`).", + "description": "HTTP path from which to scrape for metrics.\n\nIf empty, Prometheus uses the default value (e.g. `/metrics`).", "type": "string" }, "port": { - "description": "Name of the pod port this endpoint refers to. Mutually exclusive with targetPort.", + "description": "The `Pod` port name which exposes the endpoint.\n\nIt takes precedence over the `portNumber` and `targetPort` fields.", "type": "string" }, + "portNumber": { + "description": "The `Pod` port number which exposes the endpoint.", + "format": "int32", + "maximum": 65535, + "minimum": 1, + "type": "integer" + }, "proxyUrl": { - "description": "ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint.", + "description": "`proxyURL` configures the HTTP Proxy URL (e.g.\n\"http://proxyserver:2195\") to go through when scraping the target.", "type": "string" }, "relabelings": { - "description": "RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "`relabelings` configures the relabeling rules to apply the target's\nmetadata labels.\n\nThe Operator automatically adds relabelings for a few standard Kubernetes fields.\n\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -408,38 +678,42 @@ "lowercase", "Lowercase", "uppercase", - "Uppercase" + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" ], "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, "regex": { - "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, "replacement": { - "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { - "description": "Separator placed between concatenated source label values. default is ';'.", + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.", + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, "type": "array" }, "targetLabel": { - "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -448,11 +722,15 @@ "type": "array" }, "scheme": { - "description": "HTTP scheme to use for scraping.", + "description": "HTTP scheme to use for scraping.\n\n`http` and `https` are the expected values unless you rewrite the\n`__scheme__` label via relabeling.\n\nIf empty, Prometheus uses the default value `http`.", + "enum": [ + "http", + "https" + ], "type": "string" }, "scrapeTimeout": { - "description": "Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used.", + "description": "Timeout after which Prometheus considers the scrape to be failed.\n\nIf empty, Prometheus uses the global scrape timeout unless it is less\nthan the target's scrape interval value in which the latter is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -465,14 +743,14 @@ "type": "string" } ], - "description": "Deprecated: Use 'port' instead.", + "description": "Name or number of the target port of the `Pod` object behind the Service, the\nport must be specified with container port property.\n\nDeprecated: use 'port' or 'portNumber' instead.", "x-kubernetes-int-or-string": true }, "tlsConfig": { - "description": "TLS configuration to use when scraping the endpoint.", + "description": "TLS configuration to use when scraping the target.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -482,7 +760,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -504,7 +783,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -522,7 +802,7 @@ "type": "object" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -532,7 +812,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -554,7 +835,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -583,7 +865,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -597,12 +880,36 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" } }, "type": "object" + }, + "trackTimestampsStaleness": { + "description": "`trackTimestampsStaleness` defines whether Prometheus tracks staleness of\nthe metrics that have an explicit timestamp present in scraped data.\nHas no effect if `honorTimestamps` is false.\n\nIt requires Prometheus >= v2.48.0.", + "type": "boolean" } }, "type": "object" @@ -610,39 +917,65 @@ "type": "array" }, "podTargetLabels": { - "description": "PodTargetLabels transfers labels on the Kubernetes Pod onto the target.", + "description": "`podTargetLabels` defines the labels which are transferred from the\nassociated Kubernetes `Pod` object onto the ingested metrics.", "items": { "type": "string" }, "type": "array" }, "sampleLimit": { - "description": "SampleLimit defines per-scrape limit on number of scraped samples that will be accepted.", + "description": "`sampleLimit` defines a per-scrape limit on the number of scraped samples\nthat will be accepted.", "format": "int64", "type": "integer" }, + "scrapeClass": { + "description": "The scrape class to apply.", + "minLength": 1, + "type": "string" + }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", + "type": "boolean" + }, + "scrapeProtocols": { + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", + "items": { + "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, "selector": { - "description": "Selector to select Pod objects.", + "description": "Label selector to select the Kubernetes `Pod` objects to scrape metrics from.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -651,13 +984,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -665,14 +999,21 @@ "x-kubernetes-map-type": "atomic", "additionalProperties": false }, + "selectorMechanism": { + "description": "Mechanism used to select the endpoints to scrape.\nBy default, the selection process relies on relabel configurations to filter the discovered targets.\nAlternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.\nWhich strategy is best for your use case needs to be carefully evaluated.\n\nIt requires Prometheus >= v2.17.0.", + "enum": [ + "RelabelConfig", + "RoleSelector" + ], + "type": "string" + }, "targetLimit": { - "description": "TargetLimit defines a limit on the number of scraped targets that will be accepted.", + "description": "`targetLimit` defines a limit on the number of scraped targets that will\nbe accepted.", "format": "int64", "type": "integer" } }, "required": [ - "podMetricsEndpoints", "selector" ], "type": "object", diff --git a/master-standalone-strict/probe-monitoring-v1.json b/master-standalone-strict/probe-monitoring-v1.json index b196a40..5292210 100644 --- a/master-standalone-strict/probe-monitoring-v1.json +++ b/master-standalone-strict/probe-monitoring-v1.json @@ -1,12 +1,12 @@ { - "description": "Probe defines monitoring for a set of static targets or ingresses.", + "description": "The `Probe` custom resource definition (CRD) defines how to scrape metrics from prober exporters such as the [blackbox exporter](https://github.com/prometheus/blackbox_exporter).\n\nThe `Probe` resource needs 2 pieces of information:\n* The list of probed addresses which can be defined statically or by discovering Kubernetes Ingress objects.\n* The prober which exposes the availability of probed endpoints (over various protocols such HTTP, TCP, ICMP, ...) as Prometheus metrics.\n\n`Prometheus` and `PrometheusAgent` objects select `Probe` objects using label and namespace selectors.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { @@ -19,14 +19,15 @@ "description": "Authorization section for this endpoint", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -42,7 +43,7 @@ "additionalProperties": false }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -50,17 +51,18 @@ "additionalProperties": false }, "basicAuth": { - "description": "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint", + "description": "BasicAuth allow an endpoint to authenticate over basic authentication.\nMore info: https://prometheus.io/docs/operating/configuration/#endpoint", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -76,14 +78,15 @@ "additionalProperties": false }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -103,14 +106,15 @@ "additionalProperties": false }, "bearerTokenSecret": { - "description": "Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the probe and accessible by the Prometheus Operator.", + "description": "Secret to mount to read bearer token for scraping targets. The secret\nneeds to be in the same namespace as the probe and accessible by\nthe Prometheus Operator.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -125,8 +129,23 @@ "x-kubernetes-map-type": "atomic", "additionalProperties": false }, + "convertClassicHistogramsToNHCB": { + "description": "Whether to convert all scraped classic histograms into a native histogram with custom buckets.\nIt requires Prometheus >= v3.0.0.", + "type": "boolean" + }, + "fallbackScrapeProtocol": { + "description": "The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, "interval": { - "description": "Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used.", + "description": "Interval at which targets are probed using the configured prober.\nIf not specified Prometheus' global scrape interval is used.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -134,29 +153,34 @@ "description": "The job name assigned to scraped metrics by default.", "type": "string" }, + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.", + "format": "int64", + "type": "integer" + }, "labelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", "format": "int64", "type": "integer" }, "labelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", "format": "int64", "type": "integer" }, "labelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.27.0 and newer.", "format": "int64", "type": "integer" }, "metricRelabelings": { "description": "MetricRelabelConfigs to apply to samples before ingestion.", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -175,38 +199,42 @@ "lowercase", "Lowercase", "uppercase", - "Uppercase" + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" ], "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, "regex": { - "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, "replacement": { - "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { - "description": "Separator placed between concatenated source label values. default is ';'.", + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.", + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, "type": "array" }, "targetLabel": { - "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -215,14 +243,32 @@ "type": "array" }, "module": { - "description": "The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml", + "description": "The module to use for probing specifying how to probe the target.\nExample module configuring in the blackbox exporter:\nhttps://github.com/prometheus/blackbox_exporter/blob/master/example.yml", "type": "string" }, + "nativeHistogramBucketLimit": { + "description": "If there are more than this many buckets in a native histogram,\nbuckets will be merged to stay within the limit.\nIt requires Prometheus >= v2.45.0.", + "format": "int64", + "type": "integer" + }, + "nativeHistogramMinBucketFactor": { + "anyOf": [ + { + "type": "integer" + }, + { + "type": "string" + } + ], + "description": "If the growth factor of one bucket to the next is smaller than this,\nbuckets will be merged to increase the factor sufficiently.\nIt requires Prometheus >= v2.50.0.", + "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", + "x-kubernetes-int-or-string": true + }, "oauth2": { "description": "OAuth2 for the URL. Only valid in Prometheus versions 2.27.0 and newer.", "properties": { "clientId": { - "description": "The secret or configmap containing the OAuth2 client id", + "description": "`clientId` specifies a key of a Secret or ConfigMap containing the\nOAuth2 client's ID.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -232,7 +278,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -255,7 +302,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -275,14 +323,15 @@ "additionalProperties": false }, "clientSecret": { - "description": "The secret containing the OAuth2 client secret", + "description": "`clientSecret` specifies a key of a Secret containing the OAuth2\nclient's secret.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -301,18 +350,231 @@ "additionalProperties": { "type": "string" }, - "description": "Parameters to append to the token URL", + "description": "`endpointParams` configures the HTTP parameters to append to the token\nURL.", "type": "object" }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "string" + }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, "scopes": { - "description": "OAuth2 scopes used for the token request", + "description": "`scopes` defines the OAuth2 scopes used for the token request.", "items": { "type": "string" }, "type": "array" }, + "tlsConfig": { + "description": "TLS configuration to use when connecting to the OAuth2 server.