From 8614a5d54e8c81638b3caa7745e1d3a227dac9a1 Mon Sep 17 00:00:00 2001 From: Yves Galante Date: Tue, 23 Jan 2024 16:12:37 +0100 Subject: [PATCH] feat(init): Initalize blueprint module --- LICENSE | 201 + README.md | 59 + .../k8s.io/api/apps/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/apps/v1/types_go_gen.cue | 946 ++ .../v1/annotation_key_constants_go_gen.cue | 147 + cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue | 6 + .../k8s.io/api/core/v1/register_go_gen.cue | 7 + .../gen/k8s.io/api/core/v1/types_go_gen.cue | 7617 +++++++++++++++++ .../api/core/v1/well_known_labels_go_gen.cue | 59 + .../api/core/v1/well_known_taints_go_gen.cue | 38 + .../pkg/api/resource/amount_go_gen.cue | 47 + .../pkg/api/resource/math_go_gen.cue | 13 + .../pkg/api/resource/quantity_go_gen.cue | 107 + .../pkg/api/resource/suffix_go_gen.cue | 10 + .../pkg/apis/meta/v1/duration_go_gen.cue | 10 + .../pkg/apis/meta/v1/group_version_go_gen.cue | 48 + .../pkg/apis/meta/v1/meta_go_gen.cue | 33 + .../pkg/apis/meta/v1/micro_time_go_gen.cue | 14 + .../pkg/apis/meta/v1/register_go_gen.cue | 9 + .../pkg/apis/meta/v1/time_go_gen.cue | 14 + .../pkg/apis/meta/v1/time_proto_go_gen.cue | 21 + .../pkg/apis/meta/v1/types_go_gen.cue | 1561 ++++ .../pkg/apis/meta/v1/watch_go_gen.cue | 30 + .../pkg/runtime/allocator_go_gen.cue | 10 + .../apimachinery/pkg/runtime/codec_go_gen.cue | 37 + .../pkg/runtime/conversion_go_gen.cue | 7 + .../pkg/runtime/converter_go_gen.cue | 9 + .../apimachinery/pkg/runtime/doc_go_gen.cue | 39 + .../pkg/runtime/embedded_go_gen.cue | 7 + .../pkg/runtime/helper_go_gen.cue | 23 + .../pkg/runtime/interfaces_go_gen.cue | 165 + .../pkg/runtime/negotiate_go_gen.cue | 12 + .../pkg/runtime/splice_go_gen.cue | 12 + .../runtime/swagger_doc_generator_go_gen.cue | 14 + .../apimachinery/pkg/runtime/types_go_gen.cue | 97 + .../pkg/runtime/types_proto_go_gen.cue | 9 + .../apimachinery/pkg/types/doc_go_gen.cue | 6 + .../pkg/types/namespacedname_go_gen.cue | 12 + .../pkg/types/nodename_go_gen.cue | 31 + .../apimachinery/pkg/types/patch_go_gen.cue | 21 + .../apimachinery/pkg/types/uid_go_gen.cue | 10 + .../pkg/util/intstr/intstr_go_gen.cue | 31 + .../apimachinery/pkg/watch/doc_go_gen.cue | 7 + .../apimachinery/pkg/watch/filter_go_gen.cue | 10 + .../apimachinery/pkg/watch/mux_go_gen.cue | 25 + .../pkg/watch/streamwatcher_go_gen.cue | 12 + .../apimachinery/pkg/watch/watch_go_gen.cue | 48 + cue.mod/module.cue | 1 + .../pkg/timoni.sh/core/v1alpha1/action.cue | 26 + cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue | 101 + .../pkg/timoni.sh/core/v1alpha1/immutable.cue | 49 + .../pkg/timoni.sh/core/v1alpha1/instance.cue | 27 + .../pkg/timoni.sh/core/v1alpha1/metadata.cue | 115 + .../pkg/timoni.sh/core/v1alpha1/object.cue | 21 + .../timoni.sh/core/v1alpha1/requirements.cue | 40 + .../pkg/timoni.sh/core/v1alpha1/selector.cue | 19 + .../pkg/timoni.sh/core/v1alpha1/semver.cue | 29 + debug_tool.cue | 35 + debug_values.cue | 27 + templates/config.cue | 107 + templates/deployment.cue | 68 + templates/service.cue | 27 + timoni.cue | 42 + timoni.ignore | 14 + values.cue | 10 + 65 files changed, 12416 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue create mode 100644 cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue create mode 100644 cue.mod/module.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue create mode 100644 cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue create mode 100644 debug_tool.cue create mode 100644 debug_values.cue create mode 100644 templates/config.cue create mode 100644 templates/deployment.cue create mode 100644 templates/service.cue create mode 100644 timoni.cue create mode 100644 timoni.ignore create mode 100644 values.cue diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..02f52ba --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 Stefan Prodan + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..4524e87 --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +# keycloak + +A [timoni.sh](http://timoni.sh) module for deploying keycloak to Kubernetes clusters. + +## Install + +To create an instance using the default values: + +```shell +timoni -n default apply keycloak oci:// +``` + +To change the [default configuration](#configuration), +create one or more `values.cue` files and apply them to the instance. + +For example, create a file `my-values.cue` with the following content: + +```cue +values: { + resources: requests: { + cpu: "100m" + memory: "128Mi" + } +} +``` + +And apply the values with: + +```shell +timoni -n default apply keycloak oci:// \ +--values ./my-values.cue +``` + +## Uninstall + +To uninstall an instance and delete all its Kubernetes resources: + +```shell +timoni -n default delete keycloak +``` + +## Configuration + +| Key | Type | Default | Description | +|--------------------------|----------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------| +| `image: tag:` | `string` | `` | Container image tag | +| `image: digest:` | `string` | `""` | Container image digest, takes precedence over `tag` when specified | +| `image: repository:` | `string` | `docker.io/nginx` | Container image repository | +| `image: pullPolicy:` | `string` | `IfNotPresent` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | +| `metadata: labels:` | `{[ string]: string}` | `{}` | Common labels for all resources | +| `metadata: annotations:` | `{[ string]: string}` | `{}` | Common annotations for all resources | +| `pod: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to pods | +| `pod: affinity:` | `corev1.#Affinity` | `{}` | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | +| `pod: imagePullSecrets:` | `[...timoniv1.#ObjectReference]` | `[]` | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod) | +| `replicas:` | `int` | `1` | Kubernetes deployment replicas | +| `resources:` | `timoniv1.#ResourceRequirements` | `{}` | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers) | +| `securityContext:` | `corev1.#SecurityContext` | `{}` | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context) | +| `service: annotations:` | `{[ string]: string}` | `{}` | Annotations applied to the Kubernetes Service | +| `service: port:` | `int` | `80` | Kubernetes Service HTTP port | diff --git a/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue new file mode 100644 index 0000000..c2497a5 --- /dev/null +++ b/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/apps/v1 + +package v1 + +#GroupName: "apps" diff --git a/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue new file mode 100644 index 0000000..d3ecc83 --- /dev/null +++ b/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue @@ -0,0 +1,946 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/apps/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +#ControllerRevisionHashLabelKey: "controller-revision-hash" +#StatefulSetRevisionLabel: "controller-revision-hash" +#DeprecatedRollbackTo: "deprecated.deployment.rollback.to" +#DeprecatedTemplateGeneration: "deprecated.daemonset.template.generation" +#StatefulSetPodNameLabel: "statefulset.kubernetes.io/pod-name" +#PodIndexLabel: "apps.kubernetes.io/pod-index" + +// StatefulSet represents a set of pods with consistent identities. +// Identities are defined as: +// - Network: A single stable DNS and hostname. +// - Storage: As many VolumeClaims as requested. +// +// The StatefulSet guarantees that a given network identity will always +// map to the same storage identity. +#StatefulSet: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the desired identities of pods in this set. + // +optional + spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is the current status of Pods in this StatefulSet. This data + // may be out of date by some window of time. + // +optional + status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PodManagementPolicyType defines the policy for creating pods under a stateful set. +// +enum +#PodManagementPolicyType: string // #enumPodManagementPolicyType + +#enumPodManagementPolicyType: + #OrderedReadyPodManagement | + #ParallelPodManagement + +// OrderedReadyPodManagement will create pods in strictly increasing order on +// scale up and strictly decreasing order on scale down, progressing only when +// the previous pod is ready or terminated. At most one pod will be changed +// at any time. +#OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady" + +// ParallelPodManagement will create and delete pods as soon as the stateful set +// replica count is changed, and will not wait for pods to be ready or complete +// termination. +#ParallelPodManagement: #PodManagementPolicyType & "Parallel" + +// StatefulSetUpdateStrategy indicates the strategy that the StatefulSet +// controller will use to perform updates. It includes any additional parameters +// necessary to perform the update for the indicated strategy. +#StatefulSetUpdateStrategy: { + // Type indicates the type of the StatefulSetUpdateStrategy. + // Default is RollingUpdate. + // +optional + type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType) + + // RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType. + // +optional + rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt) +} + +// StatefulSetUpdateStrategyType is a string enumeration type that enumerates +// all possible update strategies for the StatefulSet controller. +// +enum +#StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType + +#enumStatefulSetUpdateStrategyType: + #RollingUpdateStatefulSetStrategyType | + #OnDeleteStatefulSetStrategyType + +// RollingUpdateStatefulSetStrategyType indicates that update will be +// applied to all Pods in the StatefulSet with respect to the StatefulSet +// ordering constraints. When a scale operation is performed with this +// strategy, new Pods will be created from the specification version indicated +// by the StatefulSet's updateRevision. +#RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate" + +// OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version +// tracking and ordered rolling restarts are disabled. Pods are recreated +// from the StatefulSetSpec when they are manually deleted. When a scale +// operation is performed with this strategy,specification version indicated +// by the StatefulSet's currentRevision. +#OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete" + +// RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType. +#RollingUpdateStatefulSetStrategy: { + // Partition indicates the ordinal at which the StatefulSet should be partitioned + // for updates. During a rolling update, all pods from ordinal Replicas-1 to + // Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. + // This is helpful in being able to do a canary based deployment. The default value is 0. + // +optional + partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt) + + // The maximum number of pods that can be unavailable during the update. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // Absolute number is calculated from percentage by rounding up. This can not be 0. + // Defaults to 1. This field is alpha-level and is only honored by servers that enable the + // MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to + // Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it + // will be counted towards MaxUnavailable. + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt) +} + +// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine +// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is +// deleted or scaled down. +#PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType + +#enumPersistentVolumeClaimRetentionPolicyType: + #RetainPersistentVolumeClaimRetentionPolicyType | + #DeletePersistentVolumeClaimRetentionPolicyType + +// RetainPersistentVolumeClaimRetentionPolicyType is the default +// PersistentVolumeClaimRetentionPolicy and specifies that +// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates +// will not be deleted. +#RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain" + +// RetentionPersistentVolumeClaimRetentionPolicyType specifies that +// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates +// will be deleted in the scenario specified in +// StatefulSetPersistentVolumeClaimRetentionPolicy. +#DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete" + +// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs +// created from the StatefulSet VolumeClaimTemplates. +#StatefulSetPersistentVolumeClaimRetentionPolicy: { + // WhenDeleted specifies what happens to PVCs created from StatefulSet + // VolumeClaimTemplates when the StatefulSet is deleted. The default policy + // of `Retain` causes PVCs to not be affected by StatefulSet deletion. The + // `Delete` policy causes those PVCs to be deleted. + whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) + + // WhenScaled specifies what happens to PVCs created from StatefulSet + // VolumeClaimTemplates when the StatefulSet is scaled down. The default + // policy of `Retain` causes PVCs to not be affected by a scaledown. The + // `Delete` policy causes the associated PVCs for any excess pods above + // the replica count to be deleted. + whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType) +} + +// StatefulSetOrdinals describes the policy used for replica ordinal assignment +// in this StatefulSet. +#StatefulSetOrdinals: { + // start is the number representing the first replica's index. It may be used + // to number replicas from an alternate index (eg: 1-indexed) over the default + // 0-indexed names, or to orchestrate progressive movement of replicas from + // one StatefulSet to another. + // If set, replica indices will be in the range: + // [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas). + // If unset, defaults to 0. Replica indices will be in the range: + // [0, .spec.replicas). + // +optional + start: int32 @go(Start) @protobuf(1,varint,opt) +} + +// A StatefulSetSpec is the specification of a StatefulSet. +#StatefulSetSpec: { + // replicas is the desired number of replicas of the given Template. + // These are replicas in the sense that they are instantiations of the + // same Template, but individual replicas also have a consistent identity. + // If unspecified, defaults to 1. + // TODO: Consider a rename of this field. + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // selector is a label query over pods that should match the replica count. + // It must match the pod template's labels. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // template is the object that describes the pod that will be created if + // insufficient replicas are detected. Each pod stamped out by the StatefulSet + // will fulfill this Template, but have a unique identity from the rest + // of the StatefulSet. Each pod will be named with the format + // -. For example, a pod in a StatefulSet named + // "web" with index number "3" would be named "web-3". + // The only allowed template.spec.restartPolicy value is "Always". + template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) + + // volumeClaimTemplates is a list of claims that pods are allowed to reference. + // The StatefulSet controller is responsible for mapping network identities to + // claims in a way that maintains the identity of a pod. Every claim in + // this list must have at least one matching (by name) volumeMount in one + // container in the template. A claim in this list takes precedence over + // any volumes in the template, with the same name. + // TODO: Define the behavior if a claim already exists with the same name. + // +optional + volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep) + + // serviceName is the name of the service that governs this StatefulSet. + // This service must exist before the StatefulSet, and is responsible for + // the network identity of the set. Pods get DNS/hostnames that follow the + // pattern: pod-specific-string.serviceName.default.svc.cluster.local + // where "pod-specific-string" is managed by the StatefulSet controller. + serviceName: string @go(ServiceName) @protobuf(5,bytes,opt) + + // podManagementPolicy controls how pods are created during initial scale up, + // when replacing pods on nodes, or when scaling down. The default policy is + // `OrderedReady`, where pods are created in increasing order (pod-0, then + // pod-1, etc) and the controller will wait until each pod is ready before + // continuing. When scaling down, the pods are removed in the opposite order. + // The alternative policy is `Parallel` which will create pods in parallel + // to match the desired scale without waiting, and on scale down will delete + // all pods at once. + // +optional + podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType) + + // updateStrategy indicates the StatefulSetUpdateStrategy that will be + // employed to update Pods in the StatefulSet when a revision is made to + // Template. + updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt) + + // revisionHistoryLimit is the maximum number of revisions that will + // be maintained in the StatefulSet's revision history. The revision history + // consists of all revisions not represented by a currently applied + // StatefulSetSpec version. The default value is 10. + revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt) + + // persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent + // volume claims created from volumeClaimTemplates. By default, all persistent + // volume claims are created as needed and retained until manually deleted. This + // policy allows the lifecycle to be altered, for example by deleting persistent + // volume claims when their stateful set is deleted, or when their pod is scaled + // down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, + // which is alpha. +optional + persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt) + + // ordinals controls the numbering of replica indices in a StatefulSet. The + // default ordinals behavior assigns a "0" index to the first replica and + // increments the index by one for each additional replica requested. Using + // the ordinals field requires the StatefulSetStartOrdinal feature gate to be + // enabled, which is beta. + // +optional + ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt) +} + +// StatefulSetStatus represents the current state of a StatefulSet. +#StatefulSetStatus: { + // observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the + // StatefulSet's generation, which is updated on mutation by the API Server. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) + + // replicas is the number of Pods created by the StatefulSet controller. + replicas: int32 @go(Replicas) @protobuf(2,varint,opt) + + // readyReplicas is the number of pods created for this StatefulSet with a Ready Condition. + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt) + + // currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version + // indicated by currentRevision. + currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt) + + // updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version + // indicated by updateRevision. + updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt) + + // currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the + // sequence [0,currentReplicas). + currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt) + + // updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence + // [replicas-updatedReplicas,replicas) + updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt) + + // collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller + // uses this field as a collision avoidance mechanism when it needs to create the name for the + // newest ControllerRevision. + // +optional + collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) + + // Represents the latest available observations of a statefulset's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep) + + // Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset. + // +optional + availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt) +} + +#StatefulSetConditionType: string + +// StatefulSetCondition describes the state of a statefulset at a certain point. +#StatefulSetCondition: { + // Type of statefulset condition. + type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // Last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// StatefulSetList is a collection of StatefulSets. +#StatefulSetList: { + metav1.#TypeMeta + + // Standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of stateful sets. + items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep) +} + +// Deployment enables declarative updates for Pods and ReplicaSets. +#Deployment: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the Deployment. + // +optional + spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the Deployment. + // +optional + status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt) +} + +// DeploymentSpec is the specification of the desired behavior of the Deployment. +#DeploymentSpec: { + // Number of desired pods. This is a pointer to distinguish between explicit + // zero and not specified. Defaults to 1. + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // Label selector for pods. Existing ReplicaSets whose pods are + // selected by this will be the ones affected by this deployment. + // It must match the pod template's labels. + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // Template describes the pods that will be created. + // The only allowed template.spec.restartPolicy value is "Always". + template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) + + // The deployment strategy to use to replace existing pods with new ones. + // +optional + // +patchStrategy=retainKeys + strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing, for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt) + + // The number of old ReplicaSets to retain to allow rollback. + // This is a pointer to distinguish between explicit zero and not specified. + // Defaults to 10. + // +optional + revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) + + // Indicates that the deployment is paused. + // +optional + paused?: bool @go(Paused) @protobuf(7,varint,opt) + + // The maximum time in seconds for a deployment to make progress before it + // is considered to be failed. The deployment controller will continue to + // process failed deployments and a condition with a ProgressDeadlineExceeded + // reason will be surfaced in the deployment status. Note that progress will + // not be estimated during the time a deployment is paused. Defaults to 600s. + progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt) +} + +// DefaultDeploymentUniqueLabelKey is the default key of the selector that is added +// to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets +// to select new pods (and old pods being select by new ReplicaSet). +#DefaultDeploymentUniqueLabelKey: "pod-template-hash" + +// DeploymentStrategy describes how to replace existing pods with new ones. +#DeploymentStrategy: { + // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + // +optional + type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType) + + // Rolling update config params. Present only if DeploymentStrategyType = + // RollingUpdate. + //--- + // TODO: Update this to follow our convention for oneOf, whatever we decide it + // to be. + // +optional + rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt) +} + +// +enum +#DeploymentStrategyType: string // #enumDeploymentStrategyType + +#enumDeploymentStrategyType: + #RecreateDeploymentStrategyType | + #RollingUpdateDeploymentStrategyType + +// Kill all existing pods before creating new ones. +#RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate" + +// Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one. +#RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate" + +// Spec to control the desired behavior of rolling update. +#RollingUpdateDeployment: { + // The maximum number of pods that can be unavailable during the update. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // Absolute number is calculated from percentage by rounding down. + // This can not be 0 if MaxSurge is 0. + // Defaults to 25%. + // Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods + // immediately when the rolling update starts. Once new pods are ready, old ReplicaSet + // can be scaled down further, followed by scaling up the new ReplicaSet, ensuring + // that the total number of pods available at all times during the update is at + // least 70% of desired pods. + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) + + // The maximum number of pods that can be scheduled above the desired number of + // pods. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // This can not be 0 if MaxUnavailable is 0. + // Absolute number is calculated from percentage by rounding up. + // Defaults to 25%. + // Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when + // the rolling update starts, such that the total number of old and new pods do not exceed + // 130% of desired pods. Once old pods have been killed, + // new ReplicaSet can be scaled up further, ensuring that total number of pods running + // at any time during the update is at most 130% of desired pods. + // +optional + maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) +} + +// DeploymentStatus is the most recently observed status of the Deployment. +#DeploymentStatus: { + // The generation observed by the deployment controller. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt) + + // Total number of non-terminated pods targeted by this deployment (their labels match the selector). + // +optional + replicas?: int32 @go(Replicas) @protobuf(2,varint,opt) + + // Total number of non-terminated pods targeted by this deployment that have the desired template spec. + // +optional + updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt) + + // readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + // +optional + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt) + + // Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + // +optional + availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt) + + // Total number of unavailable pods targeted by this deployment. This is the total number of + // pods that are still required for the deployment to have 100% available capacity. They may + // either be pods that are running but not yet available or pods that still have not been created. + // +optional + unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt) + + // Represents the latest available observations of a deployment's current state. + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep) + + // Count of hash collisions for the Deployment. The Deployment controller uses this + // field as a collision avoidance mechanism when it needs to create the name for the + // newest ReplicaSet. + // +optional + collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt) +} + +#DeploymentConditionType: string // #enumDeploymentConditionType + +#enumDeploymentConditionType: + #DeploymentAvailable | + #DeploymentProgressing | + #DeploymentReplicaFailure + +// Available means the deployment is available, ie. at least the minimum available +// replicas required are up and running for at least minReadySeconds. +#DeploymentAvailable: #DeploymentConditionType & "Available" + +// Progressing means the deployment is progressing. Progress for a deployment is +// considered when a new replica set is created or adopted, and when new pods scale +// up or old pods scale down. Progress is not estimated for paused deployments or +// when progressDeadlineSeconds is not specified. +#DeploymentProgressing: #DeploymentConditionType & "Progressing" + +// ReplicaFailure is added in a deployment when one of its pods fails to be created +// or deleted. +#DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure" + +// DeploymentCondition describes the state of a deployment at a certain point. +#DeploymentCondition: { + // Type of deployment condition. + type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // The last time this condition was updated. + lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt) + + // Last time the condition transitioned from one status to another. + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt) + + // The reason for the condition's last transition. + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// DeploymentList is a list of Deployments. +#DeploymentList: { + metav1.#TypeMeta + + // Standard list metadata. + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of Deployments. + items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep) +} + +// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. +#DaemonSetUpdateStrategy: { + // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. + // +optional + type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt) + + // Rolling update config params. Present only if type = "RollingUpdate". + //--- + // TODO: Update this to follow our convention for oneOf, whatever we decide it + // to be. Same as Deployment `strategy.rollingUpdate`. + // See https://github.com/kubernetes/kubernetes/issues/35345 + // +optional + rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt) +} + +// +enum +#DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType + +#enumDaemonSetUpdateStrategyType: + #RollingUpdateDaemonSetStrategyType | + #OnDeleteDaemonSetStrategyType + +// Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other. +#RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate" + +// Replace the old daemons only when it's killed +#OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete" + +// Spec to control the desired behavior of daemon set rolling update. +#RollingUpdateDaemonSet: { + // The maximum number of DaemonSet pods that can be unavailable during the + // update. Value can be an absolute number (ex: 5) or a percentage of total + // number of DaemonSet pods at the start of the update (ex: 10%). Absolute + // number is calculated from percentage by rounding up. + // This cannot be 0 if MaxSurge is 0 + // Default value is 1. + // Example: when this is set to 30%, at most 30% of the total number of nodes + // that should be running the daemon pod (i.e. status.desiredNumberScheduled) + // can have their pods stopped for an update at any given time. The update + // starts by stopping at most 30% of those DaemonSet pods and then brings + // up new DaemonSet pods in their place. Once the new pods are available, + // it then proceeds onto other DaemonSet pods, thus ensuring that at least + // 70% of original number of DaemonSet pods are available at all times during + // the update. + // +optional + maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt) + + // The maximum number of nodes with an existing available DaemonSet pod that + // can have an updated DaemonSet pod during during an update. + // Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + // This can not be 0 if MaxUnavailable is 0. + // Absolute number is calculated from percentage by rounding up to a minimum of 1. + // Default value is 0. + // Example: when this is set to 30%, at most 30% of the total number of nodes + // that should be running the daemon pod (i.e. status.desiredNumberScheduled) + // can have their a new pod created before the old pod is marked as deleted. + // The update starts by launching new pods on 30% of nodes. Once an updated + // pod is available (Ready for at least minReadySeconds) the old DaemonSet pod + // on that node is marked deleted. If the old pod becomes unavailable for any + // reason (Ready transitions to false, is evicted, or is drained) an updated + // pod is immediatedly created on that node without considering surge limits. + // Allowing surge implies the possibility that the resources consumed by the + // daemonset on any given node can double if the readiness check fails, and + // so resource intensive daemonsets should take into account that they may + // cause evictions during disruption. + // +optional + maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt) +} + +// DaemonSetSpec is the specification of a daemon set. +#DaemonSetSpec: { + // A label query over pods that are managed by the daemon set. + // Must match in order to be controlled. + // It must match the pod template's labels. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt) + + // An object that describes the pod that will be created. + // The DaemonSet will create exactly one copy of this pod on every node + // that matches the template's node selector (or on every node if no node + // selector is specified). + // The only allowed template.spec.restartPolicy value is "Always". + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template + template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) + + // An update strategy to replace existing DaemonSet pods with new pods. + // +optional + updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt) + + // The minimum number of seconds for which a newly created DaemonSet pod should + // be ready without any of its container crashing, for it to be considered + // available. Defaults to 0 (pod will be considered available as soon as it + // is ready). + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) + + // The number of old history to retain to allow rollback. + // This is a pointer to distinguish between explicit zero and not specified. + // Defaults to 10. + // +optional + revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt) +} + +// DaemonSetStatus represents the current status of a daemon set. +#DaemonSetStatus: { + // The number of nodes that are running at least 1 + // daemon pod and are supposed to run the daemon pod. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ + currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt) + + // The number of nodes that are running the daemon pod, but are + // not supposed to run the daemon pod. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ + numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt) + + // The total number of nodes that should be running the daemon + // pod (including nodes correctly running the daemon pod). + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ + desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt) + + // numberReady is the number of nodes that should be running the daemon pod and have one + // or more of the daemon pod running with a Ready Condition. + numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt) + + // The most recent generation observed by the daemon set controller. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt) + + // The total number of nodes that are running updated daemon pod + // +optional + updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt) + + // The number of nodes that should be running the + // daemon pod and have one or more of the daemon pod running and + // available (ready for at least spec.minReadySeconds) + // +optional + numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt) + + // The number of nodes that should be running the + // daemon pod and have none of the daemon pod running and available + // (ready for at least spec.minReadySeconds) + // +optional + numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt) + + // Count of hash collisions for the DaemonSet. The DaemonSet controller + // uses this field as a collision avoidance mechanism when it needs to + // create the name for the newest ControllerRevision. + // +optional + collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt) + + // Represents the latest available observations of a DaemonSet's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep) +} + +#DaemonSetConditionType: string + +// DaemonSetCondition describes the state of a DaemonSet at a certain point. +#DaemonSetCondition: { + // Type of DaemonSet condition. + type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // Last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// DaemonSet represents the configuration of a daemon set. +#DaemonSet: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The desired behavior of this daemon set. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt) + + // The current status of this daemon set. This data may be + // out of date by some window of time. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// DefaultDaemonSetUniqueLabelKey is the default label key that is added +// to existing DaemonSet pods to distinguish between old and new +// DaemonSet pods during DaemonSet template updates. +#DefaultDaemonSetUniqueLabelKey: "controller-revision-hash" + +// DaemonSetList is a collection of daemon sets. +#DaemonSetList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // A list of daemon sets. + items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep) +} + +// ReplicaSet ensures that a specified number of pod replicas are running at any given time. +#ReplicaSet: { + metav1.#TypeMeta + + // If the Labels of a ReplicaSet are empty, they are defaulted to + // be the same as the Pod(s) that the ReplicaSet manages. + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the specification of the desired behavior of the ReplicaSet. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is the most recently observed status of the ReplicaSet. + // This data may be out of date by some window of time. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ReplicaSetList is a collection of ReplicaSets. +#ReplicaSetList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ReplicaSets. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller + items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep) +} + +// ReplicaSetSpec is the specification of a ReplicaSet. +#ReplicaSetSpec: { + // Replicas is the number of desired replicas. + // This is a pointer to distinguish between explicit zero and unspecified. + // Defaults to 1. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing, for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) + + // Selector is a label query over pods that should match the replica count. + // Label keys and values that must match in order to be controlled by this replica set. + // It must match the pod template's labels. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt) + + // Template is the object that describes the pod that will be created if + // insufficient replicas are detected. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template + // +optional + template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt) +} + +// ReplicaSetStatus represents the current status of a ReplicaSet. +#ReplicaSetStatus: { + // Replicas is the most recently observed number of replicas. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller + replicas: int32 @go(Replicas) @protobuf(1,varint,opt) + + // The number of pods that have labels matching the labels of the pod template of the replicaset. + // +optional + fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) + + // readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition. + // +optional + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) + + // The number of available replicas (ready for at least minReadySeconds) for this replica set. + // +optional + availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) + + // ObservedGeneration reflects the generation of the most recently observed ReplicaSet. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) + + // Represents the latest available observations of a replica set's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep) +} + +#ReplicaSetConditionType: string // #enumReplicaSetConditionType + +#enumReplicaSetConditionType: + #ReplicaSetReplicaFailure + +// ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created +// due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted +// due to kubelet being down or finalizers are failing. +#ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure" + +// ReplicaSetCondition describes the state of a replica set at a certain point. +#ReplicaSetCondition: { + // Type of replica set condition. + type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType) + + // Status of the condition, one of True, False, Unknown. + status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus) + + // The last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// ControllerRevision implements an immutable snapshot of state data. Clients +// are responsible for serializing and deserializing the objects that contain +// their internal state. +// Once a ControllerRevision has been successfully created, it can not be updated. +// The API Server will fail validation of all requests that attempt to mutate +// the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both +// the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However, +// it may be subject to name and representation changes in future releases, and clients should not +// depend on its stability. It is primarily for internal use by controllers. +#ControllerRevision: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Data is the serialized representation of the state. + data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt) + + // Revision indicates the revision of the state represented by Data. + revision: int64 @go(Revision) @protobuf(3,varint,opt) +} + +// ControllerRevisionList is a resource containing a list of ControllerRevision objects. +#ControllerRevisionList: { + metav1.#TypeMeta + + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of ControllerRevisions + items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep) +} diff --git a/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue new file mode 100644 index 0000000..3a30279 --- /dev/null +++ b/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue @@ -0,0 +1,147 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy +// webhook backend fails. +#ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open" + +// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods +#MirrorPodAnnotationKey: "kubernetes.io/config.mirror" + +// TolerationsAnnotationKey represents the key of tolerations data (json serialized) +// in the Annotations of a Pod. +#TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations" + +// TaintsAnnotationKey represents the key of taints data (json serialized) +// in the Annotations of a Node. +#TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints" + +// SeccompPodAnnotationKey represents the key of a seccomp profile applied +// to all containers of a pod. +// Deprecated: set a pod security context `seccompProfile` field. +#SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod" + +// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied +// to one container of a pod. +// Deprecated: set a container security context `seccompProfile` field. +#SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/" + +// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. +// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. +#SeccompProfileRuntimeDefault: "runtime/default" + +// SeccompProfileNameUnconfined is the unconfined seccomp profile. +#SeccompProfileNameUnconfined: "unconfined" + +// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. +#SeccompLocalhostProfileNamePrefix: "localhost/" + +// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. +#AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/" + +// AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile. +#AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName" + +// AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles. +#AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames" + +// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. +#AppArmorBetaProfileRuntimeDefault: "runtime/default" + +// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. +#AppArmorBetaProfileNamePrefix: "localhost/" + +// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile +#AppArmorBetaProfileNameUnconfined: "unconfined" + +// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. +// Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead. +#DeprecatedSeccompProfileDockerDefault: "docker/default" + +// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) +// in the Annotations of a Node. +#PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods" + +// ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache +// an object (e.g. secret, config map) before fetching it again from apiserver. +// This annotation can be attached to node. +#ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl" + +// annotation key prefix used to identify non-convertible json paths. +#NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io" +_#kubectlPrefix: "kubectl.kubernetes.io/" + +// LastAppliedConfigAnnotation is the annotation used to store the previous +// configuration of a resource for use in a three way diff by UpdateApplyAnnotation. +#LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration" + +// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers +// +// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to +// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow +// access only from the CIDRs currently allocated to MIT & the USPS. +// +// Not all cloud providers support this annotation, though AWS & GCE do. +#AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges" + +// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that +// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') +// of the last change, of some Pod or Service object, that triggered the endpoints object change. +// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints +// controller at T1, and the Endpoints object was changed at T2, the +// EndpointsLastChangeTriggerTime would be set to T0. +// +// The "endpoints change trigger" here means any Pod or Service change that resulted in the +// Endpoints object change. +// +// Given the definition of the "endpoints change trigger", please note that this annotation will +// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the +// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's +// already set). +// +// This annotation will be used to compute the in-cluster network programming latency SLI, see +// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md +#EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time" + +// EndpointsOverCapacity will be set on an Endpoints resource when it +// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints +// controller will set this annotation with a value of "warning". In a +// future release, the controller may set this annotation with a value of +// "truncated" to indicate that any addresses exceeding the limit of 1000 +// have been truncated from the Endpoints resource. +#EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity" + +// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated +// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. +// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or +// CSI Backend for a volume plugin on a specific node. +#MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins" + +// PodDeletionCost can be used to set to an int32 that represent the cost of deleting +// a pod compared to other pods belonging to the same ReplicaSet. Pods with lower +// deletion cost are preferred to be deleted before pods with higher deletion cost. +// Note that this is honored on a best-effort basis, and so it does not offer guarantees on +// pod deletion order. +// The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted. +// +// This annotation is beta-level and is only honored when PodDeletionCost feature is enabled. +#PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost" + +// DeprecatedAnnotationTopologyAwareHints can be used to enable or disable +// Topology Aware Hints for a Service. This may be set to "Auto" or +// "Disabled". Any other value is treated as "Disabled". This annotation has +// been deprecated in favor of the "service.kubernetes.io/topology-mode" +// annotation. +#DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints" + +// AnnotationTopologyMode can be used to enable or disable Topology Aware +// Routing for a Service. Well known values are "Auto" and "Disabled". +// Implementations may choose to develop new topology approaches, exposing +// them with domain-prefixed values. For example, "example.com/lowest-rtt" +// could be a valid implementation-specific value for this annotation. These +// heuristics will often populate topology hints on EndpointSlices, but that +// is not a requirement. +#AnnotationTopologyMode: "service.kubernetes.io/topology-mode" diff --git a/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue new file mode 100644 index 0000000..2bf1afc --- /dev/null +++ b/cue.mod/gen/k8s.io/api/core/v1/doc_go_gen.cue @@ -0,0 +1,6 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +// Package v1 is the v1 version of the core API. +package v1 diff --git a/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue new file mode 100644 index 0000000..29c24ab --- /dev/null +++ b/cue.mod/gen/k8s.io/api/core/v1/register_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +#GroupName: "" diff --git a/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue new file mode 100644 index 0000000..d87edcf --- /dev/null +++ b/cue.mod/gen/k8s.io/api/core/v1/types_go_gen.cue @@ -0,0 +1,7617 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/apimachinery/pkg/types" +) + +// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients +#NamespaceDefault: "default" + +// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces +#NamespaceAll: "" + +// NamespaceNodeLease is the namespace where we place node lease objects (used for node heartbeats) +#NamespaceNodeLease: "kube-node-lease" + +// Volume represents a named volume in a pod that may be accessed by any container in the pod. +#Volume: { + // name of the volume. + // Must be a DNS_LABEL and unique within the pod. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + name: string @go(Name) @protobuf(1,bytes,opt) + + #VolumeSource +} + +// Represents the source of a volume to mount. +// Only one of its members may be specified. +#VolumeSource: { + // hostPath represents a pre-existing file or directory on the host + // machine that is directly exposed to the container. This is generally + // used for system agents or other privileged things that are allowed + // to see the host machine. Most containers will NOT need this. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + // --- + // TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + // mount host directories as read/write. + // +optional + hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(1,bytes,opt) + + // emptyDir represents a temporary directory that shares a pod's lifetime. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + // +optional + emptyDir?: null | #EmptyDirVolumeSource @go(EmptyDir,*EmptyDirVolumeSource) @protobuf(2,bytes,opt) + + // gcePersistentDisk represents a GCE Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(3,bytes,opt) + + // awsElasticBlockStore represents an AWS Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // +optional + awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(4,bytes,opt) + + // gitRepo represents a git repository at a particular revision. + // DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + // EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + // into the Pod's container. + // +optional + gitRepo?: null | #GitRepoVolumeSource @go(GitRepo,*GitRepoVolumeSource) @protobuf(5,bytes,opt) + + // secret represents a secret that should populate this volume. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + // +optional + secret?: null | #SecretVolumeSource @go(Secret,*SecretVolumeSource) @protobuf(6,bytes,opt) + + // nfs represents an NFS mount on the host that shares a pod's lifetime + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + // +optional + nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(7,bytes,opt) + + // iscsi represents an ISCSI Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://examples.k8s.io/volumes/iscsi/README.md + // +optional + iscsi?: null | #ISCSIVolumeSource @go(ISCSI,*ISCSIVolumeSource) @protobuf(8,bytes,opt) + + // glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md + // +optional + glusterfs?: null | #GlusterfsVolumeSource @go(Glusterfs,*GlusterfsVolumeSource) @protobuf(9,bytes,opt) + + // persistentVolumeClaimVolumeSource represents a reference to a + // PersistentVolumeClaim in the same namespace. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + // +optional + persistentVolumeClaim?: null | #PersistentVolumeClaimVolumeSource @go(PersistentVolumeClaim,*PersistentVolumeClaimVolumeSource) @protobuf(10,bytes,opt) + + // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + // More info: https://examples.k8s.io/volumes/rbd/README.md + // +optional + rbd?: null | #RBDVolumeSource @go(RBD,*RBDVolumeSource) @protobuf(11,bytes,opt) + + // flexVolume represents a generic volume resource that is + // provisioned/attached using an exec based plugin. + // +optional + flexVolume?: null | #FlexVolumeSource @go(FlexVolume,*FlexVolumeSource) @protobuf(12,bytes,opt) + + // cinder represents a cinder volume attached and mounted on kubelets host machine. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + cinder?: null | #CinderVolumeSource @go(Cinder,*CinderVolumeSource) @protobuf(13,bytes,opt) + + // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + // +optional + cephfs?: null | #CephFSVolumeSource @go(CephFS,*CephFSVolumeSource) @protobuf(14,bytes,opt) + + // flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + // +optional + flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(15,bytes,opt) + + // downwardAPI represents downward API about the pod that should populate this volume + // +optional + downwardAPI?: null | #DownwardAPIVolumeSource @go(DownwardAPI,*DownwardAPIVolumeSource) @protobuf(16,bytes,opt) + + // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + // +optional + fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(17,bytes,opt) + + // azureFile represents an Azure File Service mount on the host and bind mount to the pod. + // +optional + azureFile?: null | #AzureFileVolumeSource @go(AzureFile,*AzureFileVolumeSource) @protobuf(18,bytes,opt) + + // configMap represents a configMap that should populate this volume + // +optional + configMap?: null | #ConfigMapVolumeSource @go(ConfigMap,*ConfigMapVolumeSource) @protobuf(19,bytes,opt) + + // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + // +optional + vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(20,bytes,opt) + + // quobyte represents a Quobyte mount on the host that shares a pod's lifetime + // +optional + quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(21,bytes,opt) + + // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + // +optional + azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(22,bytes,opt) + + // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(23,bytes,opt) + + // projected items for all in one resources secrets, configmaps, and downward API + projected?: null | #ProjectedVolumeSource @go(Projected,*ProjectedVolumeSource) @protobuf(26,bytes,opt) + + // portworxVolume represents a portworx volume attached and mounted on kubelets host machine + // +optional + portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(24,bytes,opt) + + // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + // +optional + scaleIO?: null | #ScaleIOVolumeSource @go(ScaleIO,*ScaleIOVolumeSource) @protobuf(25,bytes,opt) + + // storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + // +optional + storageos?: null | #StorageOSVolumeSource @go(StorageOS,*StorageOSVolumeSource) @protobuf(27,bytes,opt) + + // csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + // +optional + csi?: null | #CSIVolumeSource @go(CSI,*CSIVolumeSource) @protobuf(28,bytes,opt) + + // ephemeral represents a volume that is handled by a cluster storage driver. + // The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + // and deleted when the pod is removed. + // + // Use this if: + // a) the volume is only needed while the pod runs, + // b) features of normal volumes like restoring from snapshot or capacity + // tracking are needed, + // c) the storage driver is specified through a storage class, and + // d) the storage driver supports dynamic volume provisioning through + // a PersistentVolumeClaim (see EphemeralVolumeSource for more + // information on the connection between this volume type + // and PersistentVolumeClaim). + // + // Use PersistentVolumeClaim or one of the vendor-specific + // APIs for volumes that persist for longer than the lifecycle + // of an individual pod. + // + // Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + // be used that way - see the documentation of the driver for + // more information. + // + // A pod can use both types of ephemeral volumes and + // persistent volumes at the same time. + // + // +optional + ephemeral?: null | #EphemeralVolumeSource @go(Ephemeral,*EphemeralVolumeSource) @protobuf(29,bytes,opt) +} + +// PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. +// This volume finds the bound PV and mounts that volume for the pod. A +// PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another +// type of volume that is owned by someone else (the system). +#PersistentVolumeClaimVolumeSource: { + // claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + claimName: string @go(ClaimName) @protobuf(1,bytes,opt) + + // readOnly Will force the ReadOnly setting in VolumeMounts. + // Default false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) +} + +// PersistentVolumeSource is similar to VolumeSource but meant for the +// administrator who creates PVs. Exactly one of its members must be set. +#PersistentVolumeSource: { + // gcePersistentDisk represents a GCE Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. Provisioned by an admin. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + gcePersistentDisk?: null | #GCEPersistentDiskVolumeSource @go(GCEPersistentDisk,*GCEPersistentDiskVolumeSource) @protobuf(1,bytes,opt) + + // awsElasticBlockStore represents an AWS Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // +optional + awsElasticBlockStore?: null | #AWSElasticBlockStoreVolumeSource @go(AWSElasticBlockStore,*AWSElasticBlockStoreVolumeSource) @protobuf(2,bytes,opt) + + // hostPath represents a directory on the host. + // Provisioned by a developer or tester. + // This is useful for single-node development and testing only! + // On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + // +optional + hostPath?: null | #HostPathVolumeSource @go(HostPath,*HostPathVolumeSource) @protobuf(3,bytes,opt) + + // glusterfs represents a Glusterfs volume that is attached to a host and + // exposed to the pod. Provisioned by an admin. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md + // +optional + glusterfs?: null | #GlusterfsPersistentVolumeSource @go(Glusterfs,*GlusterfsPersistentVolumeSource) @protobuf(4,bytes,opt) + + // nfs represents an NFS mount on the host. Provisioned by an admin. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + // +optional + nfs?: null | #NFSVolumeSource @go(NFS,*NFSVolumeSource) @protobuf(5,bytes,opt) + + // rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + // More info: https://examples.k8s.io/volumes/rbd/README.md + // +optional + rbd?: null | #RBDPersistentVolumeSource @go(RBD,*RBDPersistentVolumeSource) @protobuf(6,bytes,opt) + + // iscsi represents an ISCSI Disk resource that is attached to a + // kubelet's host machine and then exposed to the pod. Provisioned by an admin. + // +optional + iscsi?: null | #ISCSIPersistentVolumeSource @go(ISCSI,*ISCSIPersistentVolumeSource) @protobuf(7,bytes,opt) + + // cinder represents a cinder volume attached and mounted on kubelets host machine. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + cinder?: null | #CinderPersistentVolumeSource @go(Cinder,*CinderPersistentVolumeSource) @protobuf(8,bytes,opt) + + // cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + // +optional + cephfs?: null | #CephFSPersistentVolumeSource @go(CephFS,*CephFSPersistentVolumeSource) @protobuf(9,bytes,opt) + + // fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + // +optional + fc?: null | #FCVolumeSource @go(FC,*FCVolumeSource) @protobuf(10,bytes,opt) + + // flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running + // +optional + flocker?: null | #FlockerVolumeSource @go(Flocker,*FlockerVolumeSource) @protobuf(11,bytes,opt) + + // flexVolume represents a generic volume resource that is + // provisioned/attached using an exec based plugin. + // +optional + flexVolume?: null | #FlexPersistentVolumeSource @go(FlexVolume,*FlexPersistentVolumeSource) @protobuf(12,bytes,opt) + + // azureFile represents an Azure File Service mount on the host and bind mount to the pod. + // +optional + azureFile?: null | #AzureFilePersistentVolumeSource @go(AzureFile,*AzureFilePersistentVolumeSource) @protobuf(13,bytes,opt) + + // vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + // +optional + vsphereVolume?: null | #VsphereVirtualDiskVolumeSource @go(VsphereVolume,*VsphereVirtualDiskVolumeSource) @protobuf(14,bytes,opt) + + // quobyte represents a Quobyte mount on the host that shares a pod's lifetime + // +optional + quobyte?: null | #QuobyteVolumeSource @go(Quobyte,*QuobyteVolumeSource) @protobuf(15,bytes,opt) + + // azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + // +optional + azureDisk?: null | #AzureDiskVolumeSource @go(AzureDisk,*AzureDiskVolumeSource) @protobuf(16,bytes,opt) + + // photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + photonPersistentDisk?: null | #PhotonPersistentDiskVolumeSource @go(PhotonPersistentDisk,*PhotonPersistentDiskVolumeSource) @protobuf(17,bytes,opt) + + // portworxVolume represents a portworx volume attached and mounted on kubelets host machine + // +optional + portworxVolume?: null | #PortworxVolumeSource @go(PortworxVolume,*PortworxVolumeSource) @protobuf(18,bytes,opt) + + // scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + // +optional + scaleIO?: null | #ScaleIOPersistentVolumeSource @go(ScaleIO,*ScaleIOPersistentVolumeSource) @protobuf(19,bytes,opt) + + // local represents directly-attached storage with node affinity + // +optional + local?: null | #LocalVolumeSource @go(Local,*LocalVolumeSource) @protobuf(20,bytes,opt) + + // storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod + // More info: https://examples.k8s.io/volumes/storageos/README.md + // +optional + storageos?: null | #StorageOSPersistentVolumeSource @go(StorageOS,*StorageOSPersistentVolumeSource) @protobuf(21,bytes,opt) + + // csi represents storage that is handled by an external CSI driver (Beta feature). + // +optional + csi?: null | #CSIPersistentVolumeSource @go(CSI,*CSIPersistentVolumeSource) @protobuf(22,bytes,opt) +} + +// BetaStorageClassAnnotation represents the beta/previous StorageClass annotation. +// It's currently still used and will be held for backwards compatibility +#BetaStorageClassAnnotation: "volume.beta.kubernetes.io/storage-class" + +// MountOptionAnnotation defines mount option annotation used in PVs +#MountOptionAnnotation: "volume.beta.kubernetes.io/mount-options" + +// PersistentVolume (PV) is a storage resource provisioned by an administrator. +// It is analogous to a node. +// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes +#PersistentVolume: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec defines a specification of a persistent volume owned by the cluster. + // Provisioned by an administrator. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes + // +optional + spec?: #PersistentVolumeSpec @go(Spec) @protobuf(2,bytes,opt) + + // status represents the current information/status for the persistent volume. + // Populated by the system. + // Read-only. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes + // +optional + status?: #PersistentVolumeStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PersistentVolumeSpec is the specification of a persistent volume. +#PersistentVolumeSpec: { + // capacity is the description of the persistent volume's resources and capacity. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity + // +optional + capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + #PersistentVolumeSource + + // accessModes contains all ways the volume can be mounted. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes + // +optional + accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(3,bytes,rep,casttype=PersistentVolumeAccessMode) + + // claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. + // Expected to be non-nil when bound. + // claim.VolumeName is the authoritative bind between PV and PVC. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding + // +optional + // +structType=granular + claimRef?: null | #ObjectReference @go(ClaimRef,*ObjectReference) @protobuf(4,bytes,opt) + + // persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. + // Valid options are Retain (default for manually created PersistentVolumes), Delete (default + // for dynamically provisioned PersistentVolumes), and Recycle (deprecated). + // Recycle must be supported by the volume plugin underlying this PersistentVolume. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming + // +optional + persistentVolumeReclaimPolicy?: #PersistentVolumeReclaimPolicy @go(PersistentVolumeReclaimPolicy) @protobuf(5,bytes,opt,casttype=PersistentVolumeReclaimPolicy) + + // storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value + // means that this volume does not belong to any StorageClass. + // +optional + storageClassName?: string @go(StorageClassName) @protobuf(6,bytes,opt) + + // mountOptions is the list of mount options, e.g. ["ro", "soft"]. Not validated - mount will + // simply fail if one is invalid. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options + // +optional + mountOptions?: [...string] @go(MountOptions,[]string) @protobuf(7,bytes,opt) + + // volumeMode defines if a volume is intended to be used with a formatted filesystem + // or to remain in raw block state. Value of Filesystem is implied when not included in spec. + // +optional + volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(8,bytes,opt,casttype=PersistentVolumeMode) + + // nodeAffinity defines constraints that limit what nodes this volume can be accessed from. + // This field influences the scheduling of pods that use this volume. + // +optional + nodeAffinity?: null | #VolumeNodeAffinity @go(NodeAffinity,*VolumeNodeAffinity) @protobuf(9,bytes,opt) +} + +// VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from. +#VolumeNodeAffinity: { + // required specifies hard node constraints that must be met. + required?: null | #NodeSelector @go(Required,*NodeSelector) @protobuf(1,bytes,opt) +} + +// PersistentVolumeReclaimPolicy describes a policy for end-of-life maintenance of persistent volumes. +// +enum +#PersistentVolumeReclaimPolicy: string // #enumPersistentVolumeReclaimPolicy + +#enumPersistentVolumeReclaimPolicy: + #PersistentVolumeReclaimRecycle | + #PersistentVolumeReclaimDelete | + #PersistentVolumeReclaimRetain + +// PersistentVolumeReclaimRecycle means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. +// The volume plugin must support Recycling. +#PersistentVolumeReclaimRecycle: #PersistentVolumeReclaimPolicy & "Recycle" + +// PersistentVolumeReclaimDelete means the volume will be deleted from Kubernetes on release from its claim. +// The volume plugin must support Deletion. +#PersistentVolumeReclaimDelete: #PersistentVolumeReclaimPolicy & "Delete" + +// PersistentVolumeReclaimRetain means the volume will be left in its current phase (Released) for manual reclamation by the administrator. +// The default policy is Retain. +#PersistentVolumeReclaimRetain: #PersistentVolumeReclaimPolicy & "Retain" + +// PersistentVolumeMode describes how a volume is intended to be consumed, either Block or Filesystem. +// +enum +#PersistentVolumeMode: string // #enumPersistentVolumeMode + +#enumPersistentVolumeMode: + #PersistentVolumeBlock | + #PersistentVolumeFilesystem + +// PersistentVolumeBlock means the volume will not be formatted with a filesystem and will remain a raw block device. +#PersistentVolumeBlock: #PersistentVolumeMode & "Block" + +// PersistentVolumeFilesystem means the volume will be or is formatted with a filesystem. +#PersistentVolumeFilesystem: #PersistentVolumeMode & "Filesystem" + +// PersistentVolumeStatus is the current status of a persistent volume. +#PersistentVolumeStatus: { + // phase indicates if a volume is available, bound to a claim, or released by a claim. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase + // +optional + phase?: #PersistentVolumePhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumePhase) + + // message is a human-readable message indicating details about why the volume is in this state. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) + + // reason is a brief CamelCase string that describes any failure and is meant + // for machine parsing and tidy display in the CLI. + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // lastPhaseTransitionTime is the time the phase transitioned from one to another + // and automatically resets to current time everytime a volume phase transitions. + // This is an alpha field and requires enabling PersistentVolumeLastPhaseTransitionTime feature. + // +featureGate=PersistentVolumeLastPhaseTransitionTime + // +optional + lastPhaseTransitionTime?: null | metav1.#Time @go(LastPhaseTransitionTime,*metav1.Time) @protobuf(4,bytes,opt) +} + +// PersistentVolumeList is a list of PersistentVolume items. +#PersistentVolumeList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of persistent volumes. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes + items: [...#PersistentVolume] @go(Items,[]PersistentVolume) @protobuf(2,bytes,rep) +} + +// PersistentVolumeClaim is a user's request for and claim to a persistent volume +#PersistentVolumeClaim: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // spec defines the desired characteristics of a volume requested by a pod author. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + // +optional + spec?: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes,opt) + + // status represents the current information/status of a persistent volume claim. + // Read-only. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + // +optional + status?: #PersistentVolumeClaimStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PersistentVolumeClaimList is a list of PersistentVolumeClaim items. +#PersistentVolumeClaimList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items is a list of persistent volume claims. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + items: [...#PersistentVolumeClaim] @go(Items,[]PersistentVolumeClaim) @protobuf(2,bytes,rep) +} + +// PersistentVolumeClaimSpec describes the common attributes of storage devices +// and allows a Source for provider-specific attributes +#PersistentVolumeClaimSpec: { + // accessModes contains the desired access modes the volume should have. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + // +optional + accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(1,bytes,rep,casttype=PersistentVolumeAccessMode) + + // selector is a label query over volumes to consider for binding. + // +optional + selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt) + + // resources represents the minimum resources the volume should have. + // If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + // that are lower than previous value but must still be higher than capacity recorded in the + // status field of the claim. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + // +optional + resources?: #ResourceRequirements @go(Resources) @protobuf(2,bytes,opt) + + // volumeName is the binding reference to the PersistentVolume backing this claim. + // +optional + volumeName?: string @go(VolumeName) @protobuf(3,bytes,opt) + + // storageClassName is the name of the StorageClass required by the claim. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + // +optional + storageClassName?: null | string @go(StorageClassName,*string) @protobuf(5,bytes,opt) + + // volumeMode defines what type of volume is required by the claim. + // Value of Filesystem is implied when not included in claim spec. + // +optional + volumeMode?: null | #PersistentVolumeMode @go(VolumeMode,*PersistentVolumeMode) @protobuf(6,bytes,opt,casttype=PersistentVolumeMode) + + // dataSource field can be used to specify either: + // * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + // * An existing PVC (PersistentVolumeClaim) + // If the provisioner or an external controller can support the specified data source, + // it will create a new volume based on the contents of the specified data source. + // When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + // and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + // If the namespace is specified, then dataSourceRef will not be copied to dataSource. + // +optional + dataSource?: null | #TypedLocalObjectReference @go(DataSource,*TypedLocalObjectReference) @protobuf(7,bytes,opt) + + // dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + // volume is desired. This may be any object from a non-empty API group (non + // core object) or a PersistentVolumeClaim object. + // When this field is specified, volume binding will only succeed if the type of + // the specified object matches some installed volume populator or dynamic + // provisioner. + // This field will replace the functionality of the dataSource field and as such + // if both fields are non-empty, they must have the same value. For backwards + // compatibility, when namespace isn't specified in dataSourceRef, + // both fields (dataSource and dataSourceRef) will be set to the same + // value automatically if one of them is empty and the other is non-empty. + // When namespace is specified in dataSourceRef, + // dataSource isn't set to the same value and must be empty. + // There are three important differences between dataSource and dataSourceRef: + // * While dataSource only allows two specific types of objects, dataSourceRef + // allows any non-core object, as well as PersistentVolumeClaim objects. + // * While dataSource ignores disallowed values (dropping them), dataSourceRef + // preserves all values, and generates an error if a disallowed value is + // specified. + // * While dataSource only allows local objects, dataSourceRef allows objects + // in any namespaces. + // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + // (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + // +optional + dataSourceRef?: null | #TypedObjectReference @go(DataSourceRef,*TypedObjectReference) @protobuf(8,bytes,opt) +} + +#TypedObjectReference: { + // APIGroup is the group for the resource being referenced. + // If APIGroup is not specified, the specified Kind must be in the core API group. + // For any other third-party types, APIGroup is required. + // +optional + apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) + + // Kind is the type of resource being referenced + kind: string @go(Kind) @protobuf(2,bytes,opt) + + // Name is the name of resource being referenced + name: string @go(Name) @protobuf(3,bytes,opt) + + // Namespace is the namespace of resource being referenced + // Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + // (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + // +featureGate=CrossNamespaceVolumeDataSource + // +optional + namespace?: null | string @go(Namespace,*string) @protobuf(4,bytes,opt) +} + +// PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type +#PersistentVolumeClaimConditionType: string // #enumPersistentVolumeClaimConditionType + +#enumPersistentVolumeClaimConditionType: + #PersistentVolumeClaimResizing | + #PersistentVolumeClaimFileSystemResizePending + +// PersistentVolumeClaimResizing - a user trigger resize of pvc has been started +#PersistentVolumeClaimResizing: #PersistentVolumeClaimConditionType & "Resizing" + +// PersistentVolumeClaimFileSystemResizePending - controller resize is finished and a file system resize is pending on node +#PersistentVolumeClaimFileSystemResizePending: #PersistentVolumeClaimConditionType & "FileSystemResizePending" + +// +enum +// When a controller receives persistentvolume claim update with ClaimResourceStatus for a resource +// that it does not recognizes, then it should ignore that update and let other controllers +// handle it. +#ClaimResourceStatus: string // #enumClaimResourceStatus + +#enumClaimResourceStatus: + #PersistentVolumeClaimControllerResizeInProgress | + #PersistentVolumeClaimControllerResizeFailed | + #PersistentVolumeClaimNodeResizePending | + #PersistentVolumeClaimNodeResizeInProgress | + #PersistentVolumeClaimNodeResizeFailed + +// State set when resize controller starts resizing the volume in control-plane. +#PersistentVolumeClaimControllerResizeInProgress: #ClaimResourceStatus & "ControllerResizeInProgress" + +// State set when resize has failed in resize controller with a terminal error. +// Transient errors such as timeout should not set this status and should leave allocatedResourceStatus +// unmodified, so as resize controller can resume the volume expansion. +#PersistentVolumeClaimControllerResizeFailed: #ClaimResourceStatus & "ControllerResizeFailed" + +// State set when resize controller has finished resizing the volume but further resizing of volume +// is needed on the node. +#PersistentVolumeClaimNodeResizePending: #ClaimResourceStatus & "NodeResizePending" + +// State set when kubelet starts resizing the volume. +#PersistentVolumeClaimNodeResizeInProgress: #ClaimResourceStatus & "NodeResizeInProgress" + +// State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed +#PersistentVolumeClaimNodeResizeFailed: #ClaimResourceStatus & "NodeResizeFailed" + +// PersistentVolumeClaimCondition contains details about state of pvc +#PersistentVolumeClaimCondition: { + type: #PersistentVolumeClaimConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimConditionType) + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // lastProbeTime is the time we probed the condition. + // +optional + lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) + + // lastTransitionTime is the time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // reason is a unique, this should be a short, machine understandable string that gives the reason + // for condition's last transition. If it reports "ResizeStarted" that means the underlying + // persistent volume is being resized. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // message is the human-readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// PersistentVolumeClaimStatus is the current status of a persistent volume claim. +#PersistentVolumeClaimStatus: { + // phase represents the current phase of PersistentVolumeClaim. + // +optional + phase?: #PersistentVolumeClaimPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimPhase) + + // accessModes contains the actual access modes the volume backing the PVC has. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + // +optional + accessModes?: [...#PersistentVolumeAccessMode] @go(AccessModes,[]PersistentVolumeAccessMode) @protobuf(2,bytes,rep,casttype=PersistentVolumeAccessMode) + + // capacity represents the actual resources of the underlying volume. + // +optional + capacity?: #ResourceList @go(Capacity) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // conditions is the current Condition of persistent volume claim. If underlying persistent volume is being + // resized then the Condition will be set to 'ResizeStarted'. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#PersistentVolumeClaimCondition] @go(Conditions,[]PersistentVolumeClaimCondition) @protobuf(4,bytes,rep) + + // allocatedResources tracks the resources allocated to a PVC including its capacity. + // Key names follow standard Kubernetes label syntax. Valid values are either: + // * Un-prefixed keys: + // - storage - the capacity of the volume. + // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + // reserved and hence may not be used. + // + // Capacity reported here may be larger than the actual capacity when a volume expansion operation + // is requested. + // For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. + // If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. + // If a volume expansion capacity request is lowered, allocatedResources is only + // lowered if there are no expansion operations in progress and if the actual volume capacity + // is equal or lower than the requested capacity. + // + // A controller that receives PVC update with previously unknown resourceName + // should ignore the update for the purpose it was designed. For example - a controller that + // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + // resources associated with PVC. + // + // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + // +featureGate=RecoverVolumeExpansionFailure + // +optional + allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // allocatedResourceStatuses stores status of resource being resized for the given PVC. + // Key names follow standard Kubernetes label syntax. Valid values are either: + // * Un-prefixed keys: + // - storage - the capacity of the volume. + // * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" + // Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered + // reserved and hence may not be used. + // + // ClaimResourceStatus can be in any of following states: + // - ControllerResizeInProgress: + // State set when resize controller starts resizing the volume in control-plane. + // - ControllerResizeFailed: + // State set when resize has failed in resize controller with a terminal error. + // - NodeResizePending: + // State set when resize controller has finished resizing the volume but further resizing of + // volume is needed on the node. + // - NodeResizeInProgress: + // State set when kubelet starts resizing the volume. + // - NodeResizeFailed: + // State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + // NodeResizeFailed. + // For example: if expanding a PVC for more capacity - this field can be one of the following states: + // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + // - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + // - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" + // When this field is not set, it means that no resize operation is in progress for the given PVC. + // + // A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus + // should ignore the update for the purpose it was designed. For example - a controller that + // only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid + // resources associated with PVC. + // + // This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. + // +featureGate=RecoverVolumeExpansionFailure + // +mapType=granular + // +optional + allocatedResourceStatuses?: {[string]: #ClaimResourceStatus} @go(AllocatedResourceStatuses,map[ResourceName]ClaimResourceStatus) @protobuf(7,bytes,rep) +} + +// +enum +#PersistentVolumeAccessMode: string // #enumPersistentVolumeAccessMode + +#enumPersistentVolumeAccessMode: + #ReadWriteOnce | + #ReadOnlyMany | + #ReadWriteMany | + #ReadWriteOncePod + +// can be mounted in read/write mode to exactly 1 host +#ReadWriteOnce: #PersistentVolumeAccessMode & "ReadWriteOnce" + +// can be mounted in read-only mode to many hosts +#ReadOnlyMany: #PersistentVolumeAccessMode & "ReadOnlyMany" + +// can be mounted in read/write mode to many hosts +#ReadWriteMany: #PersistentVolumeAccessMode & "ReadWriteMany" + +// can be mounted in read/write mode to exactly 1 pod +// cannot be used in combination with other access modes +#ReadWriteOncePod: #PersistentVolumeAccessMode & "ReadWriteOncePod" + +// +enum +#PersistentVolumePhase: string // #enumPersistentVolumePhase + +#enumPersistentVolumePhase: + #VolumePending | + #VolumeAvailable | + #VolumeBound | + #VolumeReleased | + #VolumeFailed + +// used for PersistentVolumes that are not available +#VolumePending: #PersistentVolumePhase & "Pending" + +// used for PersistentVolumes that are not yet bound +// Available volumes are held by the binder and matched to PersistentVolumeClaims +#VolumeAvailable: #PersistentVolumePhase & "Available" + +// used for PersistentVolumes that are bound +#VolumeBound: #PersistentVolumePhase & "Bound" + +// used for PersistentVolumes where the bound PersistentVolumeClaim was deleted +// released volumes must be recycled before becoming available again +// this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource +#VolumeReleased: #PersistentVolumePhase & "Released" + +// used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim +#VolumeFailed: #PersistentVolumePhase & "Failed" + +// +enum +#PersistentVolumeClaimPhase: string // #enumPersistentVolumeClaimPhase + +#enumPersistentVolumeClaimPhase: + #ClaimPending | + #ClaimBound | + #ClaimLost + +// used for PersistentVolumeClaims that are not yet bound +#ClaimPending: #PersistentVolumeClaimPhase & "Pending" + +// used for PersistentVolumeClaims that are bound +#ClaimBound: #PersistentVolumeClaimPhase & "Bound" + +// used for PersistentVolumeClaims that lost their underlying +// PersistentVolume. The claim was bound to a PersistentVolume and this +// volume does not exist any longer and all data on it was lost. +#ClaimLost: #PersistentVolumeClaimPhase & "Lost" + +// +enum +#HostPathType: string // #enumHostPathType + +#enumHostPathType: + #HostPathUnset | + #HostPathDirectoryOrCreate | + #HostPathDirectory | + #HostPathFileOrCreate | + #HostPathFile | + #HostPathSocket | + #HostPathCharDev | + #HostPathBlockDev + +// For backwards compatible, leave it empty if unset +#HostPathUnset: #HostPathType & "" + +// If nothing exists at the given path, an empty directory will be created there +// as needed with file mode 0755, having the same group and ownership with Kubelet. +#HostPathDirectoryOrCreate: #HostPathType & "DirectoryOrCreate" + +// A directory must exist at the given path +#HostPathDirectory: #HostPathType & "Directory" + +// If nothing exists at the given path, an empty file will be created there +// as needed with file mode 0644, having the same group and ownership with Kubelet. +#HostPathFileOrCreate: #HostPathType & "FileOrCreate" + +// A file must exist at the given path +#HostPathFile: #HostPathType & "File" + +// A UNIX socket must exist at the given path +#HostPathSocket: #HostPathType & "Socket" + +// A character device must exist at the given path +#HostPathCharDev: #HostPathType & "CharDevice" + +// A block device must exist at the given path +#HostPathBlockDev: #HostPathType & "BlockDevice" + +// Represents a host path mapped into a pod. +// Host path volumes do not support ownership management or SELinux relabeling. +#HostPathVolumeSource: { + // path of the directory on the host. + // If the path is a symlink, it will follow the link to the real path. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + path: string @go(Path) @protobuf(1,bytes,opt) + + // type for HostPath Volume + // Defaults to "" + // More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + // +optional + type?: null | #HostPathType @go(Type,*HostPathType) @protobuf(2,bytes,opt) +} + +// Represents an empty directory for a pod. +// Empty directory volumes support ownership management and SELinux relabeling. +#EmptyDirVolumeSource: { + // medium represents what type of storage medium should back this directory. + // The default is "" which means to use the node's default medium. + // Must be an empty string (default) or Memory. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + // +optional + medium?: #StorageMedium @go(Medium) @protobuf(1,bytes,opt,casttype=StorageMedium) + + // sizeLimit is the total amount of local storage required for this EmptyDir volume. + // The size limit is also applicable for memory medium. + // The maximum usage on memory medium EmptyDir would be the minimum value between + // the SizeLimit specified here and the sum of memory limits of all containers in a pod. + // The default is nil which means that the limit is undefined. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + // +optional + sizeLimit?: null | resource.#Quantity @go(SizeLimit,*resource.Quantity) @protobuf(2,bytes,opt) +} + +// Represents a Glusterfs mount that lasts the lifetime of a pod. +// Glusterfs volumes do not support ownership management or SELinux relabeling. +#GlusterfsVolumeSource: { + // endpoints is the endpoint name that details Glusterfs topology. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) + + // path is the Glusterfs volume path. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + path: string @go(Path) @protobuf(2,bytes,opt) + + // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// Represents a Glusterfs mount that lasts the lifetime of a pod. +// Glusterfs volumes do not support ownership management or SELinux relabeling. +#GlusterfsPersistentVolumeSource: { + // endpoints is the endpoint name that details Glusterfs topology. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + endpoints: string @go(EndpointsName) @protobuf(1,bytes,opt) + + // path is the Glusterfs volume path. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + path: string @go(Path) @protobuf(2,bytes,opt) + + // readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // endpointsNamespace is the namespace that contains Glusterfs endpoint. + // If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. + // More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + // +optional + endpointsNamespace?: null | string @go(EndpointsNamespace,*string) @protobuf(4,bytes,opt) +} + +// Represents a Rados Block Device mount that lasts the lifetime of a pod. +// RBD volumes support ownership management and SELinux relabeling. +#RBDVolumeSource: { + // monitors is a collection of Ceph monitors. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) + + // image is the rados image name. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + image: string @go(RBDImage) @protobuf(2,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // pool is the rados pool name. + // Default is rbd. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + pool?: string @go(RBDPool) @protobuf(4,bytes,opt) + + // user is the rados user name. + // Default is admin. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + user?: string @go(RadosUser) @protobuf(5,bytes,opt) + + // keyring is the path to key ring for RBDUser. + // Default is /etc/ceph/keyring. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + keyring?: string @go(Keyring) @protobuf(6,bytes,opt) + + // secretRef is name of the authentication secret for RBDUser. If provided + // overrides keyring. + // Default is nil. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(7,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) +} + +// Represents a Rados Block Device mount that lasts the lifetime of a pod. +// RBD volumes support ownership management and SELinux relabeling. +#RBDPersistentVolumeSource: { + // monitors is a collection of Ceph monitors. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + monitors: [...string] @go(CephMonitors,[]string) @protobuf(1,bytes,rep) + + // image is the rados image name. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + image: string @go(RBDImage) @protobuf(2,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // pool is the rados pool name. + // Default is rbd. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + pool?: string @go(RBDPool) @protobuf(4,bytes,opt) + + // user is the rados user name. + // Default is admin. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + user?: string @go(RadosUser) @protobuf(5,bytes,opt) + + // keyring is the path to key ring for RBDUser. + // Default is /etc/ceph/keyring. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + keyring?: string @go(Keyring) @protobuf(6,bytes,opt) + + // secretRef is name of the authentication secret for RBDUser. If provided + // overrides keyring. + // Default is nil. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(7,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(8,varint,opt) +} + +// Represents a cinder volume resource in Openstack. +// A Cinder volume must exist before mounting to a container. +// The volume must also be in the same region as the kubelet. +// Cinder volumes support ownership management and SELinux relabeling. +#CinderVolumeSource: { + // volumeID used to identify the volume in cinder. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // secretRef is optional: points to a secret object containing parameters used to connect + // to OpenStack. + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(4,bytes,opt) +} + +// Represents a cinder volume resource in Openstack. +// A Cinder volume must exist before mounting to a container. +// The volume must also be in the same region as the kubelet. +// Cinder volumes support ownership management and SELinux relabeling. +#CinderPersistentVolumeSource: { + // volumeID used to identify the volume in cinder. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fsType Filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/mysql-cinder-pd/README.md + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // secretRef is Optional: points to a secret object containing parameters used to connect + // to OpenStack. + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(4,bytes,opt) +} + +// Represents a Ceph Filesystem mount that lasts the lifetime of a pod +// Cephfs volumes do not support ownership management or SELinux relabeling. +#CephFSVolumeSource: { + // monitors is Required: Monitors is a collection of Ceph monitors + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) + + // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + // +optional + path?: string @go(Path) @protobuf(2,bytes,opt) + + // user is optional: User is the rados user name, default is admin + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + user?: string @go(User) @protobuf(3,bytes,opt) + + // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) + + // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) +} + +// SecretReference represents a Secret Reference. It has enough information to retrieve secret +// in any namespace +// +structType=atomic +#SecretReference: { + // name is unique within a namespace to reference a secret resource. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // namespace defines the space within which the secret name must be unique. + // +optional + namespace?: string @go(Namespace) @protobuf(2,bytes,opt) +} + +// Represents a Ceph Filesystem mount that lasts the lifetime of a pod +// Cephfs volumes do not support ownership management or SELinux relabeling. +#CephFSPersistentVolumeSource: { + // monitors is Required: Monitors is a collection of Ceph monitors + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + monitors: [...string] @go(Monitors,[]string) @protobuf(1,bytes,rep) + + // path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / + // +optional + path?: string @go(Path) @protobuf(2,bytes,opt) + + // user is Optional: User is the rados user name, default is admin + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + user?: string @go(User) @protobuf(3,bytes,opt) + + // secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretFile?: string @go(SecretFile) @protobuf(4,bytes,opt) + + // secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(5,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) +} + +// Represents a Flocker volume mounted by the Flocker agent. +// One and only one of datasetName and datasetUUID should be set. +// Flocker volumes do not support ownership management or SELinux relabeling. +#FlockerVolumeSource: { + // datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + // should be considered as deprecated + // +optional + datasetName?: string @go(DatasetName) @protobuf(1,bytes,opt) + + // datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset + // +optional + datasetUUID?: string @go(DatasetUUID) @protobuf(2,bytes,opt) +} + +// StorageMedium defines ways that storage can be allocated to a volume. +#StorageMedium: string // #enumStorageMedium + +#enumStorageMedium: + #StorageMediumDefault | + #StorageMediumMemory | + #StorageMediumHugePages | + #StorageMediumHugePagesPrefix + +#StorageMediumDefault: #StorageMedium & "" +#StorageMediumMemory: #StorageMedium & "Memory" +#StorageMediumHugePages: #StorageMedium & "HugePages" +#StorageMediumHugePagesPrefix: #StorageMedium & "HugePages-" + +// Protocol defines network protocols supported for things like container ports. +// +enum +#Protocol: string // #enumProtocol + +#enumProtocol: + #ProtocolTCP | + #ProtocolUDP | + #ProtocolSCTP + +// ProtocolTCP is the TCP protocol. +#ProtocolTCP: #Protocol & "TCP" + +// ProtocolUDP is the UDP protocol. +#ProtocolUDP: #Protocol & "UDP" + +// ProtocolSCTP is the SCTP protocol. +#ProtocolSCTP: #Protocol & "SCTP" + +// Represents a Persistent Disk resource in Google Compute Engine. +// +// A GCE PD must exist before mounting to a container. The disk must +// also be in the same GCE project and zone as the kubelet. A GCE PD +// can only be mounted as read/write once or read-only many times. GCE +// PDs support ownership management and SELinux relabeling. +#GCEPersistentDiskVolumeSource: { + // pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + pdName: string @go(PDName) @protobuf(1,bytes,opt) + + // fsType is filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // partition is the partition in the volume that you want to mount. + // If omitted, the default is to mount by volume name. + // Examples: For volume /dev/sda1, you specify the partition as "1". + // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + partition?: int32 @go(Partition) @protobuf(3,varint,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) +} + +// Represents a Quobyte mount that lasts the lifetime of a pod. +// Quobyte volumes do not support ownership management or SELinux relabeling. +#QuobyteVolumeSource: { + // registry represents a single or multiple Quobyte Registry services + // specified as a string as host:port pair (multiple entries are separated with commas) + // which acts as the central registry for volumes + registry: string @go(Registry) @protobuf(1,bytes,opt) + + // volume is a string that references an already created Quobyte volume by name. + volume: string @go(Volume) @protobuf(2,bytes,opt) + + // readOnly here will force the Quobyte volume to be mounted with read-only permissions. + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // user to map volume access to + // Defaults to serivceaccount user + // +optional + user?: string @go(User) @protobuf(4,bytes,opt) + + // group to map volume access to + // Default is no group + // +optional + group?: string @go(Group) @protobuf(5,bytes,opt) + + // tenant owning the given Quobyte volume in the Backend + // Used with dynamically provisioned Quobyte volumes, value is set by the plugin + // +optional + tenant?: string @go(Tenant) @protobuf(6,bytes,opt) +} + +// FlexPersistentVolumeSource represents a generic persistent volume resource that is +// provisioned/attached using an exec based plugin. +#FlexPersistentVolumeSource: { + // driver is the name of the driver to use for this volume. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // fsType is the Filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // secretRef is Optional: SecretRef is reference to the secret object containing + // sensitive information to pass to the plugin scripts. This may be + // empty if no secret object is specified. If the secret object + // contains more than one secret, all secrets are passed to the plugin + // scripts. + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) + + // readOnly is Optional: defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // options is Optional: this field holds extra command options if any. + // +optional + options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) +} + +// FlexVolume represents a generic volume resource that is +// provisioned/attached using an exec based plugin. +#FlexVolumeSource: { + // driver is the name of the driver to use for this volume. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // secretRef is Optional: secretRef is reference to the secret object containing + // sensitive information to pass to the plugin scripts. This may be + // empty if no secret object is specified. If the secret object + // contains more than one secret, all secrets are passed to the plugin + // scripts. + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) + + // readOnly is Optional: defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // options is Optional: this field holds extra command options if any. + // +optional + options?: {[string]: string} @go(Options,map[string]string) @protobuf(5,bytes,rep) +} + +// Represents a Persistent Disk resource in AWS. +// +// An AWS EBS disk must exist before mounting to a container. The disk +// must also be in the same AWS zone as the kubelet. An AWS EBS disk +// can only be mounted as read/write once. AWS EBS volumes support +// ownership management and SELinux relabeling. +#AWSElasticBlockStoreVolumeSource: { + // volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // partition is the partition in the volume that you want to mount. + // If omitted, the default is to mount by volume name. + // Examples: For volume /dev/sda1, you specify the partition as "1". + // Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + // +optional + partition?: int32 @go(Partition) @protobuf(3,varint,opt) + + // readOnly value true will force the readOnly setting in VolumeMounts. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) +} + +// Represents a volume that is populated with the contents of a git repository. +// Git repo volumes do not support ownership management. +// Git repo volumes support SELinux relabeling. +// +// DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +// EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +// into the Pod's container. +#GitRepoVolumeSource: { + // repository is the URL + repository: string @go(Repository) @protobuf(1,bytes,opt) + + // revision is the commit hash for the specified revision. + // +optional + revision?: string @go(Revision) @protobuf(2,bytes,opt) + + // directory is the target directory name. + // Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + // git repository. Otherwise, if specified, the volume will contain the git repository in + // the subdirectory with the given name. + // +optional + directory?: string @go(Directory) @protobuf(3,bytes,opt) +} + +// Adapts a Secret into a volume. +// +// The contents of the target Secret's Data field will be presented in a volume +// as files using the keys in the Data field as the file names. +// Secret volumes support ownership management and SELinux relabeling. +#SecretVolumeSource: { + // secretName is the name of the secret in the pod's namespace to use. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + // +optional + secretName?: string @go(SecretName) @protobuf(1,bytes,opt) + + // items If unspecified, each key-value pair in the Data field of the referenced + // Secret will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the Secret, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // defaultMode is Optional: mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values + // for mode bits. Defaults to 0644. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,bytes,opt) + + // optional field specify whether the Secret or its keys must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +#SecretVolumeSourceDefaultMode: int32 & 0o644 + +// Adapts a secret into a projected volume. +// +// The contents of the target Secret's Data field will be presented in a +// projected volume as files using the keys in the Data field as the file names. +// Note that this is identical to a secret volume source without the default +// mode. +#SecretProjection: { + #LocalObjectReference + + // items if unspecified, each key-value pair in the Data field of the referenced + // Secret will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the Secret, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // optional field specify whether the Secret or its key must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +// Represents an NFS mount that lasts the lifetime of a pod. +// NFS volumes do not support ownership management or SELinux relabeling. +#NFSVolumeSource: { + // server is the hostname or IP address of the NFS server. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + server: string @go(Server) @protobuf(1,bytes,opt) + + // path that is exported by the NFS server. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + path: string @go(Path) @protobuf(2,bytes,opt) + + // readOnly here will force the NFS export to be mounted with read-only permissions. + // Defaults to false. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// Represents an ISCSI disk. +// ISCSI volumes can only be mounted as read/write once. +// ISCSI volumes support ownership management and SELinux relabeling. +#ISCSIVolumeSource: { + // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) + + // iqn is the target iSCSI Qualified Name. + iqn: string @go(IQN) @protobuf(2,bytes,opt) + + // lun represents iSCSI Target Lun number. + lun: int32 @go(Lun) @protobuf(3,varint,opt) + + // iscsiInterface is the interface Name that uses an iSCSI transport. + // Defaults to 'default' (tcp). + // +optional + iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(5,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) + + // portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + // +optional + portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) + + // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + // +optional + chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) + + // chapAuthSession defines whether support iSCSI Session CHAP authentication + // +optional + chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) + + // secretRef is the CHAP Secret for iSCSI target and initiator authentication + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(10,bytes,opt) + + // initiatorName is the custom iSCSI Initiator Name. + // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + // : will be created for the connection. + // +optional + initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) +} + +// ISCSIPersistentVolumeSource represents an ISCSI disk. +// ISCSI volumes can only be mounted as read/write once. +// ISCSI volumes support ownership management and SELinux relabeling. +#ISCSIPersistentVolumeSource: { + // targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + targetPortal: string @go(TargetPortal) @protobuf(1,bytes,opt) + + // iqn is Target iSCSI Qualified Name. + iqn: string @go(IQN) @protobuf(2,bytes,opt) + + // lun is iSCSI Target Lun number. + lun: int32 @go(Lun) @protobuf(3,varint,opt) + + // iscsiInterface is the interface Name that uses an iSCSI transport. + // Defaults to 'default' (tcp). + // +optional + iscsiInterface?: string @go(ISCSIInterface) @protobuf(4,bytes,opt) + + // fsType is the filesystem type of the volume that you want to mount. + // Tip: Ensure that the filesystem type is supported by the host operating system. + // Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(5,bytes,opt) + + // readOnly here will force the ReadOnly setting in VolumeMounts. + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(6,varint,opt) + + // portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port + // is other than default (typically TCP ports 860 and 3260). + // +optional + portals?: [...string] @go(Portals,[]string) @protobuf(7,bytes,opt) + + // chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication + // +optional + chapAuthDiscovery?: bool @go(DiscoveryCHAPAuth) @protobuf(8,varint,opt) + + // chapAuthSession defines whether support iSCSI Session CHAP authentication + // +optional + chapAuthSession?: bool @go(SessionCHAPAuth) @protobuf(11,varint,opt) + + // secretRef is the CHAP Secret for iSCSI target and initiator authentication + // +optional + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(10,bytes,opt) + + // initiatorName is the custom iSCSI Initiator Name. + // If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + // : will be created for the connection. + // +optional + initiatorName?: null | string @go(InitiatorName,*string) @protobuf(12,bytes,opt) +} + +// Represents a Fibre Channel volume. +// Fibre Channel volumes can only be mounted as read/write once. +// Fibre Channel volumes support ownership management and SELinux relabeling. +#FCVolumeSource: { + // targetWWNs is Optional: FC target worldwide names (WWNs) + // +optional + targetWWNs?: [...string] @go(TargetWWNs,[]string) @protobuf(1,bytes,rep) + + // lun is Optional: FC target lun number + // +optional + lun?: null | int32 @go(Lun,*int32) @protobuf(2,varint,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // TODO: how do we prevent errors in the filesystem from compromising the machine + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // wwids Optional: FC volume world wide identifiers (wwids) + // Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + // +optional + wwids?: [...string] @go(WWIDs,[]string) @protobuf(5,bytes,rep) +} + +// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +#AzureFileVolumeSource: { + // secretName is the name of secret that contains Azure Storage Account Name and Key + secretName: string @go(SecretName) @protobuf(1,bytes,opt) + + // shareName is the azure share Name + shareName: string @go(ShareName) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// AzureFile represents an Azure File Service mount on the host and bind mount to the pod. +#AzureFilePersistentVolumeSource: { + // secretName is the name of secret that contains Azure Storage Account Name and Key + secretName: string @go(SecretName) @protobuf(1,bytes,opt) + + // shareName is the azure Share Name + shareName: string @go(ShareName) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key + // default is the same as the Pod + // +optional + secretNamespace?: null | string @go(SecretNamespace,*string) @protobuf(4,bytes,opt) +} + +// Represents a vSphere volume resource. +#VsphereVirtualDiskVolumeSource: { + // volumePath is the path that identifies vSphere volume vmdk + volumePath: string @go(VolumePath) @protobuf(1,bytes,opt) + + // fsType is filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // storagePolicyName is the storage Policy Based Management (SPBM) profile name. + // +optional + storagePolicyName?: string @go(StoragePolicyName) @protobuf(3,bytes,opt) + + // storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + // +optional + storagePolicyID?: string @go(StoragePolicyID) @protobuf(4,bytes,opt) +} + +// Represents a Photon Controller persistent disk resource. +#PhotonPersistentDiskVolumeSource: { + // pdID is the ID that identifies Photon Controller persistent disk + pdID: string @go(PdID) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + fsType?: string @go(FSType) @protobuf(2,bytes,opt) +} + +// +enum +#AzureDataDiskCachingMode: string // #enumAzureDataDiskCachingMode + +#enumAzureDataDiskCachingMode: + #AzureDataDiskCachingNone | + #AzureDataDiskCachingReadOnly | + #AzureDataDiskCachingReadWrite + +// +enum +#AzureDataDiskKind: string // #enumAzureDataDiskKind + +#enumAzureDataDiskKind: + #AzureSharedBlobDisk | + #AzureDedicatedBlobDisk | + #AzureManagedDisk + +#AzureDataDiskCachingNone: #AzureDataDiskCachingMode & "None" +#AzureDataDiskCachingReadOnly: #AzureDataDiskCachingMode & "ReadOnly" +#AzureDataDiskCachingReadWrite: #AzureDataDiskCachingMode & "ReadWrite" +#AzureSharedBlobDisk: #AzureDataDiskKind & "Shared" +#AzureDedicatedBlobDisk: #AzureDataDiskKind & "Dedicated" +#AzureManagedDisk: #AzureDataDiskKind & "Managed" + +// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +#AzureDiskVolumeSource: { + // diskName is the Name of the data disk in the blob storage + diskName: string @go(DiskName) @protobuf(1,bytes,opt) + + // diskURI is the URI of data disk in the blob storage + diskURI: string @go(DataDiskURI) @protobuf(2,bytes,opt) + + // cachingMode is the Host Caching mode: None, Read Only, Read Write. + // +optional + cachingMode?: null | #AzureDataDiskCachingMode @go(CachingMode,*AzureDataDiskCachingMode) @protobuf(3,bytes,opt,casttype=AzureDataDiskCachingMode) + + // fsType is Filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: null | string @go(FSType,*string) @protobuf(4,bytes,opt) + + // readOnly Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(5,varint,opt) + + // kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared + kind?: null | #AzureDataDiskKind @go(Kind,*AzureDataDiskKind) @protobuf(6,bytes,opt,casttype=AzureDataDiskKind) +} + +// PortworxVolumeSource represents a Portworx volume resource. +#PortworxVolumeSource: { + // volumeID uniquely identifies a Portworx volume + volumeID: string @go(VolumeID) @protobuf(1,bytes,opt) + + // fSType represents the filesystem type to mount + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + fsType?: string @go(FSType) @protobuf(2,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) +} + +// ScaleIOVolumeSource represents a persistent ScaleIO volume +#ScaleIOVolumeSource: { + // gateway is the host address of the ScaleIO API Gateway. + gateway: string @go(Gateway) @protobuf(1,bytes,opt) + + // system is the name of the storage system as configured in ScaleIO. + system: string @go(System) @protobuf(2,bytes,opt) + + // secretRef references to the secret for ScaleIO user and other + // sensitive information. If this is not provided, Login operation will fail. + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(3,bytes,opt) + + // sslEnabled Flag enable/disable SSL communication with Gateway, default false + // +optional + sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) + + // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + // +optional + protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) + + // storagePool is the ScaleIO Storage Pool associated with the protection domain. + // +optional + storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) + + // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + // Default is ThinProvisioned. + // +optional + storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) + + // volumeName is the name of a volume already created in the ScaleIO system + // that is associated with this volume source. + volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". + // Default is "xfs". + // +optional + fsType?: string @go(FSType) @protobuf(9,bytes,opt) + + // readOnly Defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) +} + +// ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume +#ScaleIOPersistentVolumeSource: { + // gateway is the host address of the ScaleIO API Gateway. + gateway: string @go(Gateway) @protobuf(1,bytes,opt) + + // system is the name of the storage system as configured in ScaleIO. + system: string @go(System) @protobuf(2,bytes,opt) + + // secretRef references to the secret for ScaleIO user and other + // sensitive information. If this is not provided, Login operation will fail. + secretRef?: null | #SecretReference @go(SecretRef,*SecretReference) @protobuf(3,bytes,opt) + + // sslEnabled is the flag to enable/disable SSL communication with Gateway, default false + // +optional + sslEnabled?: bool @go(SSLEnabled) @protobuf(4,varint,opt) + + // protectionDomain is the name of the ScaleIO Protection Domain for the configured storage. + // +optional + protectionDomain?: string @go(ProtectionDomain) @protobuf(5,bytes,opt) + + // storagePool is the ScaleIO Storage Pool associated with the protection domain. + // +optional + storagePool?: string @go(StoragePool) @protobuf(6,bytes,opt) + + // storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + // Default is ThinProvisioned. + // +optional + storageMode?: string @go(StorageMode) @protobuf(7,bytes,opt) + + // volumeName is the name of a volume already created in the ScaleIO system + // that is associated with this volume source. + volumeName?: string @go(VolumeName) @protobuf(8,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". + // Default is "xfs" + // +optional + fsType?: string @go(FSType) @protobuf(9,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(10,varint,opt) +} + +// Represents a StorageOS persistent volume resource. +#StorageOSVolumeSource: { + // volumeName is the human-readable name of the StorageOS volume. Volume + // names are only unique within a namespace. + volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) + + // volumeNamespace specifies the scope of the volume within StorageOS. If no + // namespace is specified then the Pod's namespace will be used. This allows the + // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + // Set VolumeName to any name to override the default behaviour. + // Set to "default" if you are not using namespaces within StorageOS. + // Namespaces that do not pre-exist within StorageOS will be created. + // +optional + volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // secretRef specifies the secret to use for obtaining the StorageOS API + // credentials. If not specified, default values will be attempted. + // +optional + secretRef?: null | #LocalObjectReference @go(SecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) +} + +// Represents a StorageOS persistent volume resource. +#StorageOSPersistentVolumeSource: { + // volumeName is the human-readable name of the StorageOS volume. Volume + // names are only unique within a namespace. + volumeName?: string @go(VolumeName) @protobuf(1,bytes,opt) + + // volumeNamespace specifies the scope of the volume within StorageOS. If no + // namespace is specified then the Pod's namespace will be used. This allows the + // Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + // Set VolumeName to any name to override the default behaviour. + // Set to "default" if you are not using namespaces within StorageOS. + // Namespaces that do not pre-exist within StorageOS will be created. + // +optional + volumeNamespace?: string @go(VolumeNamespace) @protobuf(2,bytes,opt) + + // fsType is the filesystem type to mount. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + // +optional + fsType?: string @go(FSType) @protobuf(3,bytes,opt) + + // readOnly defaults to false (read/write). ReadOnly here will force + // the ReadOnly setting in VolumeMounts. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(4,varint,opt) + + // secretRef specifies the secret to use for obtaining the StorageOS API + // credentials. If not specified, default values will be attempted. + // +optional + secretRef?: null | #ObjectReference @go(SecretRef,*ObjectReference) @protobuf(5,bytes,opt) +} + +// Adapts a ConfigMap into a volume. +// +// The contents of the target ConfigMap's Data field will be presented in a +// volume as files using the keys in the Data field as the file names, unless +// the items element is populated with specific mappings of keys to paths. +// ConfigMap volumes support ownership management and SELinux relabeling. +#ConfigMapVolumeSource: { + #LocalObjectReference + + // items if unspecified, each key-value pair in the Data field of the referenced + // ConfigMap will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the ConfigMap, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // defaultMode is optional: mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // Defaults to 0644. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(3,varint,opt) + + // optional specify whether the ConfigMap or its keys must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +#ConfigMapVolumeSourceDefaultMode: int32 & 0o644 + +// Adapts a ConfigMap into a projected volume. +// +// The contents of the target ConfigMap's Data field will be presented in a +// projected volume as files using the keys in the Data field as the file names, +// unless the items element is populated with specific mappings of keys to paths. +// Note that this is identical to a configmap volume source without the default +// mode. +#ConfigMapProjection: { + #LocalObjectReference + + // items if unspecified, each key-value pair in the Data field of the referenced + // ConfigMap will be projected into the volume as a file whose name is the + // key and content is the value. If specified, the listed keys will be + // projected into the specified paths, and unlisted keys will not be + // present. If a key is specified which is not present in the ConfigMap, + // the volume setup will error unless it is marked optional. Paths must be + // relative and may not contain the '..' path or start with '..'. + // +optional + items?: [...#KeyToPath] @go(Items,[]KeyToPath) @protobuf(2,bytes,rep) + + // optional specify whether the ConfigMap or its keys must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(4,varint,opt) +} + +// ServiceAccountTokenProjection represents a projected service account token +// volume. This projection can be used to insert a service account token into +// the pods runtime filesystem for use against APIs (Kubernetes API Server or +// otherwise). +#ServiceAccountTokenProjection: { + // audience is the intended audience of the token. A recipient of a token + // must identify itself with an identifier specified in the audience of the + // token, and otherwise should reject the token. The audience defaults to the + // identifier of the apiserver. + // +optional + audience?: string @go(Audience) @protobuf(1,bytes,rep) + + // expirationSeconds is the requested duration of validity of the service + // account token. As the token approaches expiration, the kubelet volume + // plugin will proactively rotate the service account token. The kubelet will + // start trying to rotate the token if the token is older than 80 percent of + // its time to live or if the token is older than 24 hours.Defaults to 1 hour + // and must be at least 10 minutes. + // +optional + expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(2,varint,opt) + + // path is the path relative to the mount point of the file to project the + // token into. + path: string @go(Path) @protobuf(3,bytes,opt) +} + +// Represents a projected volume source +#ProjectedVolumeSource: { + // sources is the list of volume projections + // +optional + sources: [...#VolumeProjection] @go(Sources,[]VolumeProjection) @protobuf(1,bytes,rep) + + // defaultMode are the mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) +} + +// Projection that may be projected along with other supported volume types +#VolumeProjection: { + // secret information about the secret data to project + // +optional + secret?: null | #SecretProjection @go(Secret,*SecretProjection) @protobuf(1,bytes,opt) + + // downwardAPI information about the downwardAPI data to project + // +optional + downwardAPI?: null | #DownwardAPIProjection @go(DownwardAPI,*DownwardAPIProjection) @protobuf(2,bytes,opt) + + // configMap information about the configMap data to project + // +optional + configMap?: null | #ConfigMapProjection @go(ConfigMap,*ConfigMapProjection) @protobuf(3,bytes,opt) + + // serviceAccountToken is information about the serviceAccountToken data to project + // +optional + serviceAccountToken?: null | #ServiceAccountTokenProjection @go(ServiceAccountToken,*ServiceAccountTokenProjection) @protobuf(4,bytes,opt) +} + +#ProjectedVolumeSourceDefaultMode: int32 & 0o644 + +// Maps a string key to a path within a volume. +#KeyToPath: { + // key is the key to project. + key: string @go(Key) @protobuf(1,bytes,opt) + + // path is the relative path of the file to map the key to. + // May not be an absolute path. + // May not contain the path element '..'. + // May not start with the string '..'. + path: string @go(Path) @protobuf(2,bytes,opt) + + // mode is Optional: mode bits used to set permissions on this file. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // If not specified, the volume defaultMode will be used. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + mode?: null | int32 @go(Mode,*int32) @protobuf(3,varint,opt) +} + +// Local represents directly-attached storage with node affinity (Beta feature) +#LocalVolumeSource: { + // path of the full path to the volume on the node. + // It can be either a directory or block device (disk, partition, ...). + path: string @go(Path) @protobuf(1,bytes,opt) + + // fsType is the filesystem type to mount. + // It applies only when the Path is a block device. + // Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified. + // +optional + fsType?: null | string @go(FSType,*string) @protobuf(2,bytes,opt) +} + +// Represents storage that is managed by an external CSI volume driver (Beta feature) +#CSIPersistentVolumeSource: { + // driver is the name of the driver to use for this volume. + // Required. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // volumeHandle is the unique volume name returned by the CSI volume + // plugin’s CreateVolume to refer to the volume on all subsequent calls. + // Required. + volumeHandle: string @go(VolumeHandle) @protobuf(2,bytes,opt) + + // readOnly value to pass to ControllerPublishVolumeRequest. + // Defaults to false (read/write). + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(3,varint,opt) + + // fsType to mount. Must be a filesystem type supported by the host operating system. + // Ex. "ext4", "xfs", "ntfs". + // +optional + fsType?: string @go(FSType) @protobuf(4,bytes,opt) + + // volumeAttributes of the volume to publish. + // +optional + volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(5,bytes,rep) + + // controllerPublishSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // ControllerPublishVolume and ControllerUnpublishVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + controllerPublishSecretRef?: null | #SecretReference @go(ControllerPublishSecretRef,*SecretReference) @protobuf(6,bytes,opt) + + // nodeStageSecretRef is a reference to the secret object containing sensitive + // information to pass to the CSI driver to complete the CSI NodeStageVolume + // and NodeStageVolume and NodeUnstageVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + nodeStageSecretRef?: null | #SecretReference @go(NodeStageSecretRef,*SecretReference) @protobuf(7,bytes,opt) + + // nodePublishSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // NodePublishVolume and NodeUnpublishVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + nodePublishSecretRef?: null | #SecretReference @go(NodePublishSecretRef,*SecretReference) @protobuf(8,bytes,opt) + + // controllerExpandSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // ControllerExpandVolume call. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +optional + controllerExpandSecretRef?: null | #SecretReference @go(ControllerExpandSecretRef,*SecretReference) @protobuf(9,bytes,opt) + + // nodeExpandSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // NodeExpandVolume call. + // This is a beta field which is enabled default by CSINodeExpandSecret feature gate. + // This field is optional, may be omitted if no secret is required. If the + // secret object contains more than one secret, all secrets are passed. + // +featureGate=CSINodeExpandSecret + // +optional + nodeExpandSecretRef?: null | #SecretReference @go(NodeExpandSecretRef,*SecretReference) @protobuf(10,bytes,opt) +} + +// Represents a source location of a volume to mount, managed by an external CSI driver +#CSIVolumeSource: { + // driver is the name of the CSI driver that handles this volume. + // Consult with your admin for the correct name as registered in the cluster. + driver: string @go(Driver) @protobuf(1,bytes,opt) + + // readOnly specifies a read-only configuration for the volume. + // Defaults to false (read/write). + // +optional + readOnly?: null | bool @go(ReadOnly,*bool) @protobuf(2,varint,opt) + + // fsType to mount. Ex. "ext4", "xfs", "ntfs". + // If not provided, the empty value is passed to the associated CSI driver + // which will determine the default filesystem to apply. + // +optional + fsType?: null | string @go(FSType,*string) @protobuf(3,bytes,opt) + + // volumeAttributes stores driver-specific properties that are passed to the CSI + // driver. Consult your driver's documentation for supported values. + // +optional + volumeAttributes?: {[string]: string} @go(VolumeAttributes,map[string]string) @protobuf(4,bytes,rep) + + // nodePublishSecretRef is a reference to the secret object containing + // sensitive information to pass to the CSI driver to complete the CSI + // NodePublishVolume and NodeUnpublishVolume calls. + // This field is optional, and may be empty if no secret is required. If the + // secret object contains more than one secret, all secret references are passed. + // +optional + nodePublishSecretRef?: null | #LocalObjectReference @go(NodePublishSecretRef,*LocalObjectReference) @protobuf(5,bytes,opt) +} + +// Represents an ephemeral volume that is handled by a normal storage driver. +#EphemeralVolumeSource: { + // Will be used to create a stand-alone PVC to provision the volume. + // The pod in which this EphemeralVolumeSource is embedded will be the + // owner of the PVC, i.e. the PVC will be deleted together with the + // pod. The name of the PVC will be `-` where + // `` is the name from the `PodSpec.Volumes` array + // entry. Pod validation will reject the pod if the concatenated name + // is not valid for a PVC (for example, too long). + // + // An existing PVC with that name that is not owned by the pod + // will *not* be used for the pod to avoid using an unrelated + // volume by mistake. Starting the pod is then blocked until + // the unrelated PVC is removed. If such a pre-created PVC is + // meant to be used by the pod, the PVC has to updated with an + // owner reference to the pod once the pod exists. Normally + // this should not be necessary, but it may be useful when + // manually reconstructing a broken cluster. + // + // This field is read-only and no changes will be made by Kubernetes + // to the PVC after it has been created. + // + // Required, must not be nil. + volumeClaimTemplate?: null | #PersistentVolumeClaimTemplate @go(VolumeClaimTemplate,*PersistentVolumeClaimTemplate) @protobuf(1,bytes,opt) +} + +// PersistentVolumeClaimTemplate is used to produce +// PersistentVolumeClaim objects as part of an EphemeralVolumeSource. +#PersistentVolumeClaimTemplate: { + // May contain labels and annotations that will be copied into the PVC + // when creating it. No other fields are allowed and will be rejected during + // validation. + // + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The specification for the PersistentVolumeClaim. The entire content is + // copied unchanged into the PVC that gets created from this + // template. The same fields as in a PersistentVolumeClaim + // are also valid here. + spec: #PersistentVolumeClaimSpec @go(Spec) @protobuf(2,bytes) +} + +// ContainerPort represents a network port in a single container. +#ContainerPort: { + // If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + // named port in a pod must have a unique name. Name for the port that can be + // referred to by services. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // Number of port to expose on the host. + // If specified, this must be a valid port number, 0 < x < 65536. + // If HostNetwork is specified, this must match ContainerPort. + // Most containers do not need this. + // +optional + hostPort?: int32 @go(HostPort) @protobuf(2,varint,opt) + + // Number of port to expose on the pod's IP address. + // This must be a valid port number, 0 < x < 65536. + containerPort: int32 @go(ContainerPort) @protobuf(3,varint,opt) + + // Protocol for port. Must be UDP, TCP, or SCTP. + // Defaults to "TCP". + // +optional + // +default="TCP" + protocol?: #Protocol @go(Protocol) @protobuf(4,bytes,opt,casttype=Protocol) + + // What host IP to bind the external port to. + // +optional + hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) +} + +// VolumeMount describes a mounting of a Volume within a container. +#VolumeMount: { + // This must match the Name of a Volume. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Mounted read-only if true, read-write otherwise (false or unspecified). + // Defaults to false. + // +optional + readOnly?: bool @go(ReadOnly) @protobuf(2,varint,opt) + + // Path within the container at which the volume should be mounted. Must + // not contain ':'. + mountPath: string @go(MountPath) @protobuf(3,bytes,opt) + + // Path within the volume from which the container's volume should be mounted. + // Defaults to "" (volume's root). + // +optional + subPath?: string @go(SubPath) @protobuf(4,bytes,opt) + + // mountPropagation determines how mounts are propagated from the host + // to container and the other way around. + // When not set, MountPropagationNone is used. + // This field is beta in 1.10. + // +optional + mountPropagation?: null | #MountPropagationMode @go(MountPropagation,*MountPropagationMode) @protobuf(5,bytes,opt,casttype=MountPropagationMode) + + // Expanded path within the volume from which the container's volume should be mounted. + // Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + // Defaults to "" (volume's root). + // SubPathExpr and SubPath are mutually exclusive. + // +optional + subPathExpr?: string @go(SubPathExpr) @protobuf(6,bytes,opt) +} + +// MountPropagationMode describes mount propagation. +// +enum +#MountPropagationMode: string // #enumMountPropagationMode + +#enumMountPropagationMode: + #MountPropagationNone | + #MountPropagationHostToContainer | + #MountPropagationBidirectional + +// MountPropagationNone means that the volume in a container will +// not receive new mounts from the host or other containers, and filesystems +// mounted inside the container won't be propagated to the host or other +// containers. +// Note that this mode corresponds to "private" in Linux terminology. +#MountPropagationNone: #MountPropagationMode & "None" + +// MountPropagationHostToContainer means that the volume in a container will +// receive new mounts from the host or other containers, but filesystems +// mounted inside the container won't be propagated to the host or other +// containers. +// Note that this mode is recursively applied to all mounts in the volume +// ("rslave" in Linux terminology). +#MountPropagationHostToContainer: #MountPropagationMode & "HostToContainer" + +// MountPropagationBidirectional means that the volume in a container will +// receive new mounts from the host or other containers, and its own mounts +// will be propagated from the container to the host or other containers. +// Note that this mode is recursively applied to all mounts in the volume +// ("rshared" in Linux terminology). +#MountPropagationBidirectional: #MountPropagationMode & "Bidirectional" + +// volumeDevice describes a mapping of a raw block device within a container. +#VolumeDevice: { + // name must match the name of a persistentVolumeClaim in the pod + name: string @go(Name) @protobuf(1,bytes,opt) + + // devicePath is the path inside of the container that the device will be mapped to. + devicePath: string @go(DevicePath) @protobuf(2,bytes,opt) +} + +// EnvVar represents an environment variable present in a Container. +#EnvVar: { + // Name of the environment variable. Must be a C_IDENTIFIER. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Variable references $(VAR_NAME) are expanded + // using the previously defined environment variables in the container and + // any service environment variables. If a variable cannot be resolved, + // the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + // Escaped references will never be expanded, regardless of whether the variable + // exists or not. + // Defaults to "". + // +optional + value?: string @go(Value) @protobuf(2,bytes,opt) + + // Source for the environment variable's value. Cannot be used if value is not empty. + // +optional + valueFrom?: null | #EnvVarSource @go(ValueFrom,*EnvVarSource) @protobuf(3,bytes,opt) +} + +// EnvVarSource represents a source for the value of an EnvVar. +#EnvVarSource: { + // Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + // spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + // +optional + fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(1,bytes,opt) + + // Selects a resource of the container: only resources limits and requests + // (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + // +optional + resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(2,bytes,opt) + + // Selects a key of a ConfigMap. + // +optional + configMapKeyRef?: null | #ConfigMapKeySelector @go(ConfigMapKeyRef,*ConfigMapKeySelector) @protobuf(3,bytes,opt) + + // Selects a key of a secret in the pod's namespace + // +optional + secretKeyRef?: null | #SecretKeySelector @go(SecretKeyRef,*SecretKeySelector) @protobuf(4,bytes,opt) +} + +// ObjectFieldSelector selects an APIVersioned field of an object. +// +structType=atomic +#ObjectFieldSelector: { + // Version of the schema the FieldPath is written in terms of, defaults to "v1". + // +optional + apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) + + // Path of the field to select in the specified API version. + fieldPath: string @go(FieldPath) @protobuf(2,bytes,opt) +} + +// ResourceFieldSelector represents container resources (cpu, memory) and their output format +// +structType=atomic +#ResourceFieldSelector: { + // Container name: required for volumes, optional for env vars + // +optional + containerName?: string @go(ContainerName) @protobuf(1,bytes,opt) + + // Required: resource to select + "resource": string @go(Resource) @protobuf(2,bytes,opt) + + // Specifies the output format of the exposed resources, defaults to "1" + // +optional + divisor?: resource.#Quantity @go(Divisor) @protobuf(3,bytes,opt) +} + +// Selects a key from a ConfigMap. +// +structType=atomic +#ConfigMapKeySelector: { + #LocalObjectReference + + // The key to select. + key: string @go(Key) @protobuf(2,bytes,opt) + + // Specify whether the ConfigMap or its key must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) +} + +// SecretKeySelector selects a key of a Secret. +// +structType=atomic +#SecretKeySelector: { + #LocalObjectReference + + // The key of the secret to select from. Must be a valid secret key. + key: string @go(Key) @protobuf(2,bytes,opt) + + // Specify whether the Secret or its key must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(3,varint,opt) +} + +// EnvFromSource represents the source of a set of ConfigMaps +#EnvFromSource: { + // An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + // +optional + prefix?: string @go(Prefix) @protobuf(1,bytes,opt) + + // The ConfigMap to select from + // +optional + configMapRef?: null | #ConfigMapEnvSource @go(ConfigMapRef,*ConfigMapEnvSource) @protobuf(2,bytes,opt) + + // The Secret to select from + // +optional + secretRef?: null | #SecretEnvSource @go(SecretRef,*SecretEnvSource) @protobuf(3,bytes,opt) +} + +// ConfigMapEnvSource selects a ConfigMap to populate the environment +// variables with. +// +// The contents of the target ConfigMap's Data field will represent the +// key-value pairs as environment variables. +#ConfigMapEnvSource: { + #LocalObjectReference + + // Specify whether the ConfigMap must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) +} + +// SecretEnvSource selects a Secret to populate the environment +// variables with. +// +// The contents of the target Secret's Data field will represent the +// key-value pairs as environment variables. +#SecretEnvSource: { + #LocalObjectReference + + // Specify whether the Secret must be defined + // +optional + optional?: null | bool @go(Optional,*bool) @protobuf(2,varint,opt) +} + +// HTTPHeader describes a custom header to be used in HTTP probes +#HTTPHeader: { + // The header field name. + // This will be canonicalized upon output, so case-variant names will be understood as the same header. + name: string @go(Name) @protobuf(1,bytes,opt) + + // The header field value + value: string @go(Value) @protobuf(2,bytes,opt) +} + +// HTTPGetAction describes an action based on HTTP Get requests. +#HTTPGetAction: { + // Path to access on the HTTP server. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) + + // Name or number of the port to access on the container. + // Number must be in the range 1 to 65535. + // Name must be an IANA_SVC_NAME. + port: intstr.#IntOrString @go(Port) @protobuf(2,bytes,opt) + + // Host name to connect to, defaults to the pod IP. You probably want to set + // "Host" in httpHeaders instead. + // +optional + host?: string @go(Host) @protobuf(3,bytes,opt) + + // Scheme to use for connecting to the host. + // Defaults to HTTP. + // +optional + scheme?: #URIScheme @go(Scheme) @protobuf(4,bytes,opt,casttype=URIScheme) + + // Custom headers to set in the request. HTTP allows repeated headers. + // +optional + httpHeaders?: [...#HTTPHeader] @go(HTTPHeaders,[]HTTPHeader) @protobuf(5,bytes,rep) +} + +// URIScheme identifies the scheme used for connection to a host for Get actions +// +enum +#URIScheme: string // #enumURIScheme + +#enumURIScheme: + #URISchemeHTTP | + #URISchemeHTTPS + +// URISchemeHTTP means that the scheme used will be http:// +#URISchemeHTTP: #URIScheme & "HTTP" + +// URISchemeHTTPS means that the scheme used will be https:// +#URISchemeHTTPS: #URIScheme & "HTTPS" + +// TCPSocketAction describes an action based on opening a socket +#TCPSocketAction: { + // Number or name of the port to access on the container. + // Number must be in the range 1 to 65535. + // Name must be an IANA_SVC_NAME. + port: intstr.#IntOrString @go(Port) @protobuf(1,bytes,opt) + + // Optional: Host name to connect to, defaults to the pod IP. + // +optional + host?: string @go(Host) @protobuf(2,bytes,opt) +} + +#GRPCAction: { + // Port number of the gRPC service. Number must be in the range 1 to 65535. + port: int32 @go(Port) @protobuf(1,bytes,opt) + + // Service is the name of the service to place in the gRPC HealthCheckRequest + // (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + // + // If this is not specified, the default behavior is defined by gRPC. + // +optional + // +default="" + service?: null | string @go(Service,*string) @protobuf(2,bytes,opt) +} + +// ExecAction describes a "run in container" action. +#ExecAction: { + // Command is the command line to execute inside the container, the working directory for the + // command is root ('/') in the container's filesystem. The command is simply exec'd, it is + // not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + // a shell, you need to explicitly call out to that shell. + // Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + // +optional + command?: [...string] @go(Command,[]string) @protobuf(1,bytes,rep) +} + +// Probe describes a health check to be performed against a container to determine whether it is +// alive or ready to receive traffic. +#Probe: { + #ProbeHandler + + // Number of seconds after the container has started before liveness probes are initiated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + initialDelaySeconds?: int32 @go(InitialDelaySeconds) @protobuf(2,varint,opt) + + // Number of seconds after which the probe times out. + // Defaults to 1 second. Minimum value is 1. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + timeoutSeconds?: int32 @go(TimeoutSeconds) @protobuf(3,varint,opt) + + // How often (in seconds) to perform the probe. + // Default to 10 seconds. Minimum value is 1. + // +optional + periodSeconds?: int32 @go(PeriodSeconds) @protobuf(4,varint,opt) + + // Minimum consecutive successes for the probe to be considered successful after having failed. + // Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + // +optional + successThreshold?: int32 @go(SuccessThreshold) @protobuf(5,varint,opt) + + // Minimum consecutive failures for the probe to be considered failed after having succeeded. + // Defaults to 3. Minimum value is 1. + // +optional + failureThreshold?: int32 @go(FailureThreshold) @protobuf(6,varint,opt) + + // Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + // The grace period is the duration in seconds after the processes running in the pod are sent + // a termination signal and the time when the processes are forcibly halted with a kill signal. + // Set this value longer than the expected cleanup time for your process. + // If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + // value overrides the value provided by the pod spec. + // Value must be non-negative integer. The value zero indicates stop immediately via + // the kill signal (no opportunity to shut down). + // This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + // Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + // +optional + terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(7,varint,opt) +} + +// PullPolicy describes a policy for if/when to pull a container image +// +enum +#PullPolicy: string // #enumPullPolicy + +#enumPullPolicy: + #PullAlways | + #PullNever | + #PullIfNotPresent + +// PullAlways means that kubelet always attempts to pull the latest image. Container will fail If the pull fails. +#PullAlways: #PullPolicy & "Always" + +// PullNever means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present +#PullNever: #PullPolicy & "Never" + +// PullIfNotPresent means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails. +#PullIfNotPresent: #PullPolicy & "IfNotPresent" + +// ResourceResizeRestartPolicy specifies how to handle container resource resize. +#ResourceResizeRestartPolicy: string // #enumResourceResizeRestartPolicy + +#enumResourceResizeRestartPolicy: + #NotRequired | + #RestartContainer + +// 'NotRequired' means Kubernetes will try to resize the container +// without restarting it, if possible. Kubernetes may however choose to +// restart the container if it is unable to actuate resize without a +// restart. For e.g. the runtime doesn't support restart-free resizing. +#NotRequired: #ResourceResizeRestartPolicy & "NotRequired" + +// 'RestartContainer' means Kubernetes will resize the container in-place +// by stopping and starting the container when new resources are applied. +// This is needed for legacy applications. For e.g. java apps using the +// -xmxN flag which are unable to use resized memory without restarting. +#RestartContainer: #ResourceResizeRestartPolicy & "RestartContainer" + +// ContainerResizePolicy represents resource resize policy for the container. +#ContainerResizePolicy: { + // Name of the resource to which this resource resize policy applies. + // Supported values: cpu, memory. + resourceName: #ResourceName @go(ResourceName) @protobuf(1,bytes,opt,casttype=ResourceName) + + // Restart policy to apply when specified resource is resized. + // If not specified, it defaults to NotRequired. + restartPolicy: #ResourceResizeRestartPolicy @go(RestartPolicy) @protobuf(2,bytes,opt,casttype=ResourceResizeRestartPolicy) +} + +// PreemptionPolicy describes a policy for if/when to preempt a pod. +// +enum +#PreemptionPolicy: string // #enumPreemptionPolicy + +#enumPreemptionPolicy: + #PreemptLowerPriority | + #PreemptNever + +// PreemptLowerPriority means that pod can preempt other pods with lower priority. +#PreemptLowerPriority: #PreemptionPolicy & "PreemptLowerPriority" + +// PreemptNever means that pod never preempts other pods with lower priority. +#PreemptNever: #PreemptionPolicy & "Never" + +// TerminationMessagePolicy describes how termination messages are retrieved from a container. +// +enum +#TerminationMessagePolicy: string // #enumTerminationMessagePolicy + +#enumTerminationMessagePolicy: + #TerminationMessageReadFile | + #TerminationMessageFallbackToLogsOnError + +// TerminationMessageReadFile is the default behavior and will set the container status message to +// the contents of the container's terminationMessagePath when the container exits. +#TerminationMessageReadFile: #TerminationMessagePolicy & "File" + +// TerminationMessageFallbackToLogsOnError will read the most recent contents of the container logs +// for the container status message when the container exits with an error and the +// terminationMessagePath has no contents. +#TerminationMessageFallbackToLogsOnError: #TerminationMessagePolicy & "FallbackToLogsOnError" + +// Capability represent POSIX capabilities type +#Capability: string + +// Adds and removes POSIX capabilities from running containers. +#Capabilities: { + // Added capabilities + // +optional + add?: [...#Capability] @go(Add,[]Capability) @protobuf(1,bytes,rep,casttype=Capability) + + // Removed capabilities + // +optional + drop?: [...#Capability] @go(Drop,[]Capability) @protobuf(2,bytes,rep,casttype=Capability) +} + +// ResourceRequirements describes the compute resource requirements. +#ResourceRequirements: { + // Limits describes the maximum amount of compute resources allowed. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + limits?: #ResourceList @go(Limits) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Requests describes the minimum amount of compute resources required. + // If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + // otherwise to an implementation-defined value. Requests cannot exceed Limits. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + requests?: #ResourceList @go(Requests) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Claims lists the names of resources, defined in spec.resourceClaims, + // that are used by this container. + // + // This is an alpha field and requires enabling the + // DynamicResourceAllocation feature gate. + // + // This field is immutable. It can only be set for containers. + // + // +listType=map + // +listMapKey=name + // +featureGate=DynamicResourceAllocation + // +optional + claims?: [...#ResourceClaim] @go(Claims,[]ResourceClaim) @protobuf(3,bytes,opt) +} + +// ResourceClaim references one entry in PodSpec.ResourceClaims. +#ResourceClaim: { + // Name must match the name of one entry in pod.spec.resourceClaims of + // the Pod where this field is used. It makes that resource available + // inside a container. + name: string @go(Name) @protobuf(1,bytes,opt) +} + +// TerminationMessagePathDefault means the default path to capture the application termination message running in a container +#TerminationMessagePathDefault: "/dev/termination-log" + +// A single application container that you want to run within a pod. +#Container: { + // Name of the container specified as a DNS_LABEL. + // Each container in a pod must have a unique name (DNS_LABEL). + // Cannot be updated. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Container image name. + // More info: https://kubernetes.io/docs/concepts/containers/images + // This field is optional to allow higher level config management to default or override + // container images in workload controllers like Deployments and StatefulSets. + // +optional + image?: string @go(Image) @protobuf(2,bytes,opt) + + // Entrypoint array. Not executed within a shell. + // The container image's ENTRYPOINT is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) + + // Arguments to the entrypoint. + // The container image's CMD is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) + + // Container's working directory. + // If not specified, the container runtime's default will be used, which + // might be configured in the container image. + // Cannot be updated. + // +optional + workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) + + // List of ports to expose from the container. Not specifying a port here + // DOES NOT prevent that port from being exposed. Any port which is + // listening on the default "0.0.0.0" address inside a container will be + // accessible from the network. + // Modifying this array with strategic merge patch may corrupt the data. + // For more information See https://github.com/kubernetes/kubernetes/issues/108255. + // Cannot be updated. + // +optional + // +patchMergeKey=containerPort + // +patchStrategy=merge + // +listType=map + // +listMapKey=containerPort + // +listMapKey=protocol + ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) + + // List of sources to populate environment variables in the container. + // The keys defined within a source must be a C_IDENTIFIER. All invalid keys + // will be reported as an event when the container is starting. When a key exists in multiple + // sources, the value associated with the last source will take precedence. + // Values defined by an Env with a duplicate key will take precedence. + // Cannot be updated. + // +optional + envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) + + // List of environment variables to set in the container. + // Cannot be updated. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) + + // Compute Resources required by this container. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + // +optional + resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) + + // Resources resize policy for the container. + // +featureGate=InPlacePodVerticalScaling + // +optional + // +listType=atomic + resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) + + // RestartPolicy defines the restart behavior of individual containers in a pod. + // This field may only be set for init containers, and the only allowed value is "Always". + // For non-init containers or when this field is not specified, + // the restart behavior is defined by the Pod's restart policy and the container type. + // Setting the RestartPolicy as "Always" for the init container will have the following effect: + // this init container will be continually restarted on + // exit until all regular containers have terminated. Once all regular + // containers have completed, all init containers with restartPolicy "Always" + // will be shut down. This lifecycle differs from normal init containers and + // is often referred to as a "sidecar" container. Although this init + // container still starts in the init container sequence, it does not wait + // for the container to complete before proceeding to the next init + // container. Instead, the next init container starts immediately after this + // init container is started, or after any startupProbe has successfully + // completed. + // +featureGate=SidecarContainers + // +optional + restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) + + // Pod volumes to mount into the container's filesystem. + // Cannot be updated. + // +optional + // +patchMergeKey=mountPath + // +patchStrategy=merge + volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) + + // volumeDevices is the list of block devices to be used by the container. + // +patchMergeKey=devicePath + // +patchStrategy=merge + // +optional + volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) + + // Periodic probe of container liveness. + // Container will be restarted if the probe fails. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) + + // Periodic probe of container service readiness. + // Container will be removed from service endpoints if the probe fails. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) + + // StartupProbe indicates that the Pod has successfully initialized. + // If specified, no other probes are executed until this completes successfully. + // If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + // This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + // when it might take a long time to load data or warm a cache, than during steady-state operation. + // This cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + // +optional + startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) + + // Actions that the management system should take in response to container lifecycle events. + // Cannot be updated. + // +optional + lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) + + // Optional: Path at which the file to which the container's termination message + // will be written is mounted into the container's filesystem. + // Message written is intended to be brief final status, such as an assertion failure message. + // Will be truncated by the node if greater than 4096 bytes. The total message length across + // all containers will be limited to 12kb. + // Defaults to /dev/termination-log. + // Cannot be updated. + // +optional + terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) + + // Indicate how the termination message should be populated. File will use the contents of + // terminationMessagePath to populate the container status message on both success and failure. + // FallbackToLogsOnError will use the last chunk of container log output if the termination + // message file is empty and the container exited with an error. + // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + // Defaults to File. + // Cannot be updated. + // +optional + terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) + + // Image pull policy. + // One of Always, Never, IfNotPresent. + // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + // +optional + imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) + + // SecurityContext defines the security options the container should be run with. + // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + // More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + // +optional + securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) + + // Whether this container should allocate a buffer for stdin in the container runtime. If this + // is not set, reads from stdin in the container will always result in EOF. + // Default is false. + // +optional + stdin?: bool @go(Stdin) @protobuf(16,varint,opt) + + // Whether the container runtime should close the stdin channel after it has been opened by + // a single attach. When stdin is true the stdin stream will remain open across multiple attach + // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + // first client attaches to stdin, and then remains open and accepts data until the client disconnects, + // at which time stdin is closed and remains closed until the container is restarted. If this + // flag is false, a container processes that reads from stdin will never receive an EOF. + // Default is false + // +optional + stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) + + // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + // Default is false. + // +optional + tty?: bool @go(TTY) @protobuf(18,varint,opt) +} + +// ProbeHandler defines a specific action that should be taken in a probe. +// One and only one of the fields must be specified. +#ProbeHandler: { + // Exec specifies the action to take. + // +optional + exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) + + // HTTPGet specifies the http request to perform. + // +optional + httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) + + // TCPSocket specifies an action involving a TCP port. + // +optional + tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) + + // GRPC specifies an action involving a GRPC port. + // +optional + grpc?: null | #GRPCAction @go(GRPC,*GRPCAction) @protobuf(4,bytes,opt) +} + +// LifecycleHandler defines a specific action that should be taken in a lifecycle +// hook. One and only one of the fields, except TCPSocket must be specified. +#LifecycleHandler: { + // Exec specifies the action to take. + // +optional + exec?: null | #ExecAction @go(Exec,*ExecAction) @protobuf(1,bytes,opt) + + // HTTPGet specifies the http request to perform. + // +optional + httpGet?: null | #HTTPGetAction @go(HTTPGet,*HTTPGetAction) @protobuf(2,bytes,opt) + + // Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + // for the backward compatibility. There are no validation of this field and + // lifecycle hooks will fail in runtime when tcp handler is specified. + // +optional + tcpSocket?: null | #TCPSocketAction @go(TCPSocket,*TCPSocketAction) @protobuf(3,bytes,opt) +} + +// Lifecycle describes actions that the management system should take in response to container lifecycle +// events. For the PostStart and PreStop lifecycle handlers, management of the container blocks +// until the action is complete, unless the container process fails, in which case the handler is aborted. +#Lifecycle: { + // PostStart is called immediately after a container is created. If the handler fails, + // the container is terminated and restarted according to its restart policy. + // Other management of the container blocks until the hook completes. + // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + // +optional + postStart?: null | #LifecycleHandler @go(PostStart,*LifecycleHandler) @protobuf(1,bytes,opt) + + // PreStop is called immediately before a container is terminated due to an + // API request or management event such as liveness/startup probe failure, + // preemption, resource contention, etc. The handler is not called if the + // container crashes or exits. The Pod's termination grace period countdown begins before the + // PreStop hook is executed. Regardless of the outcome of the handler, the + // container will eventually terminate within the Pod's termination grace + // period (unless delayed by finalizers). Other management of the container blocks until the hook completes + // or until the termination grace period is reached. + // More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + // +optional + preStop?: null | #LifecycleHandler @go(PreStop,*LifecycleHandler) @protobuf(2,bytes,opt) +} + +#ConditionStatus: string // #enumConditionStatus + +#enumConditionStatus: + #ConditionTrue | + #ConditionFalse | + #ConditionUnknown + +#ConditionTrue: #ConditionStatus & "True" +#ConditionFalse: #ConditionStatus & "False" +#ConditionUnknown: #ConditionStatus & "Unknown" + +// ContainerStateWaiting is a waiting state of a container. +#ContainerStateWaiting: { + // (brief) reason the container is not yet running. + // +optional + reason?: string @go(Reason) @protobuf(1,bytes,opt) + + // Message regarding why the container is not yet running. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) +} + +// ContainerStateRunning is a running state of a container. +#ContainerStateRunning: { + // Time at which the container was last (re-)started + // +optional + startedAt?: metav1.#Time @go(StartedAt) @protobuf(1,bytes,opt) +} + +// ContainerStateTerminated is a terminated state of a container. +#ContainerStateTerminated: { + // Exit status from the last termination of the container + exitCode: int32 @go(ExitCode) @protobuf(1,varint,opt) + + // Signal from the last termination of the container + // +optional + signal?: int32 @go(Signal) @protobuf(2,varint,opt) + + // (brief) reason from the last termination of the container + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // Message regarding the last termination of the container + // +optional + message?: string @go(Message) @protobuf(4,bytes,opt) + + // Time at which previous execution of the container started + // +optional + startedAt?: metav1.#Time @go(StartedAt) @protobuf(5,bytes,opt) + + // Time at which the container last terminated + // +optional + finishedAt?: metav1.#Time @go(FinishedAt) @protobuf(6,bytes,opt) + + // Container's ID in the format '://' + // +optional + containerID?: string @go(ContainerID) @protobuf(7,bytes,opt) +} + +// ContainerState holds a possible state of container. +// Only one of its members may be specified. +// If none of them is specified, the default one is ContainerStateWaiting. +#ContainerState: { + // Details about a waiting container + // +optional + waiting?: null | #ContainerStateWaiting @go(Waiting,*ContainerStateWaiting) @protobuf(1,bytes,opt) + + // Details about a running container + // +optional + running?: null | #ContainerStateRunning @go(Running,*ContainerStateRunning) @protobuf(2,bytes,opt) + + // Details about a terminated container + // +optional + terminated?: null | #ContainerStateTerminated @go(Terminated,*ContainerStateTerminated) @protobuf(3,bytes,opt) +} + +// ContainerStatus contains details for the current status of this container. +#ContainerStatus: { + // Name is a DNS_LABEL representing the unique name of the container. + // Each container in a pod must have a unique name across all container types. + // Cannot be updated. + name: string @go(Name) @protobuf(1,bytes,opt) + + // State holds details about the container's current condition. + // +optional + state?: #ContainerState @go(State) @protobuf(2,bytes,opt) + + // LastTerminationState holds the last termination state of the container to + // help debug container crashes and restarts. This field is not + // populated if the container is still running and RestartCount is 0. + // +optional + lastState?: #ContainerState @go(LastTerminationState) @protobuf(3,bytes,opt) + + // Ready specifies whether the container is currently passing its readiness check. + // The value will change as readiness probes keep executing. If no readiness + // probes are specified, this field defaults to true once the container is + // fully started (see Started field). + // + // The value is typically used to determine whether a container is ready to + // accept traffic. + ready: bool @go(Ready) @protobuf(4,varint,opt) + + // RestartCount holds the number of times the container has been restarted. + // Kubelet makes an effort to always increment the value, but there + // are cases when the state may be lost due to node restarts and then the value + // may be reset to 0. The value is never negative. + restartCount: int32 @go(RestartCount) @protobuf(5,varint,opt) + + // Image is the name of container image that the container is running. + // The container image may not match the image used in the PodSpec, + // as it may have been resolved by the runtime. + // More info: https://kubernetes.io/docs/concepts/containers/images. + image: string @go(Image) @protobuf(6,bytes,opt) + + // ImageID is the image ID of the container's image. The image ID may not + // match the image ID of the image used in the PodSpec, as it may have been + // resolved by the runtime. + imageID: string @go(ImageID) @protobuf(7,bytes,opt) + + // ContainerID is the ID of the container in the format '://'. + // Where type is a container runtime identifier, returned from Version call of CRI API + // (for example "containerd"). + // +optional + containerID?: string @go(ContainerID) @protobuf(8,bytes,opt) + + // Started indicates whether the container has finished its postStart lifecycle hook + // and passed its startup probe. + // Initialized as false, becomes true after startupProbe is considered + // successful. Resets to false when the container is restarted, or if kubelet + // loses state temporarily. In both cases, startup probes will run again. + // Is always true when no startupProbe is defined and container is running and + // has passed the postStart lifecycle hook. The null value must be treated the + // same as false. + // +optional + started?: null | bool @go(Started,*bool) @protobuf(9,varint,opt) + + // AllocatedResources represents the compute resources allocated for this container by the + // node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission + // and after successfully admitting desired pod resize. + // +featureGate=InPlacePodVerticalScaling + // +optional + allocatedResources?: #ResourceList @go(AllocatedResources) @protobuf(10,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Resources represents the compute resource requests and limits that have been successfully + // enacted on the running container after it has been started or has been successfully resized. + // +featureGate=InPlacePodVerticalScaling + // +optional + resources?: null | #ResourceRequirements @go(Resources,*ResourceRequirements) @protobuf(11,bytes,opt) +} + +// PodPhase is a label for the condition of a pod at the current time. +// +enum +#PodPhase: string // #enumPodPhase + +#enumPodPhase: + #PodPending | + #PodRunning | + #PodSucceeded | + #PodFailed | + #PodUnknown + +// PodPending means the pod has been accepted by the system, but one or more of the containers +// has not been started. This includes time before being bound to a node, as well as time spent +// pulling images onto the host. +#PodPending: #PodPhase & "Pending" + +// PodRunning means the pod has been bound to a node and all of the containers have been started. +// At least one container is still running or is in the process of being restarted. +#PodRunning: #PodPhase & "Running" + +// PodSucceeded means that all containers in the pod have voluntarily terminated +// with a container exit code of 0, and the system is not going to restart any of these containers. +#PodSucceeded: #PodPhase & "Succeeded" + +// PodFailed means that all containers in the pod have terminated, and at least one container has +// terminated in a failure (exited with a non-zero exit code or was stopped by the system). +#PodFailed: #PodPhase & "Failed" + +// PodUnknown means that for some reason the state of the pod could not be obtained, typically due +// to an error in communicating with the host of the pod. +// Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095) +#PodUnknown: #PodPhase & "Unknown" + +// PodConditionType is a valid value for PodCondition.Type +#PodConditionType: string // #enumPodConditionType + +#enumPodConditionType: + #ContainersReady | + #PodInitialized | + #PodReady | + #PodScheduled | + #DisruptionTarget + +// ContainersReady indicates whether all containers in the pod are ready. +#ContainersReady: #PodConditionType & "ContainersReady" + +// PodInitialized means that all init containers in the pod have started successfully. +#PodInitialized: #PodConditionType & "Initialized" + +// PodReady means the pod is able to service requests and should be added to the +// load balancing pools of all matching services. +#PodReady: #PodConditionType & "Ready" + +// PodScheduled represents status of the scheduling process for this pod. +#PodScheduled: #PodConditionType & "PodScheduled" + +// DisruptionTarget indicates the pod is about to be terminated due to a +// disruption (such as preemption, eviction API or garbage-collection). +#DisruptionTarget: #PodConditionType & "DisruptionTarget" + +// PodReasonUnschedulable reason in PodScheduled PodCondition means that the scheduler +// can't schedule the pod right now, for example due to insufficient resources in the cluster. +#PodReasonUnschedulable: "Unschedulable" + +// PodReasonSchedulingGated reason in PodScheduled PodCondition means that the scheduler +// skips scheduling the pod because one or more scheduling gates are still present. +#PodReasonSchedulingGated: "SchedulingGated" + +// PodReasonSchedulerError reason in PodScheduled PodCondition means that some internal error happens +// during scheduling, for example due to nodeAffinity parsing errors. +#PodReasonSchedulerError: "SchedulerError" + +// TerminationByKubelet reason in DisruptionTarget pod condition indicates that the termination +// is initiated by kubelet +#PodReasonTerminationByKubelet: "TerminationByKubelet" + +// PodReasonPreemptionByScheduler reason in DisruptionTarget pod condition indicates that the +// disruption was initiated by scheduler's preemption. +#PodReasonPreemptionByScheduler: "PreemptionByScheduler" + +// PodCondition contains details for the current condition of this pod. +#PodCondition: { + // Type is the type of the condition. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + type: #PodConditionType @go(Type) @protobuf(1,bytes,opt,casttype=PodConditionType) + + // Status is the status of the condition. + // Can be True, False, Unknown. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // Last time we probed the condition. + // +optional + lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt) + + // Last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // Unique, one-word, CamelCase reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // Human-readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// PodResizeStatus shows status of desired resize of a pod's containers. +#PodResizeStatus: string // #enumPodResizeStatus + +#enumPodResizeStatus: + #PodResizeStatusProposed | + #PodResizeStatusInProgress | + #PodResizeStatusDeferred | + #PodResizeStatusInfeasible + +// Pod resources resize has been requested and will be evaluated by node. +#PodResizeStatusProposed: #PodResizeStatus & "Proposed" + +// Pod resources resize has been accepted by node and is being actuated. +#PodResizeStatusInProgress: #PodResizeStatus & "InProgress" + +// Node cannot resize the pod at this time and will keep retrying. +#PodResizeStatusDeferred: #PodResizeStatus & "Deferred" + +// Requested pod resize is not feasible and will not be re-evaluated. +#PodResizeStatusInfeasible: #PodResizeStatus & "Infeasible" + +// RestartPolicy describes how the container should be restarted. +// Only one of the following restart policies may be specified. +// If none of the following policies is specified, the default one +// is RestartPolicyAlways. +// +enum +#RestartPolicy: string // #enumRestartPolicy + +#enumRestartPolicy: + #RestartPolicyAlways | + #RestartPolicyOnFailure | + #RestartPolicyNever + +#RestartPolicyAlways: #RestartPolicy & "Always" +#RestartPolicyOnFailure: #RestartPolicy & "OnFailure" +#RestartPolicyNever: #RestartPolicy & "Never" + +// ContainerRestartPolicy is the restart policy for a single container. +// This may only be set for init containers and only allowed value is "Always". +#ContainerRestartPolicy: string // #enumContainerRestartPolicy + +#enumContainerRestartPolicy: + #ContainerRestartPolicyAlways + +#ContainerRestartPolicyAlways: #ContainerRestartPolicy & "Always" + +// DNSPolicy defines how a pod's DNS will be configured. +// +enum +#DNSPolicy: string // #enumDNSPolicy + +#enumDNSPolicy: + #DNSClusterFirstWithHostNet | + #DNSClusterFirst | + #DNSDefault | + #DNSNone + +// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS +// first, if it is available, then fall back on the default +// (as determined by kubelet) DNS settings. +#DNSClusterFirstWithHostNet: #DNSPolicy & "ClusterFirstWithHostNet" + +// DNSClusterFirst indicates that the pod should use cluster DNS +// first unless hostNetwork is true, if it is available, then +// fall back on the default (as determined by kubelet) DNS settings. +#DNSClusterFirst: #DNSPolicy & "ClusterFirst" + +// DNSDefault indicates that the pod should use the default (as +// determined by kubelet) DNS settings. +#DNSDefault: #DNSPolicy & "Default" + +// DNSNone indicates that the pod should use empty DNS settings. DNS +// parameters such as nameservers and search paths should be defined via +// DNSConfig. +#DNSNone: #DNSPolicy & "None" + +// DefaultTerminationGracePeriodSeconds indicates the default duration in +// seconds a pod needs to terminate gracefully. +#DefaultTerminationGracePeriodSeconds: 30 + +// A node selector represents the union of the results of one or more label queries +// over a set of nodes; that is, it represents the OR of the selectors represented +// by the node selector terms. +// +structType=atomic +#NodeSelector: { + // Required. A list of node selector terms. The terms are ORed. + nodeSelectorTerms: [...#NodeSelectorTerm] @go(NodeSelectorTerms,[]NodeSelectorTerm) @protobuf(1,bytes,rep) +} + +// A null or empty node selector term matches no objects. The requirements of +// them are ANDed. +// The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +// +structType=atomic +#NodeSelectorTerm: { + // A list of node selector requirements by node's labels. + // +optional + matchExpressions?: [...#NodeSelectorRequirement] @go(MatchExpressions,[]NodeSelectorRequirement) @protobuf(1,bytes,rep) + + // A list of node selector requirements by node's fields. + // +optional + matchFields?: [...#NodeSelectorRequirement] @go(MatchFields,[]NodeSelectorRequirement) @protobuf(2,bytes,rep) +} + +// A node selector requirement is a selector that contains values, a key, and an operator +// that relates the key and values. +#NodeSelectorRequirement: { + // The label key that the selector applies to. + key: string @go(Key) @protobuf(1,bytes,opt) + + // Represents a key's relationship to a set of values. + // Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + operator: #NodeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=NodeSelectorOperator) + + // An array of string values. If the operator is In or NotIn, + // the values array must be non-empty. If the operator is Exists or DoesNotExist, + // the values array must be empty. If the operator is Gt or Lt, the values + // array must have a single element, which will be interpreted as an integer. + // This array is replaced during a strategic merge patch. + // +optional + values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) +} + +// A node selector operator is the set of operators that can be used in +// a node selector requirement. +// +enum +#NodeSelectorOperator: string // #enumNodeSelectorOperator + +#enumNodeSelectorOperator: + #NodeSelectorOpIn | + #NodeSelectorOpNotIn | + #NodeSelectorOpExists | + #NodeSelectorOpDoesNotExist | + #NodeSelectorOpGt | + #NodeSelectorOpLt + +#NodeSelectorOpIn: #NodeSelectorOperator & "In" +#NodeSelectorOpNotIn: #NodeSelectorOperator & "NotIn" +#NodeSelectorOpExists: #NodeSelectorOperator & "Exists" +#NodeSelectorOpDoesNotExist: #NodeSelectorOperator & "DoesNotExist" +#NodeSelectorOpGt: #NodeSelectorOperator & "Gt" +#NodeSelectorOpLt: #NodeSelectorOperator & "Lt" + +// A topology selector term represents the result of label queries. +// A null or empty topology selector term matches no objects. +// The requirements of them are ANDed. +// It provides a subset of functionality as NodeSelectorTerm. +// This is an alpha feature and may change in the future. +// +structType=atomic +#TopologySelectorTerm: { + // A list of topology selector requirements by labels. + // +optional + matchLabelExpressions?: [...#TopologySelectorLabelRequirement] @go(MatchLabelExpressions,[]TopologySelectorLabelRequirement) @protobuf(1,bytes,rep) +} + +// A topology selector requirement is a selector that matches given label. +// This is an alpha feature and may change in the future. +#TopologySelectorLabelRequirement: { + // The label key that the selector applies to. + key: string @go(Key) @protobuf(1,bytes,opt) + + // An array of string values. One value must match the label to be selected. + // Each entry in Values is ORed. + values: [...string] @go(Values,[]string) @protobuf(2,bytes,rep) +} + +// Affinity is a group of affinity scheduling rules. +#Affinity: { + // Describes node affinity scheduling rules for the pod. + // +optional + nodeAffinity?: null | #NodeAffinity @go(NodeAffinity,*NodeAffinity) @protobuf(1,bytes,opt) + + // Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + // +optional + podAffinity?: null | #PodAffinity @go(PodAffinity,*PodAffinity) @protobuf(2,bytes,opt) + + // Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + // +optional + podAntiAffinity?: null | #PodAntiAffinity @go(PodAntiAffinity,*PodAntiAffinity) @protobuf(3,bytes,opt) +} + +// Pod affinity is a group of inter pod affinity scheduling rules. +#PodAffinity: { + // If the affinity requirements specified by this field are not met at + // scheduling time, the pod will not be scheduled onto the node. + // If the affinity requirements specified by this field cease to be met + // at some point during pod execution (e.g. due to a pod label update), the + // system may or may not try to eventually evict the pod from its node. + // When there are multiple elements, the lists of nodes corresponding to each + // podAffinityTerm are intersected, i.e. all terms must be satisfied. + // +optional + requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) + + // The scheduler will prefer to schedule pods to nodes that satisfy + // the affinity expressions specified by this field, but it may choose + // a node that violates one or more of the expressions. The node that is + // most preferred is the one with the greatest sum of weights, i.e. + // for each node that meets all of the scheduling requirements (resource + // request, requiredDuringScheduling affinity expressions, etc.), + // compute a sum by iterating through the elements of this field and adding + // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + // node(s) with the highest sum are the most preferred. + // +optional + preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) +} + +// Pod anti affinity is a group of inter pod anti affinity scheduling rules. +#PodAntiAffinity: { + // If the anti-affinity requirements specified by this field are not met at + // scheduling time, the pod will not be scheduled onto the node. + // If the anti-affinity requirements specified by this field cease to be met + // at some point during pod execution (e.g. due to a pod label update), the + // system may or may not try to eventually evict the pod from its node. + // When there are multiple elements, the lists of nodes corresponding to each + // podAffinityTerm are intersected, i.e. all terms must be satisfied. + // +optional + requiredDuringSchedulingIgnoredDuringExecution?: [...#PodAffinityTerm] @go(RequiredDuringSchedulingIgnoredDuringExecution,[]PodAffinityTerm) @protobuf(1,bytes,rep) + + // The scheduler will prefer to schedule pods to nodes that satisfy + // the anti-affinity expressions specified by this field, but it may choose + // a node that violates one or more of the expressions. The node that is + // most preferred is the one with the greatest sum of weights, i.e. + // for each node that meets all of the scheduling requirements (resource + // request, requiredDuringScheduling anti-affinity expressions, etc.), + // compute a sum by iterating through the elements of this field and adding + // "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + // node(s) with the highest sum are the most preferred. + // +optional + preferredDuringSchedulingIgnoredDuringExecution?: [...#WeightedPodAffinityTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]WeightedPodAffinityTerm) @protobuf(2,bytes,rep) +} + +// The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +#WeightedPodAffinityTerm: { + // weight associated with matching the corresponding podAffinityTerm, + // in the range 1-100. + weight: int32 @go(Weight) @protobuf(1,varint,opt) + + // Required. A pod affinity term, associated with the corresponding weight. + podAffinityTerm: #PodAffinityTerm @go(PodAffinityTerm) @protobuf(2,bytes,opt) +} + +// Defines a set of pods (namely those matching the labelSelector +// relative to the given namespace(s)) that this pod should be +// co-located (affinity) or not co-located (anti-affinity) with, +// where co-located is defined as running on a node whose value of +// the label with key matches that of any node on which +// a pod of the set of pods is running +#PodAffinityTerm: { + // A label query over a set of resources, in this case pods. + // +optional + labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(1,bytes,opt) + + // namespaces specifies a static list of namespace names that the term applies to. + // The term is applied to the union of the namespaces listed in this field + // and the ones selected by namespaceSelector. + // null or empty namespaces list and null namespaceSelector means "this pod's namespace". + // +optional + namespaces?: [...string] @go(Namespaces,[]string) @protobuf(2,bytes,rep) + + // This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + // the labelSelector in the specified namespaces, where co-located is defined as running on a node + // whose value of the label with key topologyKey matches that of any node on which any of the + // selected pods is running. + // Empty topologyKey is not allowed. + topologyKey: string @go(TopologyKey) @protobuf(3,bytes,opt) + + // A label query over the set of namespaces that the term applies to. + // The term is applied to the union of the namespaces selected by this field + // and the ones listed in the namespaces field. + // null selector and null or empty namespaces list means "this pod's namespace". + // An empty selector ({}) matches all namespaces. + // +optional + namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) +} + +// Node affinity is a group of node affinity scheduling rules. +#NodeAffinity: { + // If the affinity requirements specified by this field are not met at + // scheduling time, the pod will not be scheduled onto the node. + // If the affinity requirements specified by this field cease to be met + // at some point during pod execution (e.g. due to an update), the system + // may or may not try to eventually evict the pod from its node. + // +optional + requiredDuringSchedulingIgnoredDuringExecution?: null | #NodeSelector @go(RequiredDuringSchedulingIgnoredDuringExecution,*NodeSelector) @protobuf(1,bytes,opt) + + // The scheduler will prefer to schedule pods to nodes that satisfy + // the affinity expressions specified by this field, but it may choose + // a node that violates one or more of the expressions. The node that is + // most preferred is the one with the greatest sum of weights, i.e. + // for each node that meets all of the scheduling requirements (resource + // request, requiredDuringScheduling affinity expressions, etc.), + // compute a sum by iterating through the elements of this field and adding + // "weight" to the sum if the node matches the corresponding matchExpressions; the + // node(s) with the highest sum are the most preferred. + // +optional + preferredDuringSchedulingIgnoredDuringExecution?: [...#PreferredSchedulingTerm] @go(PreferredDuringSchedulingIgnoredDuringExecution,[]PreferredSchedulingTerm) @protobuf(2,bytes,rep) +} + +// An empty preferred scheduling term matches all objects with implicit weight 0 +// (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +#PreferredSchedulingTerm: { + // Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + weight: int32 @go(Weight) @protobuf(1,varint,opt) + + // A node selector term, associated with the corresponding weight. + preference: #NodeSelectorTerm @go(Preference) @protobuf(2,bytes,opt) +} + +// The node this Taint is attached to has the "effect" on +// any pod that does not tolerate the Taint. +#Taint: { + // Required. The taint key to be applied to a node. + key: string @go(Key) @protobuf(1,bytes,opt) + + // The taint value corresponding to the taint key. + // +optional + value?: string @go(Value) @protobuf(2,bytes,opt) + + // Required. The effect of the taint on pods + // that do not tolerate the taint. + // Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + effect: #TaintEffect @go(Effect) @protobuf(3,bytes,opt,casttype=TaintEffect) + + // TimeAdded represents the time at which the taint was added. + // It is only written for NoExecute taints. + // +optional + timeAdded?: null | metav1.#Time @go(TimeAdded,*metav1.Time) @protobuf(4,bytes,opt) +} + +// +enum +#TaintEffect: string // #enumTaintEffect + +#enumTaintEffect: + #TaintEffectNoSchedule | + #TaintEffectPreferNoSchedule | + #TaintEffectNoExecute + +// Do not allow new pods to schedule onto the node unless they tolerate the taint, +// but allow all pods submitted to Kubelet without going through the scheduler +// to start, and allow all already-running pods to continue running. +// Enforced by the scheduler. +#TaintEffectNoSchedule: #TaintEffect & "NoSchedule" + +// Like TaintEffectNoSchedule, but the scheduler tries not to schedule +// new pods onto the node, rather than prohibiting new pods from scheduling +// onto the node entirely. Enforced by the scheduler. +#TaintEffectPreferNoSchedule: #TaintEffect & "PreferNoSchedule" + +// Evict any already-running pods that do not tolerate the taint. +// Currently enforced by NodeController. +#TaintEffectNoExecute: #TaintEffect & "NoExecute" + +// The pod this Toleration is attached to tolerates any taint that matches +// the triple using the matching operator . +#Toleration: { + // Key is the taint key that the toleration applies to. Empty means match all taint keys. + // If the key is empty, operator must be Exists; this combination means to match all values and all keys. + // +optional + key?: string @go(Key) @protobuf(1,bytes,opt) + + // Operator represents a key's relationship to the value. + // Valid operators are Exists and Equal. Defaults to Equal. + // Exists is equivalent to wildcard for value, so that a pod can + // tolerate all taints of a particular category. + // +optional + operator?: #TolerationOperator @go(Operator) @protobuf(2,bytes,opt,casttype=TolerationOperator) + + // Value is the taint value the toleration matches to. + // If the operator is Exists, the value should be empty, otherwise just a regular string. + // +optional + value?: string @go(Value) @protobuf(3,bytes,opt) + + // Effect indicates the taint effect to match. Empty means match all taint effects. + // When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + // +optional + effect?: #TaintEffect @go(Effect) @protobuf(4,bytes,opt,casttype=TaintEffect) + + // TolerationSeconds represents the period of time the toleration (which must be + // of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + // it is not set, which means tolerate the taint forever (do not evict). Zero and + // negative values will be treated as 0 (evict immediately) by the system. + // +optional + tolerationSeconds?: null | int64 @go(TolerationSeconds,*int64) @protobuf(5,varint,opt) +} + +// A toleration operator is the set of operators that can be used in a toleration. +// +enum +#TolerationOperator: string // #enumTolerationOperator + +#enumTolerationOperator: + #TolerationOpExists | + #TolerationOpEqual + +#TolerationOpExists: #TolerationOperator & "Exists" +#TolerationOpEqual: #TolerationOperator & "Equal" + +// PodReadinessGate contains the reference to a pod condition +#PodReadinessGate: { + // ConditionType refers to a condition in the pod's condition list with matching type. + conditionType: #PodConditionType @go(ConditionType) @protobuf(1,bytes,opt,casttype=PodConditionType) +} + +// PodSpec is a description of a pod. +#PodSpec: { + // List of volumes that can be mounted by containers belonging to the pod. + // More info: https://kubernetes.io/docs/concepts/storage/volumes + // +optional + // +patchMergeKey=name + // +patchStrategy=merge,retainKeys + volumes?: [...