\nIt requires Prometheus >= v2.43.0.", + "properties": { + "ca": { + "description": "Certificate authority used when verifying server certificates.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "cert": { + "description": "Client certificate to present when doing client-authentication.", + "properties": { + "configMap": { + "description": "ConfigMap containing data to use for the targets.", + "properties": { + "key": { + "description": "The key to select.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "secret": { + "description": "Secret containing data to use for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + } + }, + "type": "object", + "additionalProperties": false + }, + "insecureSkipVerify": { + "description": "Disable target certificate validation.", + "type": "boolean" + }, + "keySecret": { + "description": "Secret containing the client key file for the targets.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic", + "additionalProperties": false + }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "serverName": { + "description": "Used to verify the hostname for the targets.", + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "tokenUrl": { - "description": "The URL to fetch the token from", + "description": "`tokenURL` configures the URL to fetch the token from.", "minLength": 1, "type": "string" } @@ -326,11 +588,11 @@ "additionalProperties": false }, "prober": { - "description": "Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty.", + "description": "Specification for the prober to use for probing targets.\nThe prober.URL parameter is required. Targets cannot be probed if left empty.", "properties": { "path": { "default": "/probe", - "description": "Path to collect metrics from. Defaults to `/probe`.", + "description": "Path to collect metrics from.\nDefaults to `/probe`.", "type": "string" }, "proxyUrl": { @@ -338,7 +600,11 @@ "type": "string" }, "scheme": { - "description": "HTTP scheme to use for scraping. Defaults to `http`.", + "description": "HTTP scheme to use for scraping.\n`http` and `https` are the expected values unless you rewrite the `__scheme__` label via relabeling.\nIf empty, Prometheus uses the default value `http`.", + "enum": [ + "http", + "https" + ], "type": "string" }, "url": { @@ -357,8 +623,33 @@ "format": "int64", "type": "integer" }, + "scrapeClass": { + "description": "The scrape class to apply.", + "minLength": 1, + "type": "string" + }, + "scrapeClassicHistograms": { + "description": "Whether to scrape a classic histogram that is also exposed as a native histogram.\nIt requires Prometheus >= v2.45.0.", + "type": "boolean" + }, + "scrapeProtocols": { + "description": "`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the\nprotocols supported by Prometheus in order of preference (from most to least preferred).\n\nIf unset, Prometheus uses its default value.\n\nIt requires Prometheus >= v2.49.0.", + "items": { + "description": "ScrapeProtocol represents a protocol used by Prometheus for scraping metrics.\nSupported values are:\n* `OpenMetricsText0.0.1`\n* `OpenMetricsText1.0.0`\n* `PrometheusProto`\n* `PrometheusText0.0.4`\n* `PrometheusText1.0.0`", + "enum": [ + "PrometheusProto", + "OpenMetricsText0.0.1", + "OpenMetricsText1.0.0", + "PrometheusText0.0.4", + "PrometheusText1.0.0" + ], + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, "scrapeTimeout": { - "description": "Timeout for scraping metrics from the Prometheus exporter. If not specified, the Prometheus global scrape interval is used.", + "description": "Timeout for scraping metrics from the Prometheus exporter.\nIf not specified, the Prometheus global scrape timeout is used.\nThe value cannot be greater than the scrape interval otherwise the operator will reject the resource.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, @@ -371,13 +662,13 @@ "description": "Targets defines a set of static or dynamically discovered targets to probe.", "properties": { "ingress": { - "description": "ingress defines the Ingress objects to probe and the relabeling configuration. If `staticConfig` is also defined, `staticConfig` takes precedence.", + "description": "ingress defines the Ingress objects to probe and the relabeling\nconfiguration.\nIf `staticConfig` is also defined, `staticConfig` takes precedence.", "properties": { "namespaceSelector": { "description": "From which namespaces to select Ingress objects.", "properties": { "any": { - "description": "Boolean describing whether all namespaces are selected in contrast to a list restricting them.", + "description": "Boolean describing whether all namespaces are selected in contrast to a\nlist restricting them.", "type": "boolean" }, "matchNames": { @@ -392,13 +683,13 @@ "additionalProperties": false }, "relabelingConfigs": { - "description": "RelabelConfigs to apply to the label set of the target before it gets scraped. The original ingress address is available via the `__tmp_prometheus_ingress_address` label. It can be used to customize the probed URL. The original scrape job's name is available via the `__tmp_prometheus_job_name` label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfigs to apply to the label set of the target before it gets\nscraped.\nThe original ingress address is available via the\n`__tmp_prometheus_ingress_address` label. It can be used to customize the\nprobed URL.\nThe original scrape job's name is available via the `__tmp_prometheus_job_name` label.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -417,38 +708,42 @@ "lowercase", "Lowercase", "uppercase", - "Uppercase" + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" ], "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, "regex": { - "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, "replacement": { - "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { - "description": "Separator placed between concatenated source label values. default is ';'.", + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.", + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, "type": "array" }, "targetLabel": { - "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -462,22 +757,23 @@ "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -486,13 +782,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -505,7 +802,7 @@ "additionalProperties": false }, "staticConfig": { - "description": "staticConfig defines the static list of targets to probe and the relabeling configuration. If `ingress` is also defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.", + "description": "staticConfig defines the static list of targets to probe and the\nrelabeling configuration.\nIf `ingress` is also defined, `staticConfig` takes precedence.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.", "properties": { "labels": { "additionalProperties": { @@ -515,13 +812,13 @@ "type": "object" }, "relabelingConfigs": { - "description": "RelabelConfigs to apply to the label set of the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "description": "RelabelConfigs to apply to the label set of the targets before it gets\nscraped.\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "items": { - "description": "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs", + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "properties": { "action": { "default": "replace", - "description": "Action to perform based on regex matching. Default is 'replace'. uppercase and lowercase actions require Prometheus >= 2.36.", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", "enum": [ "replace", "Replace", @@ -540,38 +837,42 @@ "lowercase", "Lowercase", "uppercase", - "Uppercase" + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" ], "type": "string" }, "modulus": { - "description": "Modulus to take of the hash of the source label values.", + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", "format": "int64", "type": "integer" }, "regex": { - "description": "Regular expression against which the extracted value is matched. Default is '(.*)'", + "description": "Regular expression against which the extracted value is matched.", "type": "string" }, "replacement": { - "description": "Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1'", + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", "type": "string" }, "separator": { - "description": "Separator placed between concatenated source label values. default is ';'.", + "description": "Separator is the string between concatenated SourceLabels.", "type": "string" }, "sourceLabels": { - "description": "The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions.", + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", "items": { - "description": "LabelName is a valid Prometheus label name which may only contain ASCII letters, numbers, as well as underscores.", + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", "type": "string" }, "type": "array" }, "targetLabel": { - "description": "Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available.", + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", "type": "string" } }, @@ -598,7 +899,7 @@ "description": "TLS configuration to use when scraping the endpoint.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -608,7 +909,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -631,7 +933,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -651,7 +954,7 @@ "additionalProperties": false }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -661,7 +964,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -684,7 +988,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -715,7 +1020,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -730,6 +1036,26 @@ "x-kubernetes-map-type": "atomic", "additionalProperties": false }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" diff --git a/master-standalone-strict/prometheus-monitoring-v1.json b/master-standalone-strict/prometheus-monitoring-v1.json index 68a721d..5f34213 100644 --- a/master-standalone-strict/prometheus-monitoring-v1.json +++ b/master-standalone-strict/prometheus-monitoring-v1.json @@ -1,29 +1,30 @@ { - "description": "Prometheus defines a Prometheus deployment.", + "description": "The `Prometheus` custom resource definition (CRD) defines a desired [Prometheus](https://prometheus.io/docs/prometheus) setup to run in a Kubernetes cluster. It allows to specify many options such as the number of replicas, persistent storage, and Alertmanagers where firing alerts should be sent and many more.\n\nFor each `Prometheus` resource, the Operator deploys one or several `StatefulSet` objects in the same namespace. The number of StatefulSets is equal to the number of shards which is 1 by default.\n\nThe resource defines via label and namespace selectors which `ServiceMonitor`, `PodMonitor`, `Probe` and `PrometheusRule` objects should be associated to the deployed Prometheus instances.\n\nThe Operator continuously reconciles the scrape and rules configuration and a sidecar container running in the Prometheus pods triggers a reload of the configuration when needed.", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { - "description": "Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "Specification of the desired behavior of the Prometheus cluster. More info:\nhttps://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { "additionalAlertManagerConfigs": { - "description": "AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade.", + "description": "AdditionalAlertManagerConfigs specifies a key of a Secret containing\nadditional Prometheus Alertmanager configurations. The Alertmanager\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible AlertManager configs are going to break\nPrometheus after the upgrade.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -39,14 +40,15 @@ "additionalProperties": false }, "additionalAlertRelabelConfigs": { - "description": "AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade.", + "description": "AdditionalAlertRelabelConfigs specifies a key of a Secret containing\nadditional Prometheus alert relabel configurations. The alert relabel\nconfigurations are appended to the configuration generated by the\nPrometheus Operator. They must be formatted according to the official\nPrometheus documentation:\n\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs\n\nThe user is responsible for making sure that the configurations are valid\n\nNote that using this feature may expose the possibility to break\nupgrades of Prometheus. It is advised to review Prometheus release notes\nto ensure that no incompatible alert relabel configs are going to break\nPrometheus after the upgrade.