#Volume] @go(Volumes,[]Volume) @protobuf(1,bytes,rep) + + // List of initialization containers belonging to the pod. + // Init containers are executed in order prior to containers being started. If any + // init container fails, the pod is considered to have failed and is handled according + // to its restartPolicy. The name for an init container or normal container must be + // unique among all containers. + // Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. + // The resourceRequirements of an init container are taken into account during scheduling + // by finding the highest request/limit for each resource type, and then using the max of + // of that value or the sum of the normal containers. Limits are applied to init containers + // in a similar fashion. + // Init containers cannot currently be added or removed. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + // +patchMergeKey=name + // +patchStrategy=merge + initContainers?: [...#Container] @go(InitContainers,[]Container) @protobuf(20,bytes,rep) + + // List of containers belonging to the pod. + // Containers cannot currently be added or removed. + // There must be at least one container in a Pod. + // Cannot be updated. + // +patchMergeKey=name + // +patchStrategy=merge + containers: [...#Container] @go(Containers,[]Container) @protobuf(2,bytes,rep) + + // List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing + // pod to perform user-initiated actions such as debugging. This list cannot be specified when + // creating a pod, and it cannot be modified by updating the pod spec. In order to add an + // ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + ephemeralContainers?: [...#EphemeralContainer] @go(EphemeralContainers,[]EphemeralContainer) @protobuf(34,bytes,rep) + + // Restart policy for all containers within the pod. + // One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. + // Default to Always. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy + // +optional + restartPolicy?: #RestartPolicy @go(RestartPolicy) @protobuf(3,bytes,opt,casttype=RestartPolicy) + + // Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + // Value must be non-negative integer. The value zero indicates stop immediately via + // the kill signal (no opportunity to shut down). + // If this value is nil, the default grace period will be used instead. + // The grace period is the duration in seconds after the processes running in the pod are sent + // a termination signal and the time when the processes are forcibly halted with a kill signal. + // Set this value longer than the expected cleanup time for your process. + // Defaults to 30 seconds. + // +optional + terminationGracePeriodSeconds?: null | int64 @go(TerminationGracePeriodSeconds,*int64) @protobuf(4,varint,opt) + + // Optional duration in seconds the pod may be active on the node relative to + // StartTime before the system will actively try to mark it failed and kill associated containers. + // Value must be a positive integer. + // +optional + activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(5,varint,opt) + + // Set DNS policy for the pod. + // Defaults to "ClusterFirst". + // Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + // DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + // To have DNS options set along with hostNetwork, you have to specify DNS policy + // explicitly to 'ClusterFirstWithHostNet'. + // +optional + dnsPolicy?: #DNSPolicy @go(DNSPolicy) @protobuf(6,bytes,opt,casttype=DNSPolicy) + + // NodeSelector is a selector which must be true for the pod to fit on a node. + // Selector which must match a node's labels for the pod to be scheduled on that node. + // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + // +optional + // +mapType=atomic + nodeSelector?: {[string]: string} @go(NodeSelector,map[string]string) @protobuf(7,bytes,rep) + + // ServiceAccountName is the name of the ServiceAccount to use to run this pod. + // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + // +optional + serviceAccountName?: string @go(ServiceAccountName) @protobuf(8,bytes,opt) + + // DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + // Deprecated: Use serviceAccountName instead. + // +k8s:conversion-gen=false + // +optional + serviceAccount?: string @go(DeprecatedServiceAccount) @protobuf(9,bytes,opt) + + // AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + // +optional + automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(21,varint,opt) + + // NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + // the scheduler simply schedules this pod onto that node, assuming that it fits resource + // requirements. + // +optional + nodeName?: string @go(NodeName) @protobuf(10,bytes,opt) + + // Host networking requested for this pod. Use the host's network namespace. + // If this option is set, the ports that will be used must be specified. + // Default to false. + // +k8s:conversion-gen=false + // +optional + hostNetwork?: bool @go(HostNetwork) @protobuf(11,varint,opt) + + // Use the host's pid namespace. + // Optional: Default to false. + // +k8s:conversion-gen=false + // +optional + hostPID?: bool @go(HostPID) @protobuf(12,varint,opt) + + // Use the host's ipc namespace. + // Optional: Default to false. + // +k8s:conversion-gen=false + // +optional + hostIPC?: bool @go(HostIPC) @protobuf(13,varint,opt) + + // Share a single process namespace between all of the containers in a pod. + // When this is set containers will be able to view and signal processes from other containers + // in the same pod, and the first process in each container will not be assigned PID 1. + // HostPID and ShareProcessNamespace cannot both be set. + // Optional: Default to false. + // +k8s:conversion-gen=false + // +optional + shareProcessNamespace?: null | bool @go(ShareProcessNamespace,*bool) @protobuf(27,varint,opt) + + // SecurityContext holds pod-level security attributes and common container settings. + // Optional: Defaults to empty. See type description for default values of each field. + // +optional + securityContext?: null | #PodSecurityContext @go(SecurityContext,*PodSecurityContext) @protobuf(14,bytes,opt) + + // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + // If specified, these secrets will be passed to individual puller implementations for them to use. + // More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(15,bytes,rep) + + // Specifies the hostname of the Pod + // If not specified, the pod's hostname will be set to a system-defined value. + // +optional + hostname?: string @go(Hostname) @protobuf(16,bytes,opt) + + // If specified, the fully qualified Pod hostname will be "...svc.". + // If not specified, the pod will not have a domainname at all. + // +optional + subdomain?: string @go(Subdomain) @protobuf(17,bytes,opt) + + // If specified, the pod's scheduling constraints + // +optional + affinity?: null | #Affinity @go(Affinity,*Affinity) @protobuf(18,bytes,opt) + + // If specified, the pod will be dispatched by specified scheduler. + // If not specified, the pod will be dispatched by default scheduler. + // +optional + schedulerName?: string @go(SchedulerName) @protobuf(19,bytes,opt) + + // If specified, the pod's tolerations. + // +optional + tolerations?: [...#Toleration] @go(Tolerations,[]Toleration) @protobuf(22,bytes,opt) + + // HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + // file if specified. This is only valid for non-hostNetwork pods. + // +optional + // +patchMergeKey=ip + // +patchStrategy=merge + hostAliases?: [...#HostAlias] @go(HostAliases,[]HostAlias) @protobuf(23,bytes,rep) + + // If specified, indicates the pod's priority. "system-node-critical" and + // "system-cluster-critical" are two special keywords which indicate the + // highest priorities with the former being the highest priority. Any other + // name must be defined by creating a PriorityClass object with that name. + // If not specified, the pod priority will be default or zero if there is no + // default. + // +optional + priorityClassName?: string @go(PriorityClassName) @protobuf(24,bytes,opt) + + // The priority value. Various system components use this field to find the + // priority of the pod. When Priority Admission Controller is enabled, it + // prevents users from setting this field. The admission controller populates + // this field from PriorityClassName. + // The higher the value, the higher the priority. + // +optional + priority?: null | int32 @go(Priority,*int32) @protobuf(25,bytes,opt) + + // Specifies the DNS parameters of a pod. + // Parameters specified here will be merged to the generated DNS + // configuration based on DNSPolicy. + // +optional + dnsConfig?: null | #PodDNSConfig @go(DNSConfig,*PodDNSConfig) @protobuf(26,bytes,opt) + + // If specified, all readiness gates will be evaluated for pod readiness. + // A pod is ready when all its containers are ready AND + // all conditions specified in the readiness gates have status equal to "True" + // More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates + // +optional + readinessGates?: [...#PodReadinessGate] @go(ReadinessGates,[]PodReadinessGate) @protobuf(28,bytes,opt) + + // RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + // to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + // If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + // empty definition that uses the default runtime handler. + // More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + // +optional + runtimeClassName?: null | string @go(RuntimeClassName,*string) @protobuf(29,bytes,opt) + + // EnableServiceLinks indicates whether information about services should be injected into pod's + // environment variables, matching the syntax of Docker links. + // Optional: Defaults to true. + // +optional + enableServiceLinks?: null | bool @go(EnableServiceLinks,*bool) @protobuf(30,varint,opt) + + // PreemptionPolicy is the Policy for preempting pods with lower priority. + // One of Never, PreemptLowerPriority. + // Defaults to PreemptLowerPriority if unset. + // +optional + preemptionPolicy?: null | #PreemptionPolicy @go(PreemptionPolicy,*PreemptionPolicy) @protobuf(31,bytes,opt) + + // Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + // This field will be autopopulated at admission time by the RuntimeClass admission controller. If + // the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + // The RuntimeClass admission controller will reject Pod create requests which have the overhead already + // set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + // defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + // More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + // +optional + overhead?: #ResourceList @go(Overhead) @protobuf(32,bytes,opt) + + // TopologySpreadConstraints describes how a group of pods ought to spread across topology + // domains. Scheduler will schedule pods in a way which abides by the constraints. + // All topologySpreadConstraints are ANDed. + // +optional + // +patchMergeKey=topologyKey + // +patchStrategy=merge + // +listType=map + // +listMapKey=topologyKey + // +listMapKey=whenUnsatisfiable + topologySpreadConstraints?: [...#TopologySpreadConstraint] @go(TopologySpreadConstraints,[]TopologySpreadConstraint) @protobuf(33,bytes,opt) + + // If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + // In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + // In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + // If a pod does not have FQDN, this has no effect. + // Default to false. + // +optional + setHostnameAsFQDN?: null | bool @go(SetHostnameAsFQDN,*bool) @protobuf(35,varint,opt) + + // Specifies the OS of the containers in the pod. + // Some pod and container fields are restricted if this is set. + // + // If the OS field is set to linux, the following fields must be unset: + // -securityContext.windowsOptions + // + // If the OS field is set to windows, following fields must be unset: + // - spec.hostPID + // - spec.hostIPC + // - spec.hostUsers + // - spec.securityContext.seLinuxOptions + // - spec.securityContext.seccompProfile + // - spec.securityContext.fsGroup + // - spec.securityContext.fsGroupChangePolicy + // - spec.securityContext.sysctls + // - spec.shareProcessNamespace + // - spec.securityContext.runAsUser + // - spec.securityContext.runAsGroup + // - spec.securityContext.supplementalGroups + // - spec.containers[*].securityContext.seLinuxOptions + // - spec.containers[*].securityContext.seccompProfile + // - spec.containers[*].securityContext.capabilities + // - spec.containers[*].securityContext.readOnlyRootFilesystem + // - spec.containers[*].securityContext.privileged + // - spec.containers[*].securityContext.allowPrivilegeEscalation + // - spec.containers[*].securityContext.procMount + // - spec.containers[*].securityContext.runAsUser + // - spec.containers[*].securityContext.runAsGroup + // +optional + os?: null | #PodOS @go(OS,*PodOS) @protobuf(36,bytes,opt) + + // Use the host's user namespace. + // Optional: Default to true. + // If set to true or not present, the pod will be run in the host user namespace, useful + // for when the pod needs a feature only available to the host user namespace, such as + // loading a kernel module with CAP_SYS_MODULE. + // When set to false, a new userns is created for the pod. Setting false is useful for + // mitigating container breakout vulnerabilities even allowing users to run their + // containers as root without actually having root privileges on the host. + // This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + // +k8s:conversion-gen=false + // +optional + hostUsers?: null | bool @go(HostUsers,*bool) @protobuf(37,bytes,opt) + + // SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + // If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + // scheduler will not attempt to schedule the pod. + // + // SchedulingGates can only be set at pod creation time, and be removed only afterwards. + // + // This is a beta feature enabled by the PodSchedulingReadiness feature gate. + // + // +patchMergeKey=name + // +patchStrategy=merge + // +listType=map + // +listMapKey=name + // +featureGate=PodSchedulingReadiness + // +optional + schedulingGates?: [...#PodSchedulingGate] @go(SchedulingGates,[]PodSchedulingGate) @protobuf(38,bytes,opt) + + // ResourceClaims defines which ResourceClaims must be allocated + // and reserved before the Pod is allowed to start. The resources + // will be made available to those containers which consume them + // by name. + // + // This is an alpha field and requires enabling the + // DynamicResourceAllocation feature gate. + // + // This field is immutable. + // + // +patchMergeKey=name + // +patchStrategy=merge,retainKeys + // +listType=map + // +listMapKey=name + // +featureGate=DynamicResourceAllocation + // +optional + resourceClaims?: [...#PodResourceClaim] @go(ResourceClaims,[]PodResourceClaim) @protobuf(39,bytes,rep) +} + +// PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +// It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. +// Containers that need access to the ResourceClaim reference it with this name. +#PodResourceClaim: { + // Name uniquely identifies this resource claim inside the pod. + // This must be a DNS_LABEL. + name: string @go(Name) @protobuf(1,bytes) + + // Source describes where to find the ResourceClaim. + source?: #ClaimSource @go(Source) @protobuf(2,bytes) +} + +// ClaimSource describes a reference to a ResourceClaim. +// +// Exactly one of these fields should be set. Consumers of this type must +// treat an empty object as if it has an unknown value. +#ClaimSource: { + // ResourceClaimName is the name of a ResourceClaim object in the same + // namespace as this pod. + resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(1,bytes,opt) + + // ResourceClaimTemplateName is the name of a ResourceClaimTemplate + // object in the same namespace as this pod. + // + // The template will be used to create a new ResourceClaim, which will + // be bound to this pod. When this pod is deleted, the ResourceClaim + // will also be deleted. The pod name and resource name, along with a + // generated component, will be used to form a unique name for the + // ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + // + // This field is immutable and no changes will be made to the + // corresponding ResourceClaim by the control plane after creating the + // ResourceClaim. + resourceClaimTemplateName?: null | string @go(ResourceClaimTemplateName,*string) @protobuf(2,bytes,opt) +} + +// PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim +// which references a ResourceClaimTemplate. It stores the generated name for +// the corresponding ResourceClaim. +#PodResourceClaimStatus: { + // Name uniquely identifies this resource claim inside the pod. + // This must match the name of an entry in pod.spec.resourceClaims, + // which implies that the string must be a DNS_LABEL. + name: string @go(Name) @protobuf(1,bytes) + + // ResourceClaimName is the name of the ResourceClaim that was + // generated for the Pod in the namespace of the Pod. It this is + // unset, then generating a ResourceClaim was not necessary. The + // pod.spec.resourceClaims entry can be ignored in this case. + // + // +optional + resourceClaimName?: null | string @go(ResourceClaimName,*string) @protobuf(2,bytes,opt) +} + +// OSName is the set of OS'es that can be used in OS. +#OSName: string // #enumOSName + +#enumOSName: + #Linux | + #Windows + +#Linux: #OSName & "linux" +#Windows: #OSName & "windows" + +// PodOS defines the OS parameters of a pod. +#PodOS: { + // Name is the name of the operating system. The currently supported values are linux and windows. + // Additional value may be defined in future and can be one of: + // https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + // Clients should expect to handle additional values and treat unrecognized values in this field as os: null + name: #OSName @go(Name) @protobuf(1,bytes,opt) +} + +// PodSchedulingGate is associated to a Pod to guard its scheduling. +#PodSchedulingGate: { + // Name of the scheduling gate. + // Each scheduling gate must have a unique name field. + name: string @go(Name) @protobuf(1,bytes,opt) +} + +// +enum +#UnsatisfiableConstraintAction: string // #enumUnsatisfiableConstraintAction + +#enumUnsatisfiableConstraintAction: + #DoNotSchedule | + #ScheduleAnyway + +// DoNotSchedule instructs the scheduler not to schedule the pod +// when constraints are not satisfied. +#DoNotSchedule: #UnsatisfiableConstraintAction & "DoNotSchedule" + +// ScheduleAnyway instructs the scheduler to schedule the pod +// even if constraints are not satisfied. +#ScheduleAnyway: #UnsatisfiableConstraintAction & "ScheduleAnyway" + +// NodeInclusionPolicy defines the type of node inclusion policy +// +enum +#NodeInclusionPolicy: string // #enumNodeInclusionPolicy + +#enumNodeInclusionPolicy: + #NodeInclusionPolicyIgnore | + #NodeInclusionPolicyHonor + +// NodeInclusionPolicyIgnore means ignore this scheduling directive when calculating pod topology spread skew. +#NodeInclusionPolicyIgnore: #NodeInclusionPolicy & "Ignore" + +// NodeInclusionPolicyHonor means use this scheduling directive when calculating pod topology spread skew. +#NodeInclusionPolicyHonor: #NodeInclusionPolicy & "Honor" + +// TopologySpreadConstraint specifies how to spread matching pods among the given topology. +#TopologySpreadConstraint: { + // MaxSkew describes the degree to which pods may be unevenly distributed. + // When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + // between the number of matching pods in the target topology and the global minimum. + // The global minimum is the minimum number of matching pods in an eligible domain + // or zero if the number of eligible domains is less than MinDomains. + // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + // labelSelector spread as 2/2/1: + // In this case, the global minimum is 1. + // +-------+-------+-------+ + // | zone1 | zone2 | zone3 | + // +-------+-------+-------+ + // | P P | P P | P | + // +-------+-------+-------+ + // - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + // scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + // violate MaxSkew(1). + // - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + // When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + // to topologies that satisfy it. + // It's a required field. Default value is 1 and 0 is not allowed. + maxSkew: int32 @go(MaxSkew) @protobuf(1,varint,opt) + + // TopologyKey is the key of node labels. Nodes that have a label with this key + // and identical values are considered to be in the same topology. + // We consider each as a "bucket", and try to put balanced number + // of pods into each bucket. + // We define a domain as a particular instance of a topology. + // Also, we define an eligible domain as a domain whose nodes meet the requirements of + // nodeAffinityPolicy and nodeTaintsPolicy. + // e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + // And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + // It's a required field. + topologyKey: string @go(TopologyKey) @protobuf(2,bytes,opt) + + // WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + // the spread constraint. + // - DoNotSchedule (default) tells the scheduler not to schedule it. + // - ScheduleAnyway tells the scheduler to schedule the pod in any location, + // but giving higher precedence to topologies that would help reduce the + // skew. + // A constraint is considered "Unsatisfiable" for an incoming pod + // if and only if every possible node assignment for that pod would violate + // "MaxSkew" on some topology. + // For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + // labelSelector spread as 3/1/1: + // +-------+-------+-------+ + // | zone1 | zone2 | zone3 | + // +-------+-------+-------+ + // | P P P | P | P | + // +-------+-------+-------+ + // If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + // to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + // MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + // won't make it *more* imbalanced. + // It's a required field. + whenUnsatisfiable: #UnsatisfiableConstraintAction @go(WhenUnsatisfiable) @protobuf(3,bytes,opt,casttype=UnsatisfiableConstraintAction) + + // LabelSelector is used to find matching pods. + // Pods that match this label selector are counted to determine the number of pods + // in their corresponding topology domain. + // +optional + labelSelector?: null | metav1.#LabelSelector @go(LabelSelector,*metav1.LabelSelector) @protobuf(4,bytes,opt) + + // MinDomains indicates a minimum number of eligible domains. + // When the number of eligible domains with matching topology keys is less than minDomains, + // Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + // And when the number of eligible domains with matching topology keys equals or greater than minDomains, + // this value has no effect on scheduling. + // As a result, when the number of eligible domains is less than minDomains, + // scheduler won't schedule more than maxSkew Pods to those domains. + // If value is nil, the constraint behaves as if MinDomains is equal to 1. + // Valid values are integers greater than 0. + // When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + // + // For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + // labelSelector spread as 2/2/2: + // +-------+-------+-------+ + // | zone1 | zone2 | zone3 | + // +-------+-------+-------+ + // | P P | P P | P P | + // +-------+-------+-------+ + // The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + // In this situation, new pod with the same labelSelector cannot be scheduled, + // because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + // it will violate MaxSkew. + // + // This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + // +optional + minDomains?: null | int32 @go(MinDomains,*int32) @protobuf(5,varint,opt) + + // NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + // when calculating pod topology spread skew. Options are: + // - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + // - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + // + // If this value is nil, the behavior is equivalent to the Honor policy. + // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + // +optional + nodeAffinityPolicy?: null | #NodeInclusionPolicy @go(NodeAffinityPolicy,*NodeInclusionPolicy) @protobuf(6,bytes,opt) + + // NodeTaintsPolicy indicates how we will treat node taints when calculating + // pod topology spread skew. Options are: + // - Honor: nodes without taints, along with tainted nodes for which the incoming pod + // has a toleration, are included. + // - Ignore: node taints are ignored. All nodes are included. + // + // If this value is nil, the behavior is equivalent to the Ignore policy. + // This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + // +optional + nodeTaintsPolicy?: null | #NodeInclusionPolicy @go(NodeTaintsPolicy,*NodeInclusionPolicy) @protobuf(7,bytes,opt) + + // MatchLabelKeys is a set of pod label keys to select the pods over which + // spreading will be calculated. The keys are used to lookup values from the + // incoming pod labels, those key-value labels are ANDed with labelSelector + // to select the group of existing pods over which spreading will be calculated + // for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + // MatchLabelKeys cannot be set when LabelSelector isn't set. + // Keys that don't exist in the incoming pod labels will + // be ignored. A null or empty list means only match against labelSelector. + // + // This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + // +listType=atomic + // +optional + matchLabelKeys?: [...string] @go(MatchLabelKeys,[]string) @protobuf(8,bytes,opt) +} + +// The default value for enableServiceLinks attribute. +#DefaultEnableServiceLinks: true + +// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +// pod's hosts file. +#HostAlias: { + // IP address of the host file entry. + ip?: string @go(IP) @protobuf(1,bytes,opt) + + // Hostnames for the above IP address. + hostnames?: [...string] @go(Hostnames,[]string) @protobuf(2,bytes,rep) +} + +// PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume +// when volume is mounted. +// +enum +#PodFSGroupChangePolicy: string // #enumPodFSGroupChangePolicy + +#enumPodFSGroupChangePolicy: + #FSGroupChangeOnRootMismatch | + #FSGroupChangeAlways + +// FSGroupChangeOnRootMismatch indicates that volume's ownership and permissions will be changed +// only when permission and ownership of root directory does not match with expected +// permissions on the volume. This can help shorten the time it takes to change +// ownership and permissions of a volume. +#FSGroupChangeOnRootMismatch: #PodFSGroupChangePolicy & "OnRootMismatch" + +// FSGroupChangeAlways indicates that volume's ownership and permissions +// should always be changed whenever volume is mounted inside a Pod. This the default +// behavior. +#FSGroupChangeAlways: #PodFSGroupChangePolicy & "Always" + +// PodSecurityContext holds pod-level security attributes and common container settings. +// Some fields are also present in container.securityContext. Field values of +// container.securityContext take precedence over field values of PodSecurityContext. +#PodSecurityContext: { + // The SELinux context to be applied to all containers. + // If unspecified, the container runtime will allocate a random SELinux context for each + // container. May also be set in SecurityContext. If set in + // both SecurityContext and PodSecurityContext, the value specified in SecurityContext + // takes precedence for that container. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(1,bytes,opt) + + // The Windows specific settings applied to all containers. + // If unspecified, the options within a container's SecurityContext will be used. + // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is linux. + // +optional + windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(8,bytes,opt) + + // The UID to run the entrypoint of the container process. + // Defaults to user specified in image metadata if unspecified. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence + // for that container. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(2,varint,opt) + + // The GID to run the entrypoint of the container process. + // Uses runtime default if unset. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence + // for that container. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(6,varint,opt) + + // Indicates that the container must run as a non-root user. + // If true, the Kubelet will validate the image at runtime to ensure that it + // does not run as UID 0 (root) and fail to start the container if it does. + // If unset or false, no such validation will be performed. + // May also be set in SecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // +optional + runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(3,varint,opt) + + // A list of groups applied to the first process run in each container, in addition + // to the container's primary GID, the fsGroup (if specified), and group memberships + // defined in the container image for the uid of the container process. If unspecified, + // no additional groups are added to any container. Note that group memberships + // defined in the container image for the uid of the container process are still effective, + // even if they are not included in this list. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + supplementalGroups?: [...int64] @go(SupplementalGroups,[]int64) @protobuf(4,varint,rep) + + // A special supplemental group that applies to all containers in a pod. + // Some volume types allow the Kubelet to change the ownership of that volume + // to be owned by the pod: + // + // 1. The owning GID will be the FSGroup + // 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + // 3. The permission bits are OR'd with rw-rw---- + // + // If unset, the Kubelet will not modify the ownership and permissions of any volume. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + fsGroup?: null | int64 @go(FSGroup,*int64) @protobuf(5,varint,opt) + + // Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + // sysctls (by the container runtime) might fail to launch. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + sysctls?: [...#Sysctl] @go(Sysctls,[]Sysctl) @protobuf(7,bytes,rep) + + // fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + // before being exposed inside Pod. This field will only apply to + // volume types which support fsGroup based ownership(and permissions). + // It will have no effect on ephemeral volume types such as: secret, configmaps + // and emptydir. + // Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + fsGroupChangePolicy?: null | #PodFSGroupChangePolicy @go(FSGroupChangePolicy,*PodFSGroupChangePolicy) @protobuf(9,bytes,opt) + + // The seccomp options to use by the containers in this pod. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(10,bytes,opt) +} + +// SeccompProfile defines a pod/container's seccomp profile settings. +// Only one profile source may be set. +// +union +#SeccompProfile: { + // type indicates which kind of seccomp profile will be applied. + // Valid options are: + // + // Localhost - a profile defined in a file on the node should be used. + // RuntimeDefault - the container runtime default profile should be used. + // Unconfined - no profile should be applied. + // +unionDiscriminator + type: #SeccompProfileType @go(Type) @protobuf(1,bytes,opt,casttype=SeccompProfileType) + + // localhostProfile indicates a profile defined in a file on the node should be used. + // The profile must be preconfigured on the node to work. + // Must be a descending path, relative to the kubelet's configured seccomp profile location. + // Must be set if type is "Localhost". Must NOT be set for any other type. + // +optional + localhostProfile?: null | string @go(LocalhostProfile,*string) @protobuf(2,bytes,opt) +} + +// SeccompProfileType defines the supported seccomp profile types. +// +enum +#SeccompProfileType: string // #enumSeccompProfileType + +#enumSeccompProfileType: + #SeccompProfileTypeUnconfined | + #SeccompProfileTypeRuntimeDefault | + #SeccompProfileTypeLocalhost + +// SeccompProfileTypeUnconfined indicates no seccomp profile is applied (A.K.A. unconfined). +#SeccompProfileTypeUnconfined: #SeccompProfileType & "Unconfined" + +// SeccompProfileTypeRuntimeDefault represents the default container runtime seccomp profile. +#SeccompProfileTypeRuntimeDefault: #SeccompProfileType & "RuntimeDefault" + +// SeccompProfileTypeLocalhost indicates a profile defined in a file on the node should be used. +// The file's location relative to /seccomp. +#SeccompProfileTypeLocalhost: #SeccompProfileType & "Localhost" + +// PodQOSClass defines the supported qos classes of Pods. +// +enum +#PodQOSClass: string // #enumPodQOSClass + +#enumPodQOSClass: + #PodQOSGuaranteed | + #PodQOSBurstable | + #PodQOSBestEffort + +// PodQOSGuaranteed is the Guaranteed qos class. +#PodQOSGuaranteed: #PodQOSClass & "Guaranteed" + +// PodQOSBurstable is the Burstable qos class. +#PodQOSBurstable: #PodQOSClass & "Burstable" + +// PodQOSBestEffort is the BestEffort qos class. +#PodQOSBestEffort: #PodQOSClass & "BestEffort" + +// PodDNSConfig defines the DNS parameters of a pod in addition to +// those generated from DNSPolicy. +#PodDNSConfig: { + // A list of DNS name server IP addresses. + // This will be appended to the base nameservers generated from DNSPolicy. + // Duplicated nameservers will be removed. + // +optional + nameservers?: [...string] @go(Nameservers,[]string) @protobuf(1,bytes,rep) + + // A list of DNS search domains for host-name lookup. + // This will be appended to the base search paths generated from DNSPolicy. + // Duplicated search paths will be removed. + // +optional + searches?: [...string] @go(Searches,[]string) @protobuf(2,bytes,rep) + + // A list of DNS resolver options. + // This will be merged with the base options generated from DNSPolicy. + // Duplicated entries will be removed. Resolution options given in Options + // will override those that appear in the base DNSPolicy. + // +optional + options?: [...#PodDNSConfigOption] @go(Options,[]PodDNSConfigOption) @protobuf(3,bytes,rep) +} + +// PodDNSConfigOption defines DNS resolver options of a pod. +#PodDNSConfigOption: { + // Required. + name?: string @go(Name) @protobuf(1,bytes,opt) + + // +optional + value?: null | string @go(Value,*string) @protobuf(2,bytes,opt) +} + +// PodIP represents a single IP address allocated to the pod. +#PodIP: { + // IP is the IP address assigned to the pod + ip?: string @go(IP) @protobuf(1,bytes,opt) +} + +// HostIP represents a single IP address allocated to the host. +#HostIP: { + // IP is the IP address assigned to the host + ip?: string @go(IP) @protobuf(1,bytes,opt) +} + +// EphemeralContainerCommon is a copy of all fields in Container to be inlined in +// EphemeralContainer. This separate type allows easy conversion from EphemeralContainer +// to Container and allows separate documentation for the fields of EphemeralContainer. +// When a new field is added to Container it must be added here as well. +#EphemeralContainerCommon: { + // Name of the ephemeral container specified as a DNS_LABEL. + // This name must be unique among all containers, init containers and ephemeral containers. + name: string @go(Name) @protobuf(1,bytes,opt) + + // Container image name. + // More info: https://kubernetes.io/docs/concepts/containers/images + image?: string @go(Image) @protobuf(2,bytes,opt) + + // Entrypoint array. Not executed within a shell. + // The image's ENTRYPOINT is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + command?: [...string] @go(Command,[]string) @protobuf(3,bytes,rep) + + // Arguments to the entrypoint. + // The image's CMD is used if this is not provided. + // Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + // cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + // produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + // of whether the variable exists or not. Cannot be updated. + // More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + // +optional + args?: [...string] @go(Args,[]string) @protobuf(4,bytes,rep) + + // Container's working directory. + // If not specified, the container runtime's default will be used, which + // might be configured in the container image. + // Cannot be updated. + // +optional + workingDir?: string @go(WorkingDir) @protobuf(5,bytes,opt) + + // Ports are not allowed for ephemeral containers. + // +optional + // +patchMergeKey=containerPort + // +patchStrategy=merge + // +listType=map + // +listMapKey=containerPort + // +listMapKey=protocol + ports?: [...#ContainerPort] @go(Ports,[]ContainerPort) @protobuf(6,bytes,rep) + + // List of sources to populate environment variables in the container. + // The keys defined within a source must be a C_IDENTIFIER. All invalid keys + // will be reported as an event when the container is starting. When a key exists in multiple + // sources, the value associated with the last source will take precedence. + // Values defined by an Env with a duplicate key will take precedence. + // Cannot be updated. + // +optional + envFrom?: [...#EnvFromSource] @go(EnvFrom,[]EnvFromSource) @protobuf(19,bytes,rep) + + // List of environment variables to set in the container. + // Cannot be updated. + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + env?: [...#EnvVar] @go(Env,[]EnvVar) @protobuf(7,bytes,rep) + + // Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources + // already allocated to the pod. + // +optional + resources?: #ResourceRequirements @go(Resources) @protobuf(8,bytes,opt) + + // Resources resize policy for the container. + // +featureGate=InPlacePodVerticalScaling + // +optional + // +listType=atomic + resizePolicy?: [...#ContainerResizePolicy] @go(ResizePolicy,[]ContainerResizePolicy) @protobuf(23,bytes,rep) + + // Restart policy for the container to manage the restart behavior of each + // container within a pod. + // This may only be set for init containers. You cannot set this field on + // ephemeral containers. + // +featureGate=SidecarContainers + // +optional + restartPolicy?: null | #ContainerRestartPolicy @go(RestartPolicy,*ContainerRestartPolicy) @protobuf(24,bytes,opt,casttype=ContainerRestartPolicy) + + // Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + // Cannot be updated. + // +optional + // +patchMergeKey=mountPath + // +patchStrategy=merge + volumeMounts?: [...