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -62,7 +64,7 @@ "additionalProperties": false }, "additionalArgs": { - "description": "AdditionalArgs allows setting additional arguments for the Prometheus container. It is intended for e.g. activating hidden flags which are not supported by the dedicated configuration options yet. The arguments are passed as-is to the Prometheus container which may cause issues if they are invalid or not supporeted by the given Prometheus version. In case of an argument conflict (e.g. an argument which is already set by the operator itself) or when providing an invalid argument the reconciliation will fail and an error will be logged.", + "description": "AdditionalArgs allows setting additional arguments for the 'prometheus' container.\n\nIt is intended for e.g. activating hidden flags which are not supported by\nthe dedicated configuration options yet. The arguments are passed as-is to the\nPrometheus container which may cause issues if they are invalid or not supported\nby the given Prometheus version.\n\nIn case of an argument conflict (e.g. an argument which is already set by the\noperator itself) or when providing an invalid argument, the reconciliation will\nfail and an error will be logged.", "items": { "description": "Argument as part of the AdditionalArgs list.", "properties": { @@ -84,14 +86,15 @@ "type": "array" }, "additionalScrapeConfigs": { - "description": "AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade.", + "description": "AdditionalScrapeConfigs allows specifying a key of a Secret containing\nadditional Prometheus scrape configurations. Scrape configurations\nspecified are appended to the configurations generated by the Prometheus\nOperator. Job configurations specified must have the form as specified\nin the official Prometheus documentation:\nhttps://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.\nAs scrape configs are appended, the user is responsible to make sure it\nis valid. Note that using this feature may expose the possibility to\nbreak upgrades of Prometheus. It is advised to review Prometheus release\nnotes to ensure that no incompatible scrape configs are going to break\nPrometheus after the upgrade.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -107,15 +110,15 @@ "additionalProperties": false }, "affinity": { - "description": "If specified, the pod's scheduling constraints.", + "description": "Defines the Pods' affinity scheduling rules if specified.", "properties": { "nodeAffinity": { "description": "Describes node affinity scheduling rules for the pod.", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node matches the corresponding matchExpressions; the\nnode(s) with the highest sum are the most preferred.", "items": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "description": "An empty preferred scheduling term matches all objects with implicit weight 0\n(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "properties": { "preference": { "description": "A node selector term, associated with the corresponding weight.", @@ -123,22 +126,23 @@ "matchExpressions": { "description": "A list of node selector requirements by node's labels.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -147,27 +151,29 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchFields": { "description": "A list of node selector requirements by node's fields.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -176,7 +182,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", @@ -194,35 +201,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to an update), the system\nmay or may not try to eventually evict the pod from its node.", "properties": { "nodeSelectorTerms": { "description": "Required. A list of node selector terms. The terms are ORed.", "items": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "description": "A null or empty node selector term matches no objects. The requirements of\nthem are ANDed.\nThe TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "properties": { "matchExpressions": { "description": "A list of node selector requirements by node's labels.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -231,27 +240,29 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchFields": { "description": "A list of node selector requirements by node's fields.", "items": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A node selector requirement is a selector that contains values, a key, and an operator\nthat relates the key and values.", "properties": { "key": { "description": "The label key that the selector applies to.", "type": "string" }, "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", + "description": "Represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.", "type": "string" }, "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "description": "An array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. If the operator is Gt or Lt, the values\narray must have a single element, which will be interpreted as an integer.\nThis array is replaced during a strategic merge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -260,13 +271,15 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -284,7 +297,7 @@ "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { @@ -292,27 +305,28 @@ "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -321,41 +335,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -364,13 +396,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -378,14 +411,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -395,7 +429,7 @@ "type": "object" }, "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "format": "int32", "type": "integer" } @@ -406,35 +440,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "description": "If the affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -443,41 +479,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -486,13 +540,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -500,14 +555,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -516,7 +572,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", @@ -526,7 +583,7 @@ "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", "properties": { "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "description": "The scheduler will prefer to schedule pods to nodes that satisfy\nthe anti-affinity expressions specified by this field, but it may choose\na node that violates one or more of the expressions. The node that is\nmost preferred is the one with the greatest sum of weights, i.e.\nfor each node that meets all of the scheduling requirements (resource\nrequest, requiredDuringScheduling anti-affinity expressions, etc.),\ncompute a sum by iterating through the elements of this field and adding\n\"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the\nnode(s) with the highest sum are the most preferred.", "items": { "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "properties": { @@ -534,27 +591,28 @@ "description": "Required. A pod affinity term, associated with the corresponding weight.", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -563,41 +621,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -606,13 +682,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -620,14 +697,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -637,7 +715,7 @@ "type": "object" }, "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "description": "weight associated with matching the corresponding podAffinityTerm,\nin the range 1-100.", "format": "int32", "type": "integer" } @@ -648,35 +726,37 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "description": "If the anti-affinity requirements specified by this field are not met at\nscheduling time, the pod will not be scheduled onto the node.\nIf the anti-affinity requirements specified by this field cease to be met\nat some point during pod execution (e.g. due to a pod label update), the\nsystem may or may not try to eventually evict the pod from its node.\nWhen there are multiple elements, the lists of nodes corresponding to each\npodAffinityTerm are intersected, i.e. all terms must be satisfied.", "items": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "description": "Defines a set of pods (namely those matching the labelSelector\nrelative to the given namespace(s)) that this pod should be\nco-located (affinity) or not co-located (anti-affinity) with,\nwhere co-located is defined as running on a node whose value of\nthe label with key matches that of any node on which\na pod of the set of pods is running", "properties": { "labelSelector": { - "description": "A label query over a set of resources, in this case pods.", + "description": "A label query over a set of resources, in this case pods.\nIf it's null, this PodAffinityTerm matches with no Pods.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -685,41 +765,59 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, "type": "object", "x-kubernetes-map-type": "atomic" }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both matchLabelKeys and labelSelector.\nAlso, matchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will\nbe taken into consideration. The keys are used to lookup values from the\nincoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`\nto select the group of existing pods which pods will be taken into consideration\nfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming\npod labels will be ignored. The default value is empty.\nThe same key is forbidden to exist in both mismatchLabelKeys and labelSelector.\nAlso, mismatchLabelKeys cannot be set when labelSelector isn't set.\nThis is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).", + "items": { + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "description": "A label query over the set of namespaces that the term applies to.\nThe term is applied to the union of the namespaces selected by this field\nand the ones listed in the namespaces field.\nnull selector and null or empty namespaces list means \"this pod's namespace\".\nAn empty selector ({}) matches all namespaces.", "properties": { "matchExpressions": { "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "items": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.", "properties": { "key": { "description": "key is the label key that the selector applies to.", "type": "string" }, "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", "type": "string" }, "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -728,13 +826,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "matchLabels": { "additionalProperties": { "type": "string" }, - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", "type": "object" } }, @@ -742,14 +841,15 @@ "x-kubernetes-map-type": "atomic" }, "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "description": "namespaces specifies a static list of namespace names that the term applies to.\nThe term is applied to the union of the namespaces listed in this field\nand the ones selected by namespaceSelector.\nnull or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching\nthe labelSelector in the specified namespaces, where co-located is defined as running on a node\nwhose value of the label with key topologyKey matches that of any node on which any of the\nselected pods is running.\nEmpty topologyKey is not allowed.", "type": "string" } }, @@ -758,7 +858,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object", @@ -769,29 +870,105 @@ "additionalProperties": false }, "alerting": { - "description": "Define details regarding alerting.", + "description": "Defines the settings related to Alertmanager.", "properties": { "alertmanagers": { - "description": "AlertmanagerEndpoints Prometheus should fire alerts against.", + "description": "Alertmanager endpoints where Prometheus should send alerts to.", "items": { - "description": "AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against.", + "description": "AlertmanagerEndpoints defines a selection of a single Endpoints object\ncontaining Alertmanager IPs to fire alerts against.", "properties": { + "alertRelabelings": { + "description": "Relabeling configs applied before sending alerts to a specific Alertmanager.\nIt requires Prometheus >= v2.51.0.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, "apiVersion": { - "description": "Version of the Alertmanager API that Prometheus uses to send alerts. It can be \"v1\" or \"v2\".", + "description": "Version of the Alertmanager API that Prometheus uses to send alerts.\nIt can be \"V1\" or \"V2\".\nThe field has no effect for Prometheus >= v3.0.0 because only the v2 API is supported.", + "enum": [ + "v1", + "V1", + "v2", + "V2" + ], "type": "string" }, "authorization": { - "description": "Authorization section for this alertmanager endpoint", + "description": "Authorization section for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `sigv4`.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -806,22 +983,84 @@ "x-kubernetes-map-type": "atomic" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, "type": "object" }, + "basicAuth": { + "description": "BasicAuth configuration for Alertmanager.\n\nCannot be set at the same time as `bearerTokenFile`, `authorization` or `sigv4`.", + "properties": { + "password": { + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "username": { + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, "bearerTokenFile": { - "description": "BearerTokenFile to read from filesystem to use when authenticating to Alertmanager.", + "description": "File to read bearer token for Alertmanager.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `sigv4`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, + "enableHttp2": { + "description": "Whether to enable HTTP2.", + "type": "boolean" + }, "name": { - "description": "Name of Endpoints object in Namespace.", + "description": "Name of the Endpoints object in the namespace.", + "minLength": 1, "type": "string" }, "namespace": { - "description": "Namespace of Endpoints object.", + "description": "Namespace of the Endpoints object.\n\nIf not set, the object will be discovered in the namespace of the\nPrometheus object.", + "minLength": 1, + "type": "string" + }, + "noProxy": { + "description": "`noProxy` is a comma-separated string that can contain IPs, CIDR notation, domain names\nthat should be excluded from proxying. IP and domain names can\ncontain port numbers.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", "type": "string" }, "pathPrefix": { @@ -837,23 +1076,196 @@ "type": "string" } ], - "description": "Port the Alertmanager API is exposed on.", + "description": "Port on which the Alertmanager API is exposed.", "x-kubernetes-int-or-string": true }, + "proxyConnectHeader": { + "additionalProperties": { + "items": { + "description": "SecretKeySelector selects a key of a Secret.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "type": "array" + }, + "description": "ProxyConnectHeader optionally specifies headers to send to\nproxies during CONNECT requests.\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "proxyFromEnvironment": { + "description": "Whether to use the proxy configuration defined by environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY).\n\nIt requires Prometheus >= v2.43.0, Alertmanager >= v0.25.0 or Thanos >= v0.32.0.", + "type": "boolean" + }, + "proxyUrl": { + "description": "`proxyURL` defines the HTTP proxy server to use.", + "pattern": "^(http|https|socks5)://.+$", + "type": "string" + }, + "relabelings": { + "description": "Relabel configuration applied to the discovered Alertmanagers.", + "items": { + "description": "RelabelConfig allows dynamic rewriting of the label set for targets, alerts,\nscraped samples and remote write samples.\n\nMore info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "properties": { + "action": { + "default": "replace", + "description": "Action to perform based on the regex matching.\n\n`Uppercase` and `Lowercase` actions require Prometheus >= v2.36.0.\n`DropEqual` and `KeepEqual` actions require Prometheus >= v2.41.0.\n\nDefault: \"Replace\"", + "enum": [ + "replace", + "Replace", + "keep", + "Keep", + "drop", + "Drop", + "hashmod", + "HashMod", + "labelmap", + "LabelMap", + "labeldrop", + "LabelDrop", + "labelkeep", + "LabelKeep", + "lowercase", + "Lowercase", + "uppercase", + "Uppercase", + "keepequal", + "KeepEqual", + "dropequal", + "DropEqual" + ], + "type": "string" + }, + "modulus": { + "description": "Modulus to take of the hash of the source label values.\n\nOnly applicable when the action is `HashMod`.", + "format": "int64", + "type": "integer" + }, + "regex": { + "description": "Regular expression against which the extracted value is matched.", + "type": "string" + }, + "replacement": { + "description": "Replacement value against which a Replace action is performed if the\nregular expression matches.\n\nRegex capture groups are available.", + "type": "string" + }, + "separator": { + "description": "Separator is the string between concatenated SourceLabels.", + "type": "string" + }, + "sourceLabels": { + "description": "The source labels select values from existing labels. Their content is\nconcatenated using the configured Separator and matched against the\nconfigured regular expression.", + "items": { + "description": "LabelName is a valid Prometheus label name which may only contain ASCII\nletters, numbers, as well as underscores.", + "pattern": "^[a-zA-Z_][a-zA-Z0-9_]*$", + "type": "string" + }, + "type": "array" + }, + "targetLabel": { + "description": "Label to which the resulting string is written in a replacement.\n\nIt is mandatory for `Replace`, `HashMod`, `Lowercase`, `Uppercase`,\n`KeepEqual` and `DropEqual` actions.\n\nRegex capture groups are available.", + "type": "string" + } + }, + "type": "object" + }, + "type": "array" + }, "scheme": { "description": "Scheme to use when firing alerts.", "type": "string" }, + "sigv4": { + "description": "Sigv4 allows to configures AWS's Signature Verification 4 for the URL.\n\nIt requires Prometheus >= v2.48.0.\n\nCannot be set at the same time as `basicAuth`, `bearerTokenFile` or `authorization`.", + "properties": { + "accessKey": { + "description": "AccessKey is the AWS API key. If not specified, the environment variable\n`AWS_ACCESS_KEY_ID` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + }, + "profile": { + "description": "Profile is the named AWS profile used to authenticate.", + "type": "string" + }, + "region": { + "description": "Region is the AWS region. If blank, the region from the default credentials chain used.", + "type": "string" + }, + "roleArn": { + "description": "RoleArn is the named AWS profile used to authenticate.", + "type": "string" + }, + "secretKey": { + "description": "SecretKey is the AWS API secret. If not specified, the environment\nvariable `AWS_SECRET_ACCESS_KEY` is used.", + "properties": { + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string" + }, + "name": { + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" + } + }, + "required": [ + "key" + ], + "type": "object", + "x-kubernetes-map-type": "atomic" + } + }, + "type": "object" + }, "timeout": { "description": "Timeout is a per-target Alertmanager timeout when pushing alerts.", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "tlsConfig": { - "description": "TLS Config to use for alertmanager connection.", + "description": "TLS Config to use for Alertmanager.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -863,7 +1275,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -885,7 +1298,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -907,7 +1321,7 @@ "type": "string" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -917,7 +1331,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -939,7 +1354,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -976,7 +1392,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -990,6 +1407,26 @@ "type": "object", "x-kubernetes-map-type": "atomic" }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1000,7 +1437,6 @@ }, "required": [ "name", - "namespace", "port" ], "type": "object" @@ -1015,24 +1451,25 @@ "additionalProperties": false }, "allowOverlappingBlocks": { - "description": "AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release.", + "description": "AllowOverlappingBlocks enables vertical compaction and vertical query\nmerge in Prometheus.\n\nDeprecated: this flag has no effect for Prometheus >= 2.39.0 where overlapping blocks are enabled by default.", "type": "boolean" }, "apiserverConfig": { - "description": "APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", + "description": "APIServerConfig allows specifying a host and auth methods to access the\nKuberntees API server.\nIf null, Prometheus is assumed to run inside of the cluster: it will\ndiscover the API servers automatically and use the Pod's CA certificate\nand bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.", "properties": { "authorization": { - "description": "Authorization section for accessing apiserver", + "description": "Authorization section for the API server.\n\nCannot be set at the same time as `basicAuth`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { "credentials": { - "description": "The secret's key that contains the credentials of the request", + "description": "Selects a key of a Secret in the namespace that contains the credentials for authentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1048,11 +1485,11 @@ "additionalProperties": false }, "credentialsFile": { - "description": "File to read a secret from, mutually exclusive with Credentials (from SafeAuthorization)", + "description": "File to read a secret from, mutually exclusive with `credentials`.", "type": "string" }, "type": { - "description": "Set the authentication type. Defaults to Bearer, Basic will cause an error", + "description": "Defines the authentication type. The value is case-insensitive.\n\n\"Basic\" is not a supported value.\n\nDefault: \"Bearer\"", "type": "string" } }, @@ -1060,17 +1497,18 @@ "additionalProperties": false }, "basicAuth": { - "description": "BasicAuth allow an endpoint to authenticate over basic authentication", + "description": "BasicAuth configuration for the API server.\n\nCannot be set at the same time as `authorization`, `bearerToken`, or\n`bearerTokenFile`.", "properties": { "password": { - "description": "The secret in the service monitor namespace that contains the password for authentication.", + "description": "`password` specifies a key of a Secret containing the password for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1086,14 +1524,15 @@ "additionalProperties": false }, "username": { - "description": "The secret in the service monitor namespace that contains the username for authentication.", + "description": "`username` specifies a key of a Secret containing the username for\nauthentication.", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1113,22 +1552,22 @@ "additionalProperties": false }, "bearerToken": { - "description": "Bearer token for accessing apiserver.", + "description": "*Warning: this field shouldn't be used because the token value appears\nin clear-text. Prefer using `authorization`.*\n\nDeprecated: this will be removed in a future release.", "type": "string" }, "bearerTokenFile": { - "description": "File to read bearer token for accessing apiserver.", + "description": "File to read bearer token for accessing apiserver.\n\nCannot be set at the same time as `basicAuth`, `authorization`, or `bearerToken`.\n\nDeprecated: this will be removed in a future release. Prefer using `authorization`.", "type": "string" }, "host": { - "description": "Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number", + "description": "Kubernetes API address consisting of a hostname or IP address followed\nby an optional port number.", "type": "string" }, "tlsConfig": { - "description": "TLS Config to use for accessing apiserver.", + "description": "TLS Config to use for the API server.", "properties": { "ca": { - "description": "Struct containing the CA cert to use for the targets.", + "description": "Certificate authority used when verifying server certificates.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1138,7 +1577,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1161,7 +1601,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1185,7 +1626,7 @@ "type": "string" }, "cert": { - "description": "Struct containing the client cert file for the targets.", + "description": "Client certificate to present when doing client-authentication.", "properties": { "configMap": { "description": "ConfigMap containing data to use for the targets.", @@ -1195,7 +1636,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1218,7 +1660,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1257,7 +1700,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1272,6 +1716,26 @@ "x-kubernetes-map-type": "atomic", "additionalProperties": false }, + "maxVersion": { + "description": "Maximum acceptable TLS version.