#VolumeMount] @go(VolumeMounts,[]VolumeMount) @protobuf(9,bytes,rep) + + // volumeDevices is the list of block devices to be used by the container. + // +patchMergeKey=devicePath + // +patchStrategy=merge + // +optional + volumeDevices?: [...#VolumeDevice] @go(VolumeDevices,[]VolumeDevice) @protobuf(21,bytes,rep) + + // Probes are not allowed for ephemeral containers. + // +optional + livenessProbe?: null | #Probe @go(LivenessProbe,*Probe) @protobuf(10,bytes,opt) + + // Probes are not allowed for ephemeral containers. + // +optional + readinessProbe?: null | #Probe @go(ReadinessProbe,*Probe) @protobuf(11,bytes,opt) + + // Probes are not allowed for ephemeral containers. + // +optional + startupProbe?: null | #Probe @go(StartupProbe,*Probe) @protobuf(22,bytes,opt) + + // Lifecycle is not allowed for ephemeral containers. + // +optional + lifecycle?: null | #Lifecycle @go(Lifecycle,*Lifecycle) @protobuf(12,bytes,opt) + + // Optional: Path at which the file to which the container's termination message + // will be written is mounted into the container's filesystem. + // Message written is intended to be brief final status, such as an assertion failure message. + // Will be truncated by the node if greater than 4096 bytes. The total message length across + // all containers will be limited to 12kb. + // Defaults to /dev/termination-log. + // Cannot be updated. + // +optional + terminationMessagePath?: string @go(TerminationMessagePath) @protobuf(13,bytes,opt) + + // Indicate how the termination message should be populated. File will use the contents of + // terminationMessagePath to populate the container status message on both success and failure. + // FallbackToLogsOnError will use the last chunk of container log output if the termination + // message file is empty and the container exited with an error. + // The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + // Defaults to File. + // Cannot be updated. + // +optional + terminationMessagePolicy?: #TerminationMessagePolicy @go(TerminationMessagePolicy) @protobuf(20,bytes,opt,casttype=TerminationMessagePolicy) + + // Image pull policy. + // One of Always, Never, IfNotPresent. + // Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + // +optional + imagePullPolicy?: #PullPolicy @go(ImagePullPolicy) @protobuf(14,bytes,opt,casttype=PullPolicy) + + // Optional: SecurityContext defines the security options the ephemeral container should be run with. + // If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + // +optional + securityContext?: null | #SecurityContext @go(SecurityContext,*SecurityContext) @protobuf(15,bytes,opt) + + // Whether this container should allocate a buffer for stdin in the container runtime. If this + // is not set, reads from stdin in the container will always result in EOF. + // Default is false. + // +optional + stdin?: bool @go(Stdin) @protobuf(16,varint,opt) + + // Whether the container runtime should close the stdin channel after it has been opened by + // a single attach. When stdin is true the stdin stream will remain open across multiple attach + // sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the + // first client attaches to stdin, and then remains open and accepts data until the client disconnects, + // at which time stdin is closed and remains closed until the container is restarted. If this + // flag is false, a container processes that reads from stdin will never receive an EOF. + // Default is false + // +optional + stdinOnce?: bool @go(StdinOnce) @protobuf(17,varint,opt) + + // Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. + // Default is false. + // +optional + tty?: bool @go(TTY) @protobuf(18,varint,opt) +} + +// An EphemeralContainer is a temporary container that you may add to an existing Pod for +// user-initiated activities such as debugging. Ephemeral containers have no resource or +// scheduling guarantees, and they will not be restarted when they exit or when a Pod is +// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the +// Pod to exceed its resource allocation. +// +// To add an ephemeral container, use the ephemeralcontainers subresource of an existing +// Pod. Ephemeral containers may not be removed or restarted. +#EphemeralContainer: { + #EphemeralContainerCommon + + // If set, the name of the container from PodSpec that this ephemeral container targets. + // The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. + // If not set then the ephemeral container uses the namespaces configured in the Pod spec. + // + // The container runtime must implement support for this feature. If the runtime does not + // support namespace targeting then the result of setting this field is undefined. + // +optional + targetContainerName?: string @go(TargetContainerName) @protobuf(2,bytes,opt) +} + +// PodStatus represents information about the status of a pod. Status may trail the actual +// state of a system, especially if the node that hosts the pod cannot contact the control +// plane. +#PodStatus: { + // The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. + // The conditions array, the reason and message fields, and the individual container status + // arrays contain more detail about the pod's status. + // There are five possible phase values: + // + // Pending: The pod has been accepted by the Kubernetes system, but one or more of the + // container images has not been created. This includes time before being scheduled as + // well as time spent downloading images over the network, which could take a while. + // Running: The pod has been bound to a node, and all of the containers have been created. + // At least one container is still running, or is in the process of starting or restarting. + // Succeeded: All containers in the pod have terminated in success, and will not be restarted. + // Failed: All containers in the pod have terminated, and at least one container has + // terminated in failure. The container either exited with non-zero status or was terminated + // by the system. + // Unknown: For some reason the state of the pod could not be obtained, typically due to an + // error in communicating with the host of the pod. + // + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase + // +optional + phase?: #PodPhase @go(Phase) @protobuf(1,bytes,opt,casttype=PodPhase) + + // Current service state of pod. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#PodCondition] @go(Conditions,[]PodCondition) @protobuf(2,bytes,rep) + + // A human readable message indicating details about why the pod is in this condition. + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // A brief CamelCase message indicating details about why the pod is in this state. + // e.g. 'Evicted' + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be + // scheduled right away as preemption victims receive their graceful termination periods. + // This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide + // to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to + // give the resources on this node to a higher priority pod that is created after preemption. + // As a result, this field may be different than PodSpec.nodeName when the pod is + // scheduled. + // +optional + nominatedNodeName?: string @go(NominatedNodeName) @protobuf(11,bytes,opt) + + // hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. + // A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will + // not be updated even if there is a node is assigned to pod + // +optional + hostIP?: string @go(HostIP) @protobuf(5,bytes,opt) + + // hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must + // match the hostIP field. This list is empty if the pod has not started yet. + // A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will + // not be updated even if there is a node is assigned to this pod. + // +optional + // +patchStrategy=merge + // +patchMergeKey=ip + // +listType=atomic + hostIPs?: [...#HostIP] @go(HostIPs,[]HostIP) @protobuf(16,bytes,rep) + + // podIP address allocated to the pod. Routable at least within the cluster. + // Empty if not yet allocated. + // +optional + podIP?: string @go(PodIP) @protobuf(6,bytes,opt) + + // podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must + // match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list + // is empty if no IPs have been allocated yet. + // +optional + // +patchStrategy=merge + // +patchMergeKey=ip + podIPs?: [...#PodIP] @go(PodIPs,[]PodIP) @protobuf(12,bytes,rep) + + // RFC 3339 date and time at which the object was acknowledged by the Kubelet. + // This is before the Kubelet pulled the container image(s) for the pod. + // +optional + startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(7,bytes,opt) + + // The list has one entry per init container in the manifest. The most recent successful + // init container will have ready = true, the most recently started container will have + // startTime set. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status + initContainerStatuses?: [...#ContainerStatus] @go(InitContainerStatuses,[]ContainerStatus) @protobuf(10,bytes,rep) + + // The list has one entry per container in the manifest. + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status + // +optional + containerStatuses?: [...#ContainerStatus] @go(ContainerStatuses,[]ContainerStatus) @protobuf(8,bytes,rep) + + // The Quality of Service (QOS) classification assigned to the pod based on resource requirements + // See PodQOSClass type for available QOS classes + // More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes + // +optional + qosClass?: #PodQOSClass @go(QOSClass) @protobuf(9,bytes,rep) + + // Status for any ephemeral containers that have run in this pod. + // +optional + ephemeralContainerStatuses?: [...#ContainerStatus] @go(EphemeralContainerStatuses,[]ContainerStatus) @protobuf(13,bytes,rep) + + // Status of resources resize desired for pod's containers. + // It is empty if no resources resize is pending. + // Any changes to container resources will automatically set this to "Proposed" + // +featureGate=InPlacePodVerticalScaling + // +optional + resize?: #PodResizeStatus @go(Resize) @protobuf(14,bytes,opt,casttype=PodResizeStatus) + + // Status of resource claims. + // +patchMergeKey=name + // +patchStrategy=merge,retainKeys + // +listType=map + // +listMapKey=name + // +featureGate=DynamicResourceAllocation + // +optional + resourceClaimStatuses?: [...#PodResourceClaimStatus] @go(ResourceClaimStatuses,[]PodResourceClaimStatus) @protobuf(15,bytes,rep) +} + +// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded +#PodStatusResult: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Most recently observed status of the pod. + // This data may not be up to date. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #PodStatus @go(Status) @protobuf(2,bytes,opt) +} + +// Pod is a collection of containers that can run on a host. This resource is created +// by clients and scheduled onto hosts. +#Pod: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the pod. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the pod. + // This data may not be up to date. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #PodStatus @go(Status) @protobuf(3,bytes,opt) +} + +// PodList is a list of Pods. +#PodList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of pods. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md + items: [...#Pod] @go(Items,[]Pod) @protobuf(2,bytes,rep) +} + +// PodTemplateSpec describes the data a pod should have when created from a template +#PodTemplateSpec: { + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Specification of the desired behavior of the pod. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #PodSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// PodTemplate describes a template for creating copies of a predefined pod. +#PodTemplate: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Template defines the pods that will be created from this pod template. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + template?: #PodTemplateSpec @go(Template) @protobuf(2,bytes,opt) +} + +// PodTemplateList is a list of PodTemplates. +#PodTemplateList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of pod templates + items: [...#PodTemplate] @go(Items,[]PodTemplate) @protobuf(2,bytes,rep) +} + +// ReplicationControllerSpec is the specification of a replication controller. +#ReplicationControllerSpec: { + // Replicas is the number of desired replicas. + // This is a pointer to distinguish between explicit zero and unspecified. + // Defaults to 1. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller + // +optional + replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt) + + // Minimum number of seconds for which a newly created pod should be ready + // without any of its container crashing, for it to be considered available. + // Defaults to 0 (pod will be considered available as soon as it is ready) + // +optional + minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt) + + // Selector is a label query over pods that should match the Replicas count. + // If Selector is empty, it is defaulted to the labels present on the Pod template. + // Label keys and values that must match in order to be controlled by this replication + // controller, if empty defaulted to labels on Pod template. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + // +optional + // +mapType=atomic + selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) + + // Template is the object that describes the pod that will be created if + // insufficient replicas are detected. This takes precedence over a TemplateRef. + // The only allowed template.spec.restartPolicy value is "Always". + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template + // +optional + template?: null | #PodTemplateSpec @go(Template,*PodTemplateSpec) @protobuf(3,bytes,opt) +} + +// ReplicationControllerStatus represents the current status of a replication +// controller. +#ReplicationControllerStatus: { + // Replicas is the most recently observed number of replicas. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller + replicas: int32 @go(Replicas) @protobuf(1,varint,opt) + + // The number of pods that have labels matching the labels of the pod template of the replication controller. + // +optional + fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt) + + // The number of ready replicas for this replication controller. + // +optional + readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt) + + // The number of available replicas (ready for at least minReadySeconds) for this replication controller. + // +optional + availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt) + + // ObservedGeneration reflects the generation of the most recently observed replication controller. + // +optional + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) + + // Represents the latest available observations of a replication controller's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#ReplicationControllerCondition] @go(Conditions,[]ReplicationControllerCondition) @protobuf(6,bytes,rep) +} + +#ReplicationControllerConditionType: string // #enumReplicationControllerConditionType + +#enumReplicationControllerConditionType: + #ReplicationControllerReplicaFailure + +// ReplicationControllerReplicaFailure is added in a replication controller when one of its pods +// fails to be created due to insufficient quota, limit ranges, pod security policy, node selectors, +// etc. or deleted due to kubelet being down or finalizers are failing. +#ReplicationControllerReplicaFailure: #ReplicationControllerConditionType & "ReplicaFailure" + +// ReplicationControllerCondition describes the state of a replication controller at a certain point. +#ReplicationControllerCondition: { + // Type of replication controller condition. + type: #ReplicationControllerConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicationControllerConditionType) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // The last time the condition transitioned from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt) + + // The reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(4,bytes,opt) + + // A human readable message indicating details about the transition. + // +optional + message?: string @go(Message) @protobuf(5,bytes,opt) +} + +// ReplicationController represents the configuration of a replication controller. +#ReplicationController: { + metav1.#TypeMeta + + // If the Labels of a ReplicationController are empty, they are defaulted to + // be the same as the Pod(s) that the replication controller manages. + // Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the specification of the desired behavior of the replication controller. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ReplicationControllerSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status is the most recently observed status of the replication controller. + // This data may be out of date by some window of time. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ReplicationControllerStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ReplicationControllerList is a collection of replication controllers. +#ReplicationControllerList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of replication controllers. + // More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller + items: [...#ReplicationController] @go(Items,[]ReplicationController) @protobuf(2,bytes,rep) +} + +// Session Affinity Type string +// +enum +#ServiceAffinity: string // #enumServiceAffinity + +#enumServiceAffinity: + #ServiceAffinityClientIP | + #ServiceAffinityNone + +// ServiceAffinityClientIP is the Client IP based. +#ServiceAffinityClientIP: #ServiceAffinity & "ClientIP" + +// ServiceAffinityNone - no session affinity. +#ServiceAffinityNone: #ServiceAffinity & "None" + +#DefaultClientIPServiceAffinitySeconds: int32 & 10800 + +// SessionAffinityConfig represents the configurations of session affinity. +#SessionAffinityConfig: { + // clientIP contains the configurations of Client IP based session affinity. + // +optional + clientIP?: null | #ClientIPConfig @go(ClientIP,*ClientIPConfig) @protobuf(1,bytes,opt) +} + +// ClientIPConfig represents the configurations of Client IP based session affinity. +#ClientIPConfig: { + // timeoutSeconds specifies the seconds of ClientIP type session sticky time. + // The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + // Default value is 10800(for 3 hours). + // +optional + timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(1,varint,opt) +} + +// Service Type string describes ingress methods for a service +// +enum +#ServiceType: string // #enumServiceType + +#enumServiceType: + #ServiceTypeClusterIP | + #ServiceTypeNodePort | + #ServiceTypeLoadBalancer | + #ServiceTypeExternalName + +// ServiceTypeClusterIP means a service will only be accessible inside the +// cluster, via the cluster IP. +#ServiceTypeClusterIP: #ServiceType & "ClusterIP" + +// ServiceTypeNodePort means a service will be exposed on one port of +// every node, in addition to 'ClusterIP' type. +#ServiceTypeNodePort: #ServiceType & "NodePort" + +// ServiceTypeLoadBalancer means a service will be exposed via an +// external load balancer (if the cloud provider supports it), in addition +// to 'NodePort' type. +#ServiceTypeLoadBalancer: #ServiceType & "LoadBalancer" + +// ServiceTypeExternalName means a service consists of only a reference to +// an external name that kubedns or equivalent will return as a CNAME +// record, with no exposing or proxying of any pods involved. +#ServiceTypeExternalName: #ServiceType & "ExternalName" + +// ServiceInternalTrafficPolicy describes how nodes distribute service traffic they +// receive on the ClusterIP. +// +enum +#ServiceInternalTrafficPolicy: string // #enumServiceInternalTrafficPolicy + +#enumServiceInternalTrafficPolicy: + #ServiceInternalTrafficPolicyCluster | + #ServiceInternalTrafficPolicyLocal + +// ServiceInternalTrafficPolicyCluster routes traffic to all endpoints. +#ServiceInternalTrafficPolicyCluster: #ServiceInternalTrafficPolicy & "Cluster" + +// ServiceInternalTrafficPolicyLocal routes traffic only to endpoints on the same +// node as the client pod (dropping the traffic if there are no local endpoints). +#ServiceInternalTrafficPolicyLocal: #ServiceInternalTrafficPolicy & "Local" + +// for backwards compat +// +enum +#ServiceInternalTrafficPolicyType: #ServiceInternalTrafficPolicy // #enumServiceInternalTrafficPolicyType + +#enumServiceInternalTrafficPolicyType: + #ServiceInternalTrafficPolicyCluster | + #ServiceInternalTrafficPolicyLocal + +// ServiceExternalTrafficPolicy describes how nodes distribute service traffic they +// receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, +// and LoadBalancer IPs. +// +enum +#ServiceExternalTrafficPolicy: string // #enumServiceExternalTrafficPolicy + +#enumServiceExternalTrafficPolicy: + #ServiceExternalTrafficPolicyCluster | + #ServiceExternalTrafficPolicyLocal | + #ServiceExternalTrafficPolicyTypeLocal | + #ServiceExternalTrafficPolicyTypeCluster + +// ServiceExternalTrafficPolicyCluster routes traffic to all endpoints. +#ServiceExternalTrafficPolicyCluster: #ServiceExternalTrafficPolicy & "Cluster" + +// ServiceExternalTrafficPolicyLocal preserves the source IP of the traffic by +// routing only to endpoints on the same node as the traffic was received on +// (dropping the traffic if there are no local endpoints). +#ServiceExternalTrafficPolicyLocal: #ServiceExternalTrafficPolicy & "Local" + +// for backwards compat +// +enum +#ServiceExternalTrafficPolicyType: #ServiceExternalTrafficPolicy // #enumServiceExternalTrafficPolicyType + +#enumServiceExternalTrafficPolicyType: + #ServiceExternalTrafficPolicyCluster | + #ServiceExternalTrafficPolicyLocal | + #ServiceExternalTrafficPolicyTypeLocal | + #ServiceExternalTrafficPolicyTypeCluster + +#ServiceExternalTrafficPolicyTypeLocal: #ServiceExternalTrafficPolicy & "Local" +#ServiceExternalTrafficPolicyTypeCluster: #ServiceExternalTrafficPolicy & "Cluster" + +// LoadBalancerPortsError represents the condition of the requested ports +// on the cloud load balancer instance. +#LoadBalancerPortsError: "LoadBalancerPortsError" + +// LoadBalancerPortsErrorReason reason in ServiceStatus condition LoadBalancerPortsError +// means the LoadBalancer was not able to be configured correctly. +#LoadBalancerPortsErrorReason: "LoadBalancerMixedProtocolNotSupported" + +// ServiceStatus represents the current status of a service. +#ServiceStatus: { + // LoadBalancer contains the current status of the load-balancer, + // if one is present. + // +optional + loadBalancer?: #LoadBalancerStatus @go(LoadBalancer) @protobuf(1,bytes,opt) + + // Current service state + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + // +listType=map + // +listMapKey=type + conditions?: [...metav1.#Condition] @go(Conditions,[]metav1.Condition) @protobuf(2,bytes,rep) +} + +// LoadBalancerStatus represents the status of a load-balancer. +#LoadBalancerStatus: { + // Ingress is a list containing ingress points for the load-balancer. + // Traffic intended for the service should be sent to these ingress points. + // +optional + ingress?: [...#LoadBalancerIngress] @go(Ingress,[]LoadBalancerIngress) @protobuf(1,bytes,rep) +} + +// LoadBalancerIngress represents the status of a load-balancer ingress point: +// traffic intended for the service should be sent to an ingress point. +#LoadBalancerIngress: { + // IP is set for load-balancer ingress points that are IP based + // (typically GCE or OpenStack load-balancers) + // +optional + ip?: string @go(IP) @protobuf(1,bytes,opt) + + // Hostname is set for load-balancer ingress points that are DNS based + // (typically AWS load-balancers) + // +optional + hostname?: string @go(Hostname) @protobuf(2,bytes,opt) + + // Ports is a list of records of service ports + // If used, every port defined in the service should have an entry in it + // +listType=atomic + // +optional + ports?: [...#PortStatus] @go(Ports,[]PortStatus) @protobuf(4,bytes,rep) +} + +// IPFamily represents the IP Family (IPv4 or IPv6). This type is used +// to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). +// +enum +#IPFamily: string // #enumIPFamily + +#enumIPFamily: + #IPv4Protocol | + #IPv6Protocol + +// IPv4Protocol indicates that this IP is IPv4 protocol +#IPv4Protocol: #IPFamily & "IPv4" + +// IPv6Protocol indicates that this IP is IPv6 protocol +#IPv6Protocol: #IPFamily & "IPv6" + +// IPFamilyPolicy represents the dual-stack-ness requested or required by a Service +// +enum +#IPFamilyPolicy: string // #enumIPFamilyPolicy + +#enumIPFamilyPolicy: + #IPFamilyPolicySingleStack | + #IPFamilyPolicyPreferDualStack | + #IPFamilyPolicyRequireDualStack + +// IPFamilyPolicySingleStack indicates that this service is required to have a single IPFamily. +// The IPFamily assigned is based on the default IPFamily used by the cluster +// or as identified by service.spec.ipFamilies field +#IPFamilyPolicySingleStack: #IPFamilyPolicy & "SingleStack" + +// IPFamilyPolicyPreferDualStack indicates that this service prefers dual-stack when +// the cluster is configured for dual-stack. If the cluster is not configured +// for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not +// set in service.spec.ipFamilies then the service will be assigned the default IPFamily +// configured on the cluster +#IPFamilyPolicyPreferDualStack: #IPFamilyPolicy & "PreferDualStack" + +// IPFamilyPolicyRequireDualStack indicates that this service requires dual-stack. Using +// IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The +// IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If +// service.spec.ipFamilies was not provided then it will be assigned according to how they are +// configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative +// IPFamily will be added by apiserver +#IPFamilyPolicyRequireDualStack: #IPFamilyPolicy & "RequireDualStack" + +// for backwards compat +// +enum +#IPFamilyPolicyType: #IPFamilyPolicy // #enumIPFamilyPolicyType + +#enumIPFamilyPolicyType: + #IPFamilyPolicySingleStack | + #IPFamilyPolicyPreferDualStack | + #IPFamilyPolicyRequireDualStack + +// ServiceSpec describes the attributes that a user creates on a service. +#ServiceSpec: { + // The list of ports that are exposed by this service. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +patchMergeKey=port + // +patchStrategy=merge + // +listType=map + // +listMapKey=port + // +listMapKey=protocol + ports?: [...#ServicePort] @go(Ports,[]ServicePort) @protobuf(1,bytes,rep) + + // Route service traffic to pods with label keys and values matching this + // selector. If empty or not present, the service is assumed to have an + // external process managing its endpoints, which Kubernetes will not + // modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. + // Ignored if type is ExternalName. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/ + // +optional + // +mapType=atomic + selector?: {[string]: string} @go(Selector,map[string]string) @protobuf(2,bytes,rep) + + // clusterIP is the IP address of the service and is usually assigned + // randomly. If an address is specified manually, is in-range (as per + // system configuration), and is not in use, it will be allocated to the + // service; otherwise creation of the service will fail. This field may not + // be changed through updates unless the type field is also being changed + // to ExternalName (which requires this field to be blank) or the type + // field is being changed from ExternalName (in which case this field may + // optionally be specified, as describe above). Valid values are "None", + // empty string (""), or a valid IP address. Setting this to "None" makes a + // "headless service" (no virtual IP), which is useful when direct endpoint + // connections are preferred and proxying is not required. Only applies to + // types ClusterIP, NodePort, and LoadBalancer. If this field is specified + // when creating a Service of type ExternalName, creation will fail. This + // field will be wiped when updating a Service to type ExternalName. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +optional + clusterIP?: string @go(ClusterIP) @protobuf(3,bytes,opt) + + // ClusterIPs is a list of IP addresses assigned to this service, and are + // usually assigned randomly. If an address is specified manually, is + // in-range (as per system configuration), and is not in use, it will be + // allocated to the service; otherwise creation of the service will fail. + // This field may not be changed through updates unless the type field is + // also being changed to ExternalName (which requires this field to be + // empty) or the type field is being changed from ExternalName (in which + // case this field may optionally be specified, as describe above). Valid + // values are "None", empty string (""), or a valid IP address. Setting + // this to "None" makes a "headless service" (no virtual IP), which is + // useful when direct endpoint connections are preferred and proxying is + // not required. Only applies to types ClusterIP, NodePort, and + // LoadBalancer. If this field is specified when creating a Service of type + // ExternalName, creation will fail. This field will be wiped when updating + // a Service to type ExternalName. If this field is not specified, it will + // be initialized from the clusterIP field. If this field is specified, + // clients must ensure that clusterIPs[0] and clusterIP have the same + // value. + // + // This field may hold a maximum of two entries (dual-stack IPs, in either order). + // These IPs must correspond to the values of the ipFamilies field. Both + // clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +listType=atomic + // +optional + clusterIPs?: [...string] @go(ClusterIPs,[]string) @protobuf(18,bytes,opt) + + // type determines how the Service is exposed. Defaults to ClusterIP. Valid + // options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + // "ClusterIP" allocates a cluster-internal IP address for load-balancing + // to endpoints. Endpoints are determined by the selector or if that is not + // specified, by manual construction of an Endpoints object or + // EndpointSlice objects. If clusterIP is "None", no virtual IP is + // allocated and the endpoints are published as a set of endpoints rather + // than a virtual IP. + // "NodePort" builds on ClusterIP and allocates a port on every node which + // routes to the same endpoints as the clusterIP. + // "LoadBalancer" builds on NodePort and creates an external load-balancer + // (if supported in the current cloud) which routes to the same endpoints + // as the clusterIP. + // "ExternalName" aliases this service to the specified externalName. + // Several other fields do not apply to ExternalName services. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + // +optional + type?: #ServiceType @go(Type) @protobuf(4,bytes,opt,casttype=ServiceType) + + // externalIPs is a list of IP addresses for which nodes in the cluster + // will also accept traffic for this service. These IPs are not managed by + // Kubernetes. The user is responsible for ensuring that traffic arrives + // at a node with this IP. A common example is external load-balancers + // that are not part of the Kubernetes system. + // +optional + externalIPs?: [...string] @go(ExternalIPs,[]string) @protobuf(5,bytes,rep) + + // Supports "ClientIP" and "None". Used to maintain session affinity. + // Enable client IP based session affinity. + // Must be ClientIP or None. + // Defaults to None. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + // +optional + sessionAffinity?: #ServiceAffinity @go(SessionAffinity) @protobuf(7,bytes,opt,casttype=ServiceAffinity) + + // Only applies to Service Type: LoadBalancer. + // This feature depends on whether the underlying cloud-provider supports specifying + // the loadBalancerIP when a load balancer is created. + // This field will be ignored if the cloud-provider does not support the feature. + // Deprecated: This field was under-specified and its meaning varies across implementations. + // Using it is non-portable and it may not support dual-stack. + // Users are encouraged to use implementation-specific annotations when available. + // +optional + loadBalancerIP?: string @go(LoadBalancerIP) @protobuf(8,bytes,opt) + + // If specified and supported by the platform, this will restrict traffic through the cloud-provider + // load-balancer will be restricted to the specified client IPs. This field will be ignored if the + // cloud-provider does not support the feature." + // More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + // +optional + loadBalancerSourceRanges?: [...string] @go(LoadBalancerSourceRanges,[]string) @protobuf(9,bytes,opt) + + // externalName is the external reference that discovery mechanisms will + // return as an alias for this service (e.g. a DNS CNAME record). No + // proxying will be involved. Must be a lowercase RFC-1123 hostname + // (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + // +optional + externalName?: string @go(ExternalName) @protobuf(10,bytes,opt) + + // externalTrafficPolicy describes how nodes distribute service traffic they + // receive on one of the Service's "externally-facing" addresses (NodePorts, + // ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + // the service in a way that assumes that external load balancers will take care + // of balancing the service traffic between nodes, and so each node will deliver + // traffic only to the node-local endpoints of the service, without masquerading + // the client source IP. (Traffic mistakenly sent to a node with no endpoints will + // be dropped.) The default value, "Cluster", uses the standard behavior of + // routing to all endpoints evenly (possibly modified by topology and other + // features). Note that traffic sent to an External IP or LoadBalancer IP from + // within the cluster will always get "Cluster" semantics, but clients sending to + // a NodePort from within the cluster may need to take traffic policy into account + // when picking a node. + // +optional + externalTrafficPolicy?: #ServiceExternalTrafficPolicy @go(ExternalTrafficPolicy) @protobuf(11,bytes,opt) + + // healthCheckNodePort specifies the healthcheck nodePort for the service. + // This only applies when type is set to LoadBalancer and + // externalTrafficPolicy is set to Local. If a value is specified, is + // in-range, and is not in use, it will be used. If not specified, a value + // will be automatically allocated. External systems (e.g. load-balancers) + // can use this port to determine if a given node holds endpoints for this + // service or not. If this field is specified when creating a Service + // which does not need it, creation will fail. This field will be wiped + // when updating a Service to no longer need it (e.g. changing type). + // This field cannot be updated once set. + // +optional + healthCheckNodePort?: int32 @go(HealthCheckNodePort) @protobuf(12,bytes,opt) + + // publishNotReadyAddresses indicates that any agent which deals with endpoints for this + // Service should disregard any indications of ready/not-ready. + // The primary use case for setting this field is for a StatefulSet's Headless Service to + // propagate SRV DNS records for its Pods for the purpose of peer discovery. + // The Kubernetes controllers that generate Endpoints and EndpointSlice resources for + // Services interpret this to mean that all endpoints are considered "ready" even if the + // Pods themselves are not. Agents which consume only Kubernetes generated endpoints + // through the Endpoints or EndpointSlice resources can safely assume this behavior. + // +optional + publishNotReadyAddresses?: bool @go(PublishNotReadyAddresses) @protobuf(13,varint,opt) + + // sessionAffinityConfig contains the configurations of session affinity. + // +optional + sessionAffinityConfig?: null | #SessionAffinityConfig @go(SessionAffinityConfig,*SessionAffinityConfig) @protobuf(14,bytes,opt) + + // IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + // service. This field is usually assigned automatically based on cluster + // configuration and the ipFamilyPolicy field. If this field is specified + // manually, the requested family is available in the cluster, + // and ipFamilyPolicy allows it, it will be used; otherwise creation of + // the service will fail. This field is conditionally mutable: it allows + // for adding or removing a secondary IP family, but it does not allow + // changing the primary IP family of the Service. Valid values are "IPv4" + // and "IPv6". This field only applies to Services of types ClusterIP, + // NodePort, and LoadBalancer, and does apply to "headless" services. + // This field will be wiped when updating a Service to type ExternalName. + // + // This field may hold a maximum of two entries (dual-stack families, in + // either order). These families must correspond to the values of the + // clusterIPs field, if specified. Both clusterIPs and ipFamilies are + // governed by the ipFamilyPolicy field. + // +listType=atomic + // +optional + ipFamilies?: [...