\n\nIt requires Prometheus >= v2.41.0 or Thanos >= v0.31.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, + "minVersion": { + "description": "Minimum acceptable TLS version.\n\nIt requires Prometheus >= v2.35.0 or Thanos >= v0.28.0.", + "enum": [ + "TLS10", + "TLS11", + "TLS12", + "TLS13" + ], + "type": "string" + }, "serverName": { "description": "Used to verify the hostname for the targets.", "type": "string" @@ -1288,7 +1752,7 @@ "additionalProperties": false }, "arbitraryFSAccessThroughSMs": { - "description": "ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files.", + "description": "When true, ServiceMonitor, PodMonitor and Probe object are forbidden to\nreference arbitrary files on the file system of the 'prometheus'\ncontainer.\nWhen a ServiceMonitor's endpoint specifies a `bearerTokenFile` value\n(e.g. '/var/run/secrets/kubernetes.io/serviceaccount/token'), a\nmalicious target can get access to the Prometheus service account's\ntoken in the Prometheus' scrape request. Setting\n`spec.arbitraryFSAccessThroughSM` to 'true' would prevent the attack.\nUsers should instead provide the credentials using the\n`spec.bearerTokenSecret` field.", "properties": { "deny": { "type": "boolean" @@ -1297,38 +1761,49 @@ "type": "object", "additionalProperties": false }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod.\nIf the field isn't set, the operator mounts the service account token by default.\n\n**Warning:** be aware that by default, Prometheus requires the service account token for Kubernetes service discovery.\nIt is possible to use strategic merge patch to project the service account token into the 'prometheus' container.", + "type": "boolean" + }, "baseImage": { - "description": "Base image to use for a Prometheus deployment. Deprecated: use 'image' instead", + "description": "Deprecated: use 'spec.image' instead.", + "type": "string" + }, + "bodySizeLimit": { + "description": "BodySizeLimit defines per-scrape on response body size.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedBodySizeLimit.", + "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, "configMaps": { - "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/.", + "description": "ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus\nobject, which shall be mounted into the Prometheus Pods.\nEach ConfigMap is added to the StatefulSet definition as a volume named `configmap-`.\nThe ConfigMaps are mounted into /etc/prometheus/configmaps/ in the 'prometheus' container.", "items": { "type": "string" }, "type": "array" }, "containers": { - "description": "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "description": "Containers allows injecting additional containers or modifying operator\ngenerated containers. This can be used to allow adding an authentication\nproxy to the Pods or to change the behavior of an operator generated\ncontainer. Containers described here modify an operator generated\ncontainer if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of containers managed by the operator are:\n* `prometheus`\n* `config-reloader`\n* `thanos-sidecar`\n\nOverriding containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "description": "List of environment variables to set in the container.\nCannot be updated.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { @@ -1337,7 +1812,7 @@ "type": "string" }, "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { @@ -1351,7 +1826,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1366,7 +1842,7 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", @@ -1384,7 +1860,7 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", @@ -1422,7 +1898,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1445,10 +1922,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "items": { "description": "EnvFromSource represents the source of a set of ConfigMaps", "properties": { @@ -1456,7 +1937,8 @@ "description": "The ConfigMap to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1475,7 +1957,8 @@ "description": "The Secret to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -1489,40 +1972,42 @@ }, "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1531,7 +2016,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1545,7 +2030,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1560,11 +2046,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1573,8 +2059,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1589,7 +2089,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1602,26 +2102,27 @@ "type": "object" }, "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1630,7 +2131,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1644,7 +2145,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1659,11 +2161,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1672,10 +2174,24 @@ ], "type": "object" }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", "properties": { - "host": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", + "properties": { + "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, @@ -1688,7 +2204,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1704,28 +2220,29 @@ "type": "object" }, "livenessProbe": { - "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -1733,7 +2250,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1743,10 +2261,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1755,7 +2273,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1769,7 +2287,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1784,11 +2303,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1798,22 +2317,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -1828,7 +2347,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -1838,12 +2357,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -1851,16 +2370,16 @@ "type": "object" }, "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, "ports": { - "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", "items": { "description": "ContainerPort represents a network port in a single container.", "properties": { "containerPort": { - "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", "format": "int32", "type": "integer" }, @@ -1869,17 +2388,17 @@ "type": "string" }, "hostPort": { - "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", "format": "int32", "type": "integer" }, "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, "protocol": { "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, @@ -1896,28 +2415,29 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -1925,7 +2445,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -1935,10 +2456,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -1947,7 +2468,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -1961,7 +2482,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -1976,11 +2498,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -1990,22 +2512,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2020,7 +2542,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2030,21 +2552,69 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } }, "type": "object" }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { - "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "additionalProperties": { "anyOf": [ @@ -2058,7 +2628,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -2074,21 +2644,42 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, "securityContext": { - "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, "capabilities": { - "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "add": { "description": "Added capabilities", @@ -2096,7 +2687,8 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "drop": { "description": "Removed capabilities", @@ -2104,39 +2696,40 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "seLinuxOptions": { - "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "level": { "description": "Level is SELinux level label that applies to the container.", @@ -2158,14 +2751,14 @@ "type": "object" }, "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -2175,10 +2768,10 @@ "type": "object" }, "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { @@ -2186,11 +2779,11 @@ "type": "string" }, "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -2200,28 +2793,29 @@ "type": "object" }, "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -2229,7 +2823,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -2239,10 +2834,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2251,7 +2846,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2265,7 +2860,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2280,11 +2876,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2294,22 +2890,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2324,7 +2920,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2334,12 +2930,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -2347,23 +2943,23 @@ "type": "object" }, "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", "type": "boolean" }, "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", "type": "boolean" }, "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" }, "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", "type": "boolean" }, "volumeDevices": { @@ -2386,19 +2982,23 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { @@ -2406,15 +3006,19 @@ "type": "string" }, "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -2424,10 +3028,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", "type": "string" } }, @@ -2439,66 +3047,142 @@ "type": "array" }, "disableCompaction": { - "description": "Disable prometheus compaction.", + "description": "When true, the Prometheus compaction is disabled.\nWhen `spec.thanos.objectStorageConfig` or `spec.objectStorageConfigFile` are defined, the operator automatically\ndisables block compaction to avoid race conditions during block uploads (as the Thanos documentation recommends).", "type": "boolean" }, + "dnsConfig": { + "description": "Defines the DNS configuration for the pods.", + "properties": { + "nameservers": { + "description": "A list of DNS name server IP addresses.\nThis will be appended to the base nameservers generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "options": { + "description": "A list of DNS resolver options.\nThis will be merged with the base options generated from DNSPolicy.\nResolution options given in Options\nwill override those that appear in the base DNSPolicy.", + "items": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "properties": { + "name": { + "description": "Name is required and must be unique.", + "minLength": 1, + "type": "string" + }, + "value": { + "description": "Value is optional.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup.\nThis will be appended to the base search paths generated from DNSPolicy.", + "items": { + "minLength": 1, + "type": "string" + }, + "type": "array", + "x-kubernetes-list-type": "set" + } + }, + "type": "object", + "additionalProperties": false + }, + "dnsPolicy": { + "description": "Defines the DNS policy for the pods.", + "enum": [ + "ClusterFirstWithHostNet", + "ClusterFirst", + "Default", + "None" + ], + "type": "string" + }, "enableAdminAPI": { - "description": "Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", + "description": "Enables access to the Prometheus web admin API.\n\nWARNING: Enabling the admin APIs enables mutating endpoints, to delete data,\nshutdown Prometheus, and more. Enabling this should be done with care and the\nuser is advised to add additional authentication authorization via a proxy to\nensure only clients authorized to perform these actions can do so.\n\nFor more information:\nhttps://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis", "type": "boolean" }, "enableFeatures": { - "description": "Enable access to Prometheus disabled features. By default, no features are enabled. Enabling disabled features is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/", + "description": "Enable access to Prometheus feature flags. By default, no features are enabled.\n\nEnabling features which are disabled by default is entirely outside the\nscope of what the maintainers will support and by doing so, you accept\nthat this behaviour may break at any time without notice.\n\nFor more information see https://prometheus.io/docs/prometheus/latest/feature_flags/", "items": { + "minLength": 1, "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "set" + }, + "enableOTLPReceiver": { + "description": "Enable Prometheus to be used as a receiver for the OTLP Metrics protocol.\n\nNote that the OTLP receiver endpoint is automatically enabled if `.spec.otlpConfig` is defined.\n\nIt requires Prometheus >= v2.47.0.", + "type": "boolean" }, "enableRemoteWriteReceiver": { - "description": "Enable Prometheus to be used as a receiver for the Prometheus remote write protocol. Defaults to the value of `false`. WARNING: This is not considered an efficient way of ingesting samples. Use it with caution for specific low-volume use cases. It is not suitable for replacing the ingestion via scraping and turning Prometheus into a push-based metrics collection system. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver Only valid in Prometheus versions 2.33.0 and newer.", + "description": "Enable Prometheus to be used as a receiver for the Prometheus remote\nwrite protocol.\n\nWARNING: This is not considered an efficient way of ingesting samples.\nUse it with caution for specific low-volume use cases.\nIt is not suitable for replacing the ingestion via scraping and turning\nPrometheus into a push-based metrics collection system.\nFor more information see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver\n\nIt requires Prometheus >= v2.33.0.", + "type": "boolean" + }, + "enableServiceLinks": { + "description": "Indicates whether information about services should be injected into pod's environment variables", "type": "boolean" }, "enforcedBodySizeLimit": { - "description": "EnforcedBodySizeLimit defines the maximum size of uncompressed response body that will be accepted by Prometheus. Targets responding with a body larger than this many bytes will cause the scrape to fail. Example: 100MB. If defined, the limit will apply to all service/pod monitors and probes. This is an experimental feature, this behaviour could change or be removed in the future. Only valid in Prometheus versions 2.28.0 and newer.", + "description": "When defined, enforcedBodySizeLimit specifies a global limit on the size\nof uncompressed response body that will be accepted by Prometheus.\nTargets responding with a body larger than this many bytes will cause\nthe scrape to fail.\n\nIt requires Prometheus >= v2.28.0.\n\nWhen both `enforcedBodySizeLimit` and `bodySizeLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined bodySizeLimit value will inherit the global bodySizeLimit value (Prometheus >= 2.45.0) or the enforcedBodySizeLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedBodySizeLimit` is greater than the `bodySizeLimit`, the `bodySizeLimit` will be set to `enforcedBodySizeLimit`.\n* Scrape objects with a bodySizeLimit value less than or equal to enforcedBodySizeLimit keep their specific value.\n* Scrape objects with a bodySizeLimit value greater than enforcedBodySizeLimit are set to enforcedBodySizeLimit.", "pattern": "(^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$", "type": "string" }, + "enforcedKeepDroppedTargets": { + "description": "When defined, enforcedKeepDroppedTargets specifies a global limit on the number of targets\ndropped by relabeling that will be kept in memory. The value overrides\nany `spec.keepDroppedTargets` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.keepDroppedTargets` is\ngreater than zero and less than `spec.enforcedKeepDroppedTargets`.\n\nIt requires Prometheus >= v2.47.0.\n\nWhen both `enforcedKeepDroppedTargets` and `keepDroppedTargets` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined keepDroppedTargets value will inherit the global keepDroppedTargets value (Prometheus >= 2.45.0) or the enforcedKeepDroppedTargets value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedKeepDroppedTargets` is greater than the `keepDroppedTargets`, the `keepDroppedTargets` will be set to `enforcedKeepDroppedTargets`.\n* Scrape objects with a keepDroppedTargets value less than or equal to enforcedKeepDroppedTargets keep their specific value.\n* Scrape objects with a keepDroppedTargets value greater than enforcedKeepDroppedTargets are set to enforcedKeepDroppedTargets.", + "format": "int64", + "type": "integer" + }, "enforcedLabelLimit": { - "description": "Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "When defined, enforcedLabelLimit specifies a global limit on the number\nof labels per sample. The value overrides any `spec.labelLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelLimit` is\ngreater than zero and less than `spec.enforcedLabelLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelLimit` and `labelLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelLimit value will inherit the global labelLimit value (Prometheus >= 2.45.0) or the enforcedLabelLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelLimit` is greater than the `labelLimit`, the `labelLimit` will be set to `enforcedLabelLimit`.\n* Scrape objects with a labelLimit value less than or equal to enforcedLabelLimit keep their specific value.\n* Scrape objects with a labelLimit value greater than enforcedLabelLimit are set to enforcedLabelLimit.", "format": "int64", "type": "integer" }, "enforcedLabelNameLengthLimit": { - "description": "Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "When defined, enforcedLabelNameLengthLimit specifies a global limit on the length\nof labels name per sample. The value overrides any `spec.labelNameLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelNameLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelNameLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelNameLengthLimit` and `labelNameLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelNameLengthLimit value will inherit the global labelNameLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelNameLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelNameLengthLimit` is greater than the `labelNameLengthLimit`, the `labelNameLengthLimit` will be set to `enforcedLabelNameLengthLimit`.\n* Scrape objects with a labelNameLengthLimit value less than or equal to enforcedLabelNameLengthLimit keep their specific value.\n* Scrape objects with a labelNameLengthLimit value greater than enforcedLabelNameLengthLimit are set to enforcedLabelNameLengthLimit.", "format": "int64", "type": "integer" }, "enforcedLabelValueLengthLimit": { - "description": "Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer.", + "description": "When not null, enforcedLabelValueLengthLimit defines a global limit on the length\nof labels value per sample. The value overrides any `spec.labelValueLengthLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.labelValueLengthLimit` is\ngreater than zero and less than `spec.enforcedLabelValueLengthLimit`.\n\nIt requires Prometheus >= v2.27.0.\n\nWhen both `enforcedLabelValueLengthLimit` and `labelValueLengthLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined labelValueLengthLimit value will inherit the global labelValueLengthLimit value (Prometheus >= 2.45.0) or the enforcedLabelValueLengthLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedLabelValueLengthLimit` is greater than the `labelValueLengthLimit`, the `labelValueLengthLimit` will be set to `enforcedLabelValueLengthLimit`.\n* Scrape objects with a labelValueLengthLimit value less than or equal to enforcedLabelValueLengthLimit keep their specific value.\n* Scrape objects with a labelValueLengthLimit value greater than enforcedLabelValueLengthLimit are set to enforcedLabelValueLengthLimit.", "format": "int64", "type": "integer" }, "enforcedNamespaceLabel": { - "description": "EnforcedNamespaceLabel If set, a label will be added to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` and `Probe` objects) and 2. in all `PrometheusRule` objects (except the ones excluded in `prometheusRulesExcludedFromEnforce`) to * alerting & recording rules and * the metrics used in their expressions (`expr`). \n Label name is this field's value. Label value is the namespace of the created object (mentioned above).", + "description": "When not empty, a label will be added to:\n\n1. All metrics scraped from `ServiceMonitor`, `PodMonitor`, `Probe` and `ScrapeConfig` objects.\n2. All metrics generated from recording rules defined in `PrometheusRule` objects.\n3. All alerts generated from alerting rules defined in `PrometheusRule` objects.\n4. All vector selectors of PromQL expressions defined in `PrometheusRule` objects.\n\nThe label will not added for objects referenced in `spec.excludedFromEnforcement`.\n\nThe label's name is this field's value.\nThe label's value is the namespace of the `ServiceMonitor`,\n`PodMonitor`, `Probe`, `PrometheusRule` or `ScrapeConfig` object.", "type": "string" }, "enforcedSampleLimit": { - "description": "EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead.", + "description": "When defined, enforcedSampleLimit specifies a global limit on the number\nof scraped samples that will be accepted. This overrides any\n`spec.sampleLimit` set by ServiceMonitor, PodMonitor, Probe objects\nunless `spec.sampleLimit` is greater than zero and less than\n`spec.enforcedSampleLimit`.\n\nIt is meant to be used by admins to keep the overall number of\nsamples/series under a desired limit.\n\nWhen both `enforcedSampleLimit` and `sampleLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined sampleLimit value will inherit the global sampleLimit value (Prometheus >= 2.45.0) or the enforcedSampleLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedSampleLimit` is greater than the `sampleLimit`, the `sampleLimit` will be set to `enforcedSampleLimit`.\n* Scrape objects with a sampleLimit value less than or equal to enforcedSampleLimit keep their specific value.\n* Scrape objects with a sampleLimit value greater than enforcedSampleLimit are set to enforcedSampleLimit.", "format": "int64", "type": "integer" }, "enforcedTargetLimit": { - "description": "EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced.", + "description": "When defined, enforcedTargetLimit specifies a global limit on the number\nof scraped targets. The value overrides any `spec.targetLimit` set by\nServiceMonitor, PodMonitor, Probe objects unless `spec.targetLimit` is\ngreater than zero and less than `spec.enforcedTargetLimit`.\n\nIt is meant to be used by admins to to keep the overall number of\ntargets under a desired limit.\n\nWhen both `enforcedTargetLimit` and `targetLimit` are defined and greater than zero, the following rules apply:\n* Scrape objects without a defined targetLimit value will inherit the global targetLimit value (Prometheus >= 2.45.0) or the enforcedTargetLimit value (Prometheus < v2.45.0).\n If Prometheus version is >= 2.45.0 and the `enforcedTargetLimit` is greater than the `targetLimit`, the `targetLimit` will be set to `enforcedTargetLimit`.\n* Scrape objects with a targetLimit value less than or equal to enforcedTargetLimit keep their specific value.\n* Scrape objects with a targetLimit value greater than enforcedTargetLimit are set to enforcedTargetLimit.", "format": "int64", "type": "integer" }, "evaluationInterval": { "default": "30s", - "description": "Interval between consecutive evaluations. Default: `30s`", + "description": "Interval between rule evaluations.\nDefault: \"30s\"", "pattern": "^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$", "type": "string" }, "excludedFromEnforcement": { - "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects to be excluded from enforcing a namespace label of origin. Applies only if enforcedNamespaceLabel set to true.", + "description": "List of references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects\nto be excluded from enforcing a namespace label of origin.\n\nIt is only applicable if `spec.enforcedNamespaceLabel` set to true.", "items": { "description": "ObjectReference references a PodMonitor, ServiceMonitor, Probe or PrometheusRule object.", "properties": { @@ -2511,11 +3195,11 @@ "type": "string" }, "name": { - "description": "Name of the referent. When not set, all resources are matched.", + "description": "Name of the referent. When not set, all resources in the namespace are matched.", "type": "string" }, "namespace": { - "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "description": "Namespace of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "minLength": 1, "type": "string" }, @@ -2525,7 +3209,8 @@ "prometheusrules", "servicemonitors", "podmonitors", - "probes" + "probes", + "scrapeconfigs" ], "type": "string" } @@ -2539,10 +3224,10 @@ "type": "array" }, "exemplars": { - "description": "Exemplars related settings that are runtime reloadable. It requires to enable the exemplar storage feature to be effective.", + "description": "Exemplars related settings that are runtime reloadable.\nIt requires to enable the `exemplar-storage` feature flag to be effective.", "properties": { "maxSize": { - "description": "Maximum number of exemplars stored in memory for all series. If not set, Prometheus uses its default value. A value of zero or less than zero disables the storage.", + "description": "Maximum number of exemplars stored in memory for all series.\n\nexemplar-storage itself must be enabled using the `spec.enableFeature`\noption for exemplars to be scraped in the first place.\n\nIf not set, Prometheus uses its default value. A value of zero or less\nthan zero disables the storage.", "format": "int64", "type": "integer" } @@ -2554,17 +3239,17 @@ "additionalProperties": { "type": "string" }, - "description": "The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).", + "description": "The labels to add to any time series or alerts when communicating with\nexternal systems (federation, remote storage, Alertmanager).\nLabels defined by `spec.replicaExternalLabelName` and\n`spec.prometheusExternalLabelName` take precedence over this list.", "type": "object" }, "externalUrl": { - "description": "The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name.", + "description": "The external URL under which the Prometheus service is externally\navailable. This is necessary to generate correct URLs (for instance if\nPrometheus is accessible behind an Ingress resource).", "type": "string" }, "hostAliases": { - "description": "Pods' hostAliases configuration", + "description": "Optional list of hosts and IPs that will be injected into the Pod's\nhosts file if specified.", "items": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the\npod's hosts file.", "properties": { "hostnames": { "description": "Hostnames for the above IP address.", @@ -2590,21 +3275,36 @@ ], "x-kubernetes-list-type": "map" }, + "hostNetwork": { + "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).", + "type": "boolean" + }, "ignoreNamespaceSelectors": { - "description": "IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from all PodMonitor, ServiceMonitor and Probe objects. They will only discover endpoints within the namespace of the PodMonitor, ServiceMonitor and Probe objects. Defaults to false.", + "description": "When true, `spec.namespaceSelector` from all PodMonitor, ServiceMonitor\nand Probe objects will be ignored. They will only discover targets\nwithin the namespace of the PodMonitor, ServiceMonitor and Probe\nobject.", "type": "boolean" }, "image": { - "description": "Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured.", + "description": "Container image name for Prometheus. If specified, it takes precedence\nover the `spec.baseImage`, `spec.tag` and `spec.sha` fields.\n\nSpecifying `spec.version` is still necessary to ensure the Prometheus\nOperator knows which version of Prometheus is being configured.\n\nIf neither `spec.image` nor `spec.baseImage` are defined, the operator\nwill use the latest upstream version of Prometheus available at the time\nwhen the operator was released.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy for the 'prometheus', 'init-config-reloader' and 'config-reloader' containers.\nSee https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy for more details.", + "enum": [ + "", + "Always", + "Never", + "IfNotPresent" + ], "type": "string" }, "imagePullSecrets": { - "description": "An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", + "description": "An optional list of references to Secrets in the same namespace\nto use for pulling images from registries.\nSee http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod", "items": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "description": "LocalObjectReference contains enough information to let you locate the\nreferenced object inside the same namespace.", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" } }, @@ -2614,26 +3314,28 @@ "type": "array" }, "initContainers": { - "description": "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ InitContainers described here modify an operator generated init containers if they share the same name and modifications are done via a strategic merge patch. The current init container name is: `init-config-reloader`. Overriding init containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice.", + "description": "InitContainers allows injecting initContainers to the Pod definition. Those\ncan be used to e.g. fetch secrets for injection into the Prometheus\nconfiguration from external sources. Any errors during the execution of\nan initContainer will lead to a restart of the Pod. More info:\nhttps://kubernetes.io/docs/concepts/workloads/pods/init-containers/\nInitContainers described here modify an operator generated init\ncontainers if they share the same name and modifications are done via a\nstrategic merge patch.\n\nThe names of init container name managed by the operator are:\n* `init-config-reloader`.\n\nOverriding init containers is entirely outside the scope of what the\nmaintainers will support and by doing so, you accept that this behaviour\nmay break at any time without notice.", "items": { "description": "A single application container that you want to run within a pod.", "properties": { "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "description": "List of environment variables to set in the container.\nCannot be updated.", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { @@ -2642,7 +3344,7 @@ "type": "string" }, "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { @@ -2656,7 +3358,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2671,7 +3374,7 @@ "x-kubernetes-map-type": "atomic" }, "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", @@ -2689,7 +3392,7 @@ "x-kubernetes-map-type": "atomic" }, "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", @@ -2727,7 +3430,8 @@ "type": "string" }, "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2750,10 +3454,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "description": "List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated.", "items": { "description": "EnvFromSource represents the source of a set of ConfigMaps", "properties": { @@ -2761,7 +3469,8 @@ "description": "The ConfigMap to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2780,7 +3489,8 @@ "description": "The Secret to select from", "properties": { "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + "default": "", + "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { @@ -2794,40 +3504,42 @@ }, "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "description": "Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets.", "type": "string" }, "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images", + "description": "Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images", "type": "string" }, "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "description": "Actions that the management system should take in response to container lifecycle events.\nCannot be updated.", "properties": { "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2836,7 +3548,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2850,7 +3562,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2865,11 +3578,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2878,8 +3591,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2894,7 +3621,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -2907,26 +3634,27 @@ "type": "object" }, "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "description": "PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -2935,7 +3663,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -2949,7 +3677,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -2964,11 +3693,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -2977,8 +3706,22 @@ ], "type": "object" }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "seconds" + ], + "type": "object" + }, "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified.", + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor backward compatibility. There is no validation of this field and\nlifecycle hooks will fail at runtime when it is specified.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -2993,7 +3736,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -3009,28 +3752,29 @@ "type": "object" }, "livenessProbe": { - "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -3038,7 +3782,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3048,10 +3793,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -3060,7 +3805,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -3074,7 +3819,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -3089,11 +3835,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -3103,22 +3849,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -3133,7 +3879,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -3143,12 +3889,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -3156,16 +3902,16 @@ "type": "object" }, "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "description": "Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated.", "type": "string" }, "ports": { - "description": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", + "description": "List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated.", "items": { "description": "ContainerPort represents a network port in a single container.", "properties": { "containerPort": { - "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + "description": "Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536.", "format": "int32", "type": "integer" }, @@ -3174,17 +3920,17 @@ "type": "string" }, "hostPort": { - "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "description": "Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this.", "format": "int32", "type": "integer" }, "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services.", "type": "string" }, "protocol": { "default": "TCP", - "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".", + "description": "Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\".", "type": "string" } }, @@ -3201,28 +3947,29 @@ "x-kubernetes-list-type": "map" }, "readinessProbe": { - "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -3230,7 +3977,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3240,10 +3988,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -3252,7 +4000,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -3266,7 +4014,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -3281,11 +4030,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -3295,22 +4044,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -3325,7 +4074,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -3335,21 +4084,69 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } }, "type": "object" }, + "resizePolicy": { + "description": "Resources resize policy for the container.", + "items": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", + "properties": { + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory.", + "type": "string" + }, + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired.", + "type": "string" + } + }, + "required": [ + "resourceName", + "restartPolicy" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-type": "atomic" + }, "resources": { - "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "items": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "properties": { + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", + "type": "string" + }, + "request": { + "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", + "type": "string" + } + }, + "required": [ + "name" + ], + "type": "object" + }, + "type": "array", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, "limits": { "additionalProperties": { "anyOf": [ @@ -3363,7 +4160,7 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { @@ -3379,21 +4176,42 @@ "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object" }, + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted.", + "type": "string" + }, "securityContext": { - "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "description": "SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "properties": { "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "description": "AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile\noverrides the pod's appArmorProfile.\nNote that this field cannot be set when spec.os.name is windows.", + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used.\nThe profile must be preconfigured on the node to work.\nMust match the loaded name of the profile.\nMust be set if and only if type is \"Localhost\".", + "type": "string" + }, + "type": { + "description": "type indicates which kind of AppArmor profile will be applied.\nValid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.", + "type": "string" + } + }, + "required": [ + "type" + ], + "type": "object" + }, "capabilities": { - "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "description": "The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "add": { "description": "Added capabilities", @@ -3401,7 +4219,8 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "drop": { "description": "Removed capabilities", @@ -3409,39 +4228,40 @@ "description": "Capability represent POSIX capabilities type", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.", + "description": "procMount denotes the type of proc mount to use for the containers.\nThe default value is Default which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows.", "type": "string" }, "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "description": "Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows.", "type": "boolean" }, "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "boolean" }, "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "format": "int64", "type": "integer" }, "seLinuxOptions": { - "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "description": "The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "level": { "description": "Level is SELinux level label that applies to the container.", @@ -3463,14 +4283,14 @@ "type": "object" }, "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "description": "The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows.", "properties": { "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\".", + "description": "localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type.", "type": "string" }, "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.", + "description": "type indicates which kind of seccomp profile will be applied.\nValid options are:\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied.", "type": "string" } }, @@ -3480,10 +4300,10 @@ "type": "object" }, "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "description": "The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux.", "properties": { "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "description": "GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field.", "type": "string" }, "gmsaCredentialSpecName": { @@ -3491,11 +4311,11 @@ "type": "string" }, "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "description": "HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true.", "type": "boolean" }, "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "description": "The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.", "type": "string" } }, @@ -3505,28 +4325,29 @@ "type": "object" }, "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { - "description": "Exec specifies the action to take.", + "description": "Exec specifies a command to execute in the container.", "properties": { "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1.", "format": "int32", "type": "integer" }, "grpc": { - "description": "GRPC specifies an action involving a GRPC port. This is a beta field and requires enabling GRPCContainerProbe feature gate.", + "description": "GRPC specifies a GRPC HealthCheckRequest.", "properties": { "port": { "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", @@ -3534,7 +4355,8 @@ "type": "integer" }, "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). \n If this is not specified, the default behavior is defined by gRPC.", + "default": "", + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, @@ -3544,10 +4366,10 @@ "type": "object" }, "httpGet": { - "description": "HTTPGet specifies the http request to perform.", + "description": "HTTPGet specifies an HTTP GET request to perform.", "properties": { "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { @@ -3556,7 +4378,7 @@ "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { - "description": "The header field name", + "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { @@ -3570,7 +4392,8 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", @@ -3585,11 +4408,11 @@ "type": "string" } ], - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true }, "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.", + "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "type": "string" } }, @@ -3599,22 +4422,22 @@ "type": "object" }, "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "description": "How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1.", "format": "int32", "type": "integer" }, "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", "format": "int32", "type": "integer" }, "tcpSocket": { - "description": "TCPSocket specifies an action involving a TCP port.", + "description": "TCPSocket specifies a connection to a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", @@ -3629,7 +4452,7 @@ "type": "string" } ], - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "description": "Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME.", "x-kubernetes-int-or-string": true } }, @@ -3639,12 +4462,12 @@ "type": "object" }, "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "format": "int64", "type": "integer" }, "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "description": "Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" } @@ -3652,23 +4475,23 @@ "type": "object" }, "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false.", "type": "boolean" }, "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "description": "Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false", "type": "boolean" }, "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "description": "Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated.", "type": "string" }, "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.", + "description": "Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated.", "type": "string" }, "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false.", "type": "boolean" }, "volumeDevices": { @@ -3691,19 +4514,23 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map" }, "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "description": "Pod volumes to mount into the container's filesystem.\nCannot be updated.", "items": { "description": "VolumeMount describes a mounting of a Volume within a container.", "properties": { "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "description": "Path within the container at which the volume should be mounted. Must\nnot contain ':'.", "type": "string" }, "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.", + "description": "mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10.\nWhen RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified\n(which defaults to None).", "type": "string" }, "name": { @@ -3711,15 +4538,19 @@ "type": "string" }, "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "description": "Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false.", "type": "boolean" }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled\nrecursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made\nrecursively read-only. If this field is set to IfPossible, the mount is made\nrecursively read-only, if it is supported by the container runtime. If this\nfield is set to Enabled, the mount is made recursively read-only if it is\nsupported by the container runtime, otherwise the pod will not be started and\nan error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to\nNone (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "description": "Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root).", "type": "string" }, "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "description": "Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive.", "type": "string" } }, @@ -3729,10 +4560,14 @@ ], "type": "object" }, - "type": "array" + "type": "array", + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map" }, "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "description": "Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated.", "type": "string" } }, @@ -3743,12 +4578,32 @@ }, "type": "array" }, + "keepDroppedTargets": { + "description": "Per-scrape limit on the number of targets dropped by relabeling\nthat will be kept in memory. 0 means no limit.\n\nIt requires Prometheus >= v2.47.0.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedKeepDroppedTargets.", + "format": "int64", + "type": "integer" + }, + "labelLimit": { + "description": "Per-scrape limit on number of labels that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelLimit.", + "format": "int64", + "type": "integer" + }, + "labelNameLengthLimit": { + "description": "Per-scrape limit on length of labels name that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelNameLengthLimit.", + "format": "int64", + "type": "integer" + }, + "labelValueLengthLimit": { + "description": "Per-scrape limit on length of labels value that will be accepted for a sample.\nOnly valid in Prometheus versions 2.45.0 and newer.\n\nNote that the global limit only applies to scrape objects that don't specify an explicit limit value.\nIf you want to enforce a maximum limit for all scrape objects, refer to enforcedLabelValueLengthLimit.", + "format": "int64", + "type": "integer" + }, "listenLocal": { - "description": "ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP.", + "description": "When true, the Prometheus server listens on the loopback address\ninstead of the Pod IP's address.", "type": "boolean" }, "logFormat": { - "description": "Log format for Prometheus to be configured with.", + "description": "Log format for Log level for Prometheus and the config-reloader sidecar.", "enum": [ "", "logfmt", @@ -3757,7 +4612,7 @@ "type": "string" }, "logLevel": { - "description": "Log level for Prometheus to be configured with.", + "description": "Log level for Prometheus and the config-reloader sidecar.", "enum": [ "", "debug", @@ -3767,49 +4622,107 @@ ], "type": "string" }, + "maximumStartupDurationSeconds": { + "description": "Defines the maximum time that the `prometheus` container's startup probe will wait before being considered failed. The startup probe will return success after the WAL replay is complete.\nIf set, the value should be greater than 60 (seconds). Otherwise it will be equal to 600 seconds (15 minutes).", + "format": "int32", + "minimum": 60, + "type": "integer" + }, "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.", + "description": "Minimum number of seconds for which a newly created Pod should be ready\nwithout any of its container crashing for it to be considered available.\nDefaults to 0 (pod will be considered available as soon as it is ready)\n\nThis is an alpha field from kubernetes 1.22 until 1.24 which requires\nenabling the StatefulSetMinReadySeconds feature gate.", "format": "int32", "type": "integer" }, + "nameValidationScheme": { + "description": "Specifies the validation scheme for metric and label names.", + "enum": [ + "UTF8", + "Legacy" + ], + "type": "string" + }, "nodeSelector": { "additionalProperties": { "type": "string" }, - "description": "Define which Nodes the Pods are scheduled on.", + "description": "Defines on which Nodes the Pods are scheduled.", "type": "object" }, + "otlp": { + "description": "Settings related to the OTLP receiver feature.\nIt requires Prometheus >= v2.55.0.", + "properties": { + "keepIdentifyingResourceAttributes": { + "description": "Enables adding `service.name`, `service.namespace` and `service.instance.id`\nresource attributes to the `target_info` metric, on top of converting them into the `instance` and `job` labels.\n\nIt requires Prometheus >= v3.1.0.", + "type": "boolean" + }, + "promoteResourceAttributes": { + "description": "List of OpenTelemetry Attributes that should be promoted to metric labels, defaults to none.", + "items": { + "minLength": 1, + "type": "string" + }, + "minItems": 1, + "type": "array", + "x-kubernetes-list-type": "set" + }, + "translationStrategy": { + "description": "Configures how the OTLP receiver endpoint translates the incoming metrics.\n\nIt requires Prometheus >= v3.0.0.", + "enum": [ + "NoUTF8EscapingWithSuffixes", + "UnderscoreEscapingWithSuffixes" + ], + "type": "string" + } + }, + "type": "object", + "additionalProperties": false + }, "overrideHonorLabels": { - "description": "When true, Prometheus resolves label conflicts by renaming the labels in the scraped data to \"exported_