#IPFamily] @go(IPFamilies,[]IPFamily) @protobuf(19,bytes,opt,casttype=IPFamily) + + // IPFamilyPolicy represents the dual-stack-ness requested or required by + // this Service. If there is no value provided, then this field will be set + // to SingleStack. Services can be "SingleStack" (a single IP family), + // "PreferDualStack" (two IP families on dual-stack configured clusters or + // a single IP family on single-stack clusters), or "RequireDualStack" + // (two IP families on dual-stack configured clusters, otherwise fail). The + // ipFamilies and clusterIPs fields depend on the value of this field. This + // field will be wiped when updating a service to type ExternalName. + // +optional + ipFamilyPolicy?: null | #IPFamilyPolicy @go(IPFamilyPolicy,*IPFamilyPolicy) @protobuf(17,bytes,opt,casttype=IPFamilyPolicy) + + // allocateLoadBalancerNodePorts defines if NodePorts will be automatically + // allocated for services with type LoadBalancer. Default is "true". It + // may be set to "false" if the cluster load-balancer does not rely on + // NodePorts. If the caller requests specific NodePorts (by specifying a + // value), those requests will be respected, regardless of this field. + // This field may only be set for services with type LoadBalancer and will + // be cleared if the type is changed to any other type. + // +optional + allocateLoadBalancerNodePorts?: null | bool @go(AllocateLoadBalancerNodePorts,*bool) @protobuf(20,bytes,opt) + + // loadBalancerClass is the class of the load balancer implementation this Service belongs to. + // If specified, the value of this field must be a label-style identifier, with an optional prefix, + // e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + // This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + // balancer implementation is used, today this is typically done through the cloud provider integration, + // but should apply for any default implementation. If set, it is assumed that a load balancer + // implementation is watching for Services with a matching class. Any default load balancer + // implementation (e.g. cloud providers) should ignore Services that set this field. + // This field can only be set when creating or updating a Service to type 'LoadBalancer'. + // Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + // +optional + loadBalancerClass?: null | string @go(LoadBalancerClass,*string) @protobuf(21,bytes,opt) + + // InternalTrafficPolicy describes how nodes distribute service traffic they + // receive on the ClusterIP. If set to "Local", the proxy will assume that pods + // only want to talk to endpoints of the service on the same node as the pod, + // dropping the traffic if there are no local endpoints. The default value, + // "Cluster", uses the standard behavior of routing to all endpoints evenly + // (possibly modified by topology and other features). + // +optional + internalTrafficPolicy?: null | #ServiceInternalTrafficPolicy @go(InternalTrafficPolicy,*ServiceInternalTrafficPolicy) @protobuf(22,bytes,opt) +} + +// ServicePort contains information on service's port. +#ServicePort: { + // The name of this port within the service. This must be a DNS_LABEL. + // All ports within a ServiceSpec must have unique names. When considering + // the endpoints for a Service, this must match the 'name' field in the + // EndpointPort. + // Optional if only one ServicePort is defined on this service. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + // Default is TCP. + // +default="TCP" + // +optional + protocol?: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) + + // The application protocol for this port. + // This is used as a hint for implementations to offer richer behavior for protocols that they understand. + // This field follows standard Kubernetes label syntax. + // Valid values are either: + // + // * Un-prefixed protocol names - reserved for IANA standard service names (as per + // RFC-6335 and https://www.iana.org/assignments/service-names). + // + // * Kubernetes-defined prefixed names: + // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + // + // * Other protocols should use implementation-defined prefixed names such as + // mycompany.com/my-custom-protocol. + // +optional + appProtocol?: null | string @go(AppProtocol,*string) @protobuf(6,bytes,opt) + + // The port that will be exposed by this service. + port: int32 @go(Port) @protobuf(3,varint,opt) + + // Number or name of the port to access on the pods targeted by the service. + // Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + // If this is a string, it will be looked up as a named port in the + // target Pod's container ports. If this is not specified, the value + // of the 'port' field is used (an identity map). + // This field is ignored for services with clusterIP=None, and should be + // omitted or set equal to the 'port' field. + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + // +optional + targetPort?: intstr.#IntOrString @go(TargetPort) @protobuf(4,bytes,opt) + + // The port on each node on which this service is exposed when type is + // NodePort or LoadBalancer. Usually assigned by the system. If a value is + // specified, in-range, and not in use it will be used, otherwise the + // operation will fail. If not specified, a port will be allocated if this + // Service requires one. If this field is specified when creating a + // Service which does not need it, creation will fail. This field will be + // wiped when updating a Service to no longer need it (e.g. changing type + // from NodePort to ClusterIP). + // More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + // +optional + nodePort?: int32 @go(NodePort) @protobuf(5,varint,opt) +} + +// Service is a named abstraction of software service (for example, mysql) consisting of local port +// (for example 3306) that the proxy listens on, and the selector that determines which pods +// will answer requests sent through the proxy. +#Service: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the behavior of a service. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ServiceSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the service. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ServiceStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ClusterIPNone - do not assign a cluster IP +// no proxying required and no environment variables should be created for pods +#ClusterIPNone: "None" + +// ServiceList holds a list of services. +#ServiceList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of services + items: [...#Service] @go(Items,[]Service) @protobuf(2,bytes,rep) +} + +// ServiceAccount binds together: +// * a name, understood by users, and perhaps by peripheral systems, for an identity +// * a principal that can be authenticated and authorized +// * a set of secrets +#ServiceAccount: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. + // Pods are only limited to this list if this service account has a "kubernetes.io/enforce-mountable-secrets" annotation set to "true". + // This field should not be used to find auto-generated service account token secrets for use outside of pods. + // Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. + // More info: https://kubernetes.io/docs/concepts/configuration/secret + // +optional + // +patchMergeKey=name + // +patchStrategy=merge + secrets?: [...#ObjectReference] @go(Secrets,[]ObjectReference) @protobuf(2,bytes,rep) + + // ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images + // in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets + // can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. + // More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + // +optional + imagePullSecrets?: [...#LocalObjectReference] @go(ImagePullSecrets,[]LocalObjectReference) @protobuf(3,bytes,rep) + + // AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. + // Can be overridden at the pod level. + // +optional + automountServiceAccountToken?: null | bool @go(AutomountServiceAccountToken,*bool) @protobuf(4,varint,opt) +} + +// ServiceAccountList is a list of ServiceAccount objects +#ServiceAccountList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ServiceAccounts. + // More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + items: [...#ServiceAccount] @go(Items,[]ServiceAccount) @protobuf(2,bytes,rep) +} + +// Endpoints is a collection of endpoints that implement the actual service. Example: +// +// Name: "mysvc", +// Subsets: [ +// { +// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], +// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] +// }, +// { +// Addresses: [{"ip": "10.10.3.3"}], +// Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] +// }, +// ] +#Endpoints: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The set of all endpoints is the union of all subsets. Addresses are placed into + // subsets according to the IPs they share. A single address with multiple ports, + // some of which are ready and some of which are not (because they come from + // different containers) will result in the address being displayed in different + // subsets for the different ports. No address will appear in both Addresses and + // NotReadyAddresses in the same subset. + // Sets of addresses and ports that comprise a service. + // +optional + subsets?: [...#EndpointSubset] @go(Subsets,[]EndpointSubset) @protobuf(2,bytes,rep) +} + +// EndpointSubset is a group of addresses with a common set of ports. The +// expanded set of endpoints is the Cartesian product of Addresses x Ports. +// For example, given: +// +// { +// Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], +// Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] +// } +// +// The resulting set of endpoints can be viewed as: +// +// a: [ 10.10.1.1:8675, 10.10.2.2:8675 ], +// b: [ 10.10.1.1:309, 10.10.2.2:309 ] +#EndpointSubset: { + // IP addresses which offer the related ports that are marked as ready. These endpoints + // should be considered safe for load balancers and clients to utilize. + // +optional + addresses?: [...#EndpointAddress] @go(Addresses,[]EndpointAddress) @protobuf(1,bytes,rep) + + // IP addresses which offer the related ports but are not currently marked as ready + // because they have not yet finished starting, have recently failed a readiness check, + // or have recently failed a liveness check. + // +optional + notReadyAddresses?: [...#EndpointAddress] @go(NotReadyAddresses,[]EndpointAddress) @protobuf(2,bytes,rep) + + // Port numbers available on the related IP addresses. + // +optional + ports?: [...#EndpointPort] @go(Ports,[]EndpointPort) @protobuf(3,bytes,rep) +} + +// EndpointAddress is a tuple that describes single IP address. +// +structType=atomic +#EndpointAddress: { + // The IP of this endpoint. + // May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), + // or link-local multicast (224.0.0.0/24 or ff02::/16). + ip: string @go(IP) @protobuf(1,bytes,opt) + + // The Hostname of this endpoint + // +optional + hostname?: string @go(Hostname) @protobuf(3,bytes,opt) + + // Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node. + // +optional + nodeName?: null | string @go(NodeName,*string) @protobuf(4,bytes,opt) + + // Reference to object providing the endpoint. + // +optional + targetRef?: null | #ObjectReference @go(TargetRef,*ObjectReference) @protobuf(2,bytes,opt) +} + +// EndpointPort is a tuple that describes a single port. +// +structType=atomic +#EndpointPort: { + // The name of this port. This must match the 'name' field in the + // corresponding ServicePort. + // Must be a DNS_LABEL. + // Optional only if one port is defined. + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // The port number of the endpoint. + port: int32 @go(Port) @protobuf(2,varint,opt) + + // The IP protocol for this port. + // Must be UDP, TCP, or SCTP. + // Default is TCP. + // +optional + protocol?: #Protocol @go(Protocol) @protobuf(3,bytes,opt,casttype=Protocol) + + // The application protocol for this port. + // This is used as a hint for implementations to offer richer behavior for protocols that they understand. + // This field follows standard Kubernetes label syntax. + // Valid values are either: + // + // * Un-prefixed protocol names - reserved for IANA standard service names (as per + // RFC-6335 and https://www.iana.org/assignments/service-names). + // + // * Kubernetes-defined prefixed names: + // * 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540 + // * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + // * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + // + // * Other protocols should use implementation-defined prefixed names such as + // mycompany.com/my-custom-protocol. + // +optional + appProtocol?: null | string @go(AppProtocol,*string) @protobuf(4,bytes,opt) +} + +// EndpointsList is a list of endpoints. +#EndpointsList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of endpoints. + items: [...#Endpoints] @go(Items,[]Endpoints) @protobuf(2,bytes,rep) +} + +// NodeSpec describes the attributes that a node is created with. +#NodeSpec: { + // PodCIDR represents the pod IP range assigned to the node. + // +optional + podCIDR?: string @go(PodCIDR) @protobuf(1,bytes,opt) + + // podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this + // field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for + // each of IPv4 and IPv6. + // +optional + // +patchStrategy=merge + podCIDRs?: [...string] @go(PodCIDRs,[]string) @protobuf(7,bytes,opt) + + // ID of the node assigned by the cloud provider in the format: :// + // +optional + providerID?: string @go(ProviderID) @protobuf(3,bytes,opt) + + // Unschedulable controls node schedulability of new pods. By default, node is schedulable. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration + // +optional + unschedulable?: bool @go(Unschedulable) @protobuf(4,varint,opt) + + // If specified, the node's taints. + // +optional + taints?: [...#Taint] @go(Taints,[]Taint) @protobuf(5,bytes,opt) + + // Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed. + // +optional + configSource?: null | #NodeConfigSource @go(ConfigSource,*NodeConfigSource) @protobuf(6,bytes,opt) + + // Deprecated. Not all kubelets will set this field. Remove field after 1.13. + // see: https://issues.k8s.io/61966 + // +optional + externalID?: string @go(DoNotUseExternalID) @protobuf(2,bytes,opt) +} + +// NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. +// This API is deprecated since 1.22 +#NodeConfigSource: { + // ConfigMap is a reference to a Node's ConfigMap + configMap?: null | #ConfigMapNodeConfigSource @go(ConfigMap,*ConfigMapNodeConfigSource) @protobuf(2,bytes,opt) +} + +// ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. +// This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration +#ConfigMapNodeConfigSource: { + // Namespace is the metadata.namespace of the referenced ConfigMap. + // This field is required in all cases. + namespace: string @go(Namespace) @protobuf(1,bytes,opt) + + // Name is the metadata.name of the referenced ConfigMap. + // This field is required in all cases. + name: string @go(Name) @protobuf(2,bytes,opt) + + // UID is the metadata.UID of the referenced ConfigMap. + // This field is forbidden in Node.Spec, and required in Node.Status. + // +optional + uid?: types.#UID @go(UID) @protobuf(3,bytes,opt) + + // ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. + // This field is forbidden in Node.Spec, and required in Node.Status. + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) + + // KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure + // This field is required in all cases. + kubeletConfigKey: string @go(KubeletConfigKey) @protobuf(5,bytes,opt) +} + +// DaemonEndpoint contains information about a single Daemon endpoint. +#DaemonEndpoint: { + // Port number of the given endpoint. + Port: int32 @protobuf(1,varint,opt) +} + +// NodeDaemonEndpoints lists ports opened by daemons running on the Node. +#NodeDaemonEndpoints: { + // Endpoint on which Kubelet is listening. + // +optional + kubeletEndpoint?: #DaemonEndpoint @go(KubeletEndpoint) @protobuf(1,bytes,opt) +} + +// NodeSystemInfo is a set of ids/uuids to uniquely identify the node. +#NodeSystemInfo: { + // MachineID reported by the node. For unique machine identification + // in the cluster this field is preferred. Learn more from man(5) + // machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html + machineID: string @go(MachineID) @protobuf(1,bytes,opt) + + // SystemUUID reported by the node. For unique machine identification + // MachineID is preferred. This field is specific to Red Hat hosts + // https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid + systemUUID: string @go(SystemUUID) @protobuf(2,bytes,opt) + + // Boot ID reported by the node. + bootID: string @go(BootID) @protobuf(3,bytes,opt) + + // Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64). + kernelVersion: string @go(KernelVersion) @protobuf(4,bytes,opt) + + // OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)). + osImage: string @go(OSImage) @protobuf(5,bytes,opt) + + // ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2). + containerRuntimeVersion: string @go(ContainerRuntimeVersion) @protobuf(6,bytes,opt) + + // Kubelet Version reported by the node. + kubeletVersion: string @go(KubeletVersion) @protobuf(7,bytes,opt) + + // KubeProxy Version reported by the node. + kubeProxyVersion: string @go(KubeProxyVersion) @protobuf(8,bytes,opt) + + // The Operating System reported by the node + operatingSystem: string @go(OperatingSystem) @protobuf(9,bytes,opt) + + // The Architecture reported by the node + architecture: string @go(Architecture) @protobuf(10,bytes,opt) +} + +// NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource. +#NodeConfigStatus: { + // Assigned reports the checkpointed config the node will try to use. + // When Node.Spec.ConfigSource is updated, the node checkpoints the associated + // config payload to local disk, along with a record indicating intended + // config. The node refers to this record to choose its config checkpoint, and + // reports this record in Assigned. Assigned only updates in the status after + // the record has been checkpointed to disk. When the Kubelet is restarted, + // it tries to make the Assigned config the Active config by loading and + // validating the checkpointed payload identified by Assigned. + // +optional + assigned?: null | #NodeConfigSource @go(Assigned,*NodeConfigSource) @protobuf(1,bytes,opt) + + // Active reports the checkpointed config the node is actively using. + // Active will represent either the current version of the Assigned config, + // or the current LastKnownGood config, depending on whether attempting to use the + // Assigned config results in an error. + // +optional + active?: null | #NodeConfigSource @go(Active,*NodeConfigSource) @protobuf(2,bytes,opt) + + // LastKnownGood reports the checkpointed config the node will fall back to + // when it encounters an error attempting to use the Assigned config. + // The Assigned config becomes the LastKnownGood config when the node determines + // that the Assigned config is stable and correct. + // This is currently implemented as a 10-minute soak period starting when the local + // record of Assigned config is updated. If the Assigned config is Active at the end + // of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is + // reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, + // because the local default config is always assumed good. + // You should not make assumptions about the node's method of determining config stability + // and correctness, as this may change or become configurable in the future. + // +optional + lastKnownGood?: null | #NodeConfigSource @go(LastKnownGood,*NodeConfigSource) @protobuf(3,bytes,opt) + + // Error describes any problems reconciling the Spec.ConfigSource to the Active config. + // Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned + // record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting + // to load or validate the Assigned config, etc. + // Errors may occur at different points while syncing config. Earlier errors (e.g. download or + // checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across + // Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in + // a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error + // by fixing the config assigned in Spec.ConfigSource. + // You can find additional information for debugging by searching the error message in the Kubelet log. + // Error is a human-readable description of the error state; machines can check whether or not Error + // is empty, but should not rely on the stability of the Error text across Kubelet versions. + // +optional + error?: string @go(Error) @protobuf(4,bytes,opt) +} + +// NodeStatus is information about the current status of a node. +#NodeStatus: { + // Capacity represents the total resources of a node. + // More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity + // +optional + capacity?: #ResourceList @go(Capacity) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Allocatable represents the resources of a node that are available for scheduling. + // Defaults to Capacity. + // +optional + allocatable?: #ResourceList @go(Allocatable) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // NodePhase is the recently observed lifecycle phase of the node. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#phase + // The field is never populated, and now is deprecated. + // +optional + phase?: #NodePhase @go(Phase) @protobuf(3,bytes,opt,casttype=NodePhase) + + // Conditions is an array of current observed node conditions. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#condition + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#NodeCondition] @go(Conditions,[]NodeCondition) @protobuf(4,bytes,rep) + + // List of addresses reachable to the node. + // Queried from cloud provider, if available. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses + // Note: This field is declared as mergeable, but the merge key is not sufficiently + // unique, which can cause data corruption when it is merged. Callers should instead + // use a full-replacement patch. See https://pr.k8s.io/79391 for an example. + // Consumers should assume that addresses can change during the + // lifetime of a Node. However, there are some exceptions where this may not + // be possible, such as Pods that inherit a Node's address in its own status or + // consumers of the downward API (status.hostIP). + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + addresses?: [...#NodeAddress] @go(Addresses,[]NodeAddress) @protobuf(5,bytes,rep) + + // Endpoints of daemons running on the Node. + // +optional + daemonEndpoints?: #NodeDaemonEndpoints @go(DaemonEndpoints) @protobuf(6,bytes,opt) + + // Set of ids/uuids to uniquely identify the node. + // More info: https://kubernetes.io/docs/concepts/nodes/node/#info + // +optional + nodeInfo?: #NodeSystemInfo @go(NodeInfo) @protobuf(7,bytes,opt) + + // List of container images on this node + // +optional + images?: [...#ContainerImage] @go(Images,[]ContainerImage) @protobuf(8,bytes,rep) + + // List of attachable volumes in use (mounted) by the node. + // +optional + volumesInUse?: [...#UniqueVolumeName] @go(VolumesInUse,[]UniqueVolumeName) @protobuf(9,bytes,rep) + + // List of volumes that are attached to the node. + // +optional + volumesAttached?: [...#AttachedVolume] @go(VolumesAttached,[]AttachedVolume) @protobuf(10,bytes,rep) + + // Status of the config assigned to the node via the dynamic Kubelet config feature. + // +optional + config?: null | #NodeConfigStatus @go(Config,*NodeConfigStatus) @protobuf(11,bytes,opt) +} + +#UniqueVolumeName: string + +// AttachedVolume describes a volume attached to a node +#AttachedVolume: { + // Name of the attached volume + name: #UniqueVolumeName @go(Name) @protobuf(1,bytes,rep) + + // DevicePath represents the device path where the volume should be available + devicePath: string @go(DevicePath) @protobuf(2,bytes,rep) +} + +// AvoidPods describes pods that should avoid this node. This is the value for a +// Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and +// will eventually become a field of NodeStatus. +#AvoidPods: { + // Bounded-sized list of signatures of pods that should avoid this node, sorted + // in timestamp order from oldest to newest. Size of the slice is unspecified. + // +optional + preferAvoidPods?: [...#PreferAvoidPodsEntry] @go(PreferAvoidPods,[]PreferAvoidPodsEntry) @protobuf(1,bytes,rep) +} + +// Describes a class of pods that should avoid this node. +#PreferAvoidPodsEntry: { + // The class of pods. + podSignature: #PodSignature @go(PodSignature) @protobuf(1,bytes,opt) + + // Time at which this entry was added to the list. + // +optional + evictionTime?: metav1.#Time @go(EvictionTime) @protobuf(2,bytes,opt) + + // (brief) reason why this entry was added to the list. + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // Human readable message indicating why this entry was added to the list. + // +optional + message?: string @go(Message) @protobuf(4,bytes,opt) +} + +// Describes the class of pods that should avoid this node. +// Exactly one field should be set. +#PodSignature: { + // Reference to controller whose pods should avoid this node. + // +optional + podController?: null | metav1.#OwnerReference @go(PodController,*metav1.OwnerReference) @protobuf(1,bytes,opt) +} + +// Describe a container image +#ContainerImage: { + // Names by which this image is known. + // e.g. ["kubernetes.example/hyperkube:v1.0.7", "cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7"] + // +optional + names: [...string] @go(Names,[]string) @protobuf(1,bytes,rep) + + // The size of the image in bytes. + // +optional + sizeBytes?: int64 @go(SizeBytes) @protobuf(2,varint,opt) +} + +// +enum +#NodePhase: string // #enumNodePhase + +#enumNodePhase: + #NodePending | + #NodeRunning | + #NodeTerminated + +// NodePending means the node has been created/added by the system, but not configured. +#NodePending: #NodePhase & "Pending" + +// NodeRunning means the node has been configured and has Kubernetes components running. +#NodeRunning: #NodePhase & "Running" + +// NodeTerminated means the node has been removed from the cluster. +#NodeTerminated: #NodePhase & "Terminated" + +#NodeConditionType: string // #enumNodeConditionType + +#enumNodeConditionType: + #NodeReady | + #NodeMemoryPressure | + #NodeDiskPressure | + #NodePIDPressure | + #NodeNetworkUnavailable + +// NodeReady means kubelet is healthy and ready to accept pods. +#NodeReady: #NodeConditionType & "Ready" + +// NodeMemoryPressure means the kubelet is under pressure due to insufficient available memory. +#NodeMemoryPressure: #NodeConditionType & "MemoryPressure" + +// NodeDiskPressure means the kubelet is under pressure due to insufficient available disk. +#NodeDiskPressure: #NodeConditionType & "DiskPressure" + +// NodePIDPressure means the kubelet is under pressure due to insufficient available PID. +#NodePIDPressure: #NodeConditionType & "PIDPressure" + +// NodeNetworkUnavailable means that network for the node is not correctly configured. +#NodeNetworkUnavailable: #NodeConditionType & "NetworkUnavailable" + +// NodeCondition contains condition information for a node. +#NodeCondition: { + // Type of node condition. + type: #NodeConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NodeConditionType) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // Last time we got an update on a given condition. + // +optional + lastHeartbeatTime?: metav1.#Time @go(LastHeartbeatTime) @protobuf(3,bytes,opt) + + // Last time the condition transit from one status to another. + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // (brief) reason for the condition's last transition. + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // Human readable message indicating details about last transition. + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +#NodeAddressType: string // #enumNodeAddressType + +#enumNodeAddressType: + #NodeHostName | + #NodeInternalIP | + #NodeExternalIP | + #NodeInternalDNS | + #NodeExternalDNS + +// NodeHostName identifies a name of the node. Although every node can be assumed +// to have a NodeAddress of this type, its exact syntax and semantics are not +// defined, and are not consistent between different clusters. +#NodeHostName: #NodeAddressType & "Hostname" + +// NodeInternalIP identifies an IP address which is assigned to one of the node's +// network interfaces. Every node should have at least one address of this type. +// +// An internal IP is normally expected to be reachable from every other node, but +// may not be visible to hosts outside the cluster. By default it is assumed that +// kube-apiserver can reach node internal IPs, though it is possible to configure +// clusters where this is not the case. +// +// NodeInternalIP is the default type of node IP, and does not necessarily imply +// that the IP is ONLY reachable internally. If a node has multiple internal IPs, +// no specific semantics are assigned to the additional IPs. +#NodeInternalIP: #NodeAddressType & "InternalIP" + +// NodeExternalIP identifies an IP address which is, in some way, intended to be +// more usable from outside the cluster then an internal IP, though no specific +// semantics are defined. It may be a globally routable IP, though it is not +// required to be. +// +// External IPs may be assigned directly to an interface on the node, like a +// NodeInternalIP, or alternatively, packets sent to the external IP may be NAT'ed +// to an internal node IP rather than being delivered directly (making the IP less +// efficient for node-to-node traffic than a NodeInternalIP). +#NodeExternalIP: #NodeAddressType & "ExternalIP" + +// NodeInternalDNS identifies a DNS name which resolves to an IP address which has +// the characteristics of a NodeInternalIP. The IP it resolves to may or may not +// be a listed NodeInternalIP address. +#NodeInternalDNS: #NodeAddressType & "InternalDNS" + +// NodeExternalDNS identifies a DNS name which resolves to an IP address which has +// the characteristics of a NodeExternalIP. The IP it resolves to may or may not +// be a listed NodeExternalIP address. +#NodeExternalDNS: #NodeAddressType & "ExternalDNS" + +// NodeAddress contains information for the node's address. +#NodeAddress: { + // Node address type, one of Hostname, ExternalIP or InternalIP. + type: #NodeAddressType @go(Type) @protobuf(1,bytes,opt,casttype=NodeAddressType) + + // The node address. + address: string @go(Address) @protobuf(2,bytes,opt) +} + +// ResourceName is the name identifying various resources in a ResourceList. +#ResourceName: string // #enumResourceName + +#enumResourceName: + #ResourceCPU | + #ResourceMemory | + #ResourceStorage | + #ResourceEphemeralStorage | + #ResourcePods | + #ResourceServices | + #ResourceReplicationControllers | + #ResourceQuotas | + #ResourceSecrets | + #ResourceConfigMaps | + #ResourcePersistentVolumeClaims | + #ResourceServicesNodePorts | + #ResourceServicesLoadBalancers | + #ResourceRequestsCPU | + #ResourceRequestsMemory | + #ResourceRequestsStorage | + #ResourceRequestsEphemeralStorage | + #ResourceLimitsCPU | + #ResourceLimitsMemory | + #ResourceLimitsEphemeralStorage + +// CPU, in cores. (500m = .5 cores) +#ResourceCPU: #ResourceName & "cpu" + +// Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceMemory: #ResourceName & "memory" + +// Volume size, in bytes (e,g. 5Gi = 5GiB = 5 * 1024 * 1024 * 1024) +#ResourceStorage: #ResourceName & "storage" + +// Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +// The resource name for ResourceEphemeralStorage is alpha and it can change across releases. +#ResourceEphemeralStorage: #ResourceName & "ephemeral-storage" + +// Default namespace prefix. +#ResourceDefaultNamespacePrefix: "kubernetes.io/" + +// Name prefix for huge page resources (alpha). +#ResourceHugePagesPrefix: "hugepages-" + +// Name prefix for storage resource limits +#ResourceAttachableVolumesPrefix: "attachable-volumes-" + +// ResourceList is a set of (resource name, quantity) pairs. +#ResourceList: {[string]: resource.#Quantity} + +// Node is a worker node in Kubernetes. +// Each node will have a unique identifier in the cache (i.e. in etcd). +#Node: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the behavior of a node. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #NodeSpec @go(Spec) @protobuf(2,bytes,opt) + + // Most recently observed status of the node. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #NodeStatus @go(Status) @protobuf(3,bytes,opt) +} + +// NodeList is the whole list of all Nodes which have been registered with master. +#NodeList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of nodes + items: [...#Node] @go(Items,[]Node) @protobuf(2,bytes,rep) +} + +// FinalizerName is the name identifying a finalizer during namespace lifecycle. +#FinalizerName: string // #enumFinalizerName + +#enumFinalizerName: + #FinalizerKubernetes + +#FinalizerKubernetes: #FinalizerName & "kubernetes" + +// NamespaceSpec describes the attributes on a Namespace. +#NamespaceSpec: { + // Finalizers is an opaque list of values that must be empty to permanently remove object from storage. + // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ + // +optional + finalizers?: [...#FinalizerName] @go(Finalizers,[]FinalizerName) @protobuf(1,bytes,rep,casttype=FinalizerName) +} + +// NamespaceStatus is information about the current status of a Namespace. +#NamespaceStatus: { + // Phase is the current lifecycle phase of the namespace. + // More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/ + // +optional + phase?: #NamespacePhase @go(Phase) @protobuf(1,bytes,opt,casttype=NamespacePhase) + + // Represents the latest available observations of a namespace's current state. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#NamespaceCondition] @go(Conditions,[]NamespaceCondition) @protobuf(2,bytes,rep) +} + +// +enum +#NamespacePhase: string // #enumNamespacePhase + +#enumNamespacePhase: + #NamespaceActive | + #NamespaceTerminating + +// NamespaceActive means the namespace is available for use in the system +#NamespaceActive: #NamespacePhase & "Active" + +// NamespaceTerminating means the namespace is undergoing graceful termination +#NamespaceTerminating: #NamespacePhase & "Terminating" + +// NamespaceTerminatingCause is returned as a defaults.cause item when a change is +// forbidden due to the namespace being terminated. +#NamespaceTerminatingCause: metav1.#CauseType & "NamespaceTerminating" + +#NamespaceConditionType: string // #enumNamespaceConditionType + +#enumNamespaceConditionType: + #NamespaceDeletionDiscoveryFailure | + #NamespaceDeletionContentFailure | + #NamespaceDeletionGVParsingFailure | + #NamespaceContentRemaining | + #NamespaceFinalizersRemaining + +// NamespaceDeletionDiscoveryFailure contains information about namespace deleter errors during resource discovery. +#NamespaceDeletionDiscoveryFailure: #NamespaceConditionType & "NamespaceDeletionDiscoveryFailure" + +// NamespaceDeletionContentFailure contains information about namespace deleter errors during deletion of resources. +#NamespaceDeletionContentFailure: #NamespaceConditionType & "NamespaceDeletionContentFailure" + +// NamespaceDeletionGVParsingFailure contains information about namespace deleter errors parsing GV for legacy types. +#NamespaceDeletionGVParsingFailure: #NamespaceConditionType & "NamespaceDeletionGroupVersionParsingFailure" + +// NamespaceContentRemaining contains information about resources remaining in a namespace. +#NamespaceContentRemaining: #NamespaceConditionType & "NamespaceContentRemaining" + +// NamespaceFinalizersRemaining contains information about which finalizers are on resources remaining in a namespace. +#NamespaceFinalizersRemaining: #NamespaceConditionType & "NamespaceFinalizersRemaining" + +// NamespaceCondition contains details about state of namespace. +#NamespaceCondition: { + // Type of namespace controller condition. + type: #NamespaceConditionType @go(Type) @protobuf(1,bytes,opt,casttype=NamespaceConditionType) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // +optional + lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // +optional + reason?: string @go(Reason) @protobuf(5,bytes,opt) + + // +optional + message?: string @go(Message) @protobuf(6,bytes,opt) +} + +// Namespace provides a scope for Names. +// Use of multiple namespaces is optional. +#Namespace: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the behavior of the Namespace. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #NamespaceSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status describes the current status of a Namespace. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #NamespaceStatus @go(Status) @protobuf(3,bytes,opt) +} + +// NamespaceList is a list of Namespaces. +#NamespaceList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of Namespace objects in the list. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + items: [...#Namespace] @go(Items,[]Namespace) @protobuf(2,bytes,rep) +} + +// Binding ties one object to another; for example, a pod is bound to a node by a scheduler. +// Deprecated in 1.7, please use the bindings subresource of pods instead. +#Binding: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The target object that you want to bind to the standard object. + target: #ObjectReference @go(Target) @protobuf(2,bytes,opt) +} + +// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. +// +k8s:openapi-gen=false +#Preconditions: { + // Specifies the target UID. + // +optional + uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) +} + +// PodLogOptions is the query options for a Pod's logs REST call. +#PodLogOptions: { + metav1.#TypeMeta + + // The container for which to stream logs. Defaults to only container if there is one container in the pod. + // +optional + container?: string @go(Container) @protobuf(1,bytes,opt) + + // Follow the log stream of the pod. Defaults to false. + // +optional + follow?: bool @go(Follow) @protobuf(2,varint,opt) + + // Return previous terminated container logs. Defaults to false. + // +optional + previous?: bool @go(Previous) @protobuf(3,varint,opt) + + // A relative time in seconds before the current time from which to show logs. If this value + // precedes the time a pod was started, only logs since the pod start will be returned. + // If this value is in the future, no logs will be returned. + // Only one of sinceSeconds or sinceTime may be specified. + // +optional + sinceSeconds?: null | int64 @go(SinceSeconds,*int64) @protobuf(4,varint,opt) + + // An RFC3339 timestamp from which to show logs. If this value + // precedes the time a pod was started, only logs since the pod start will be returned. + // If this value is in the future, no logs will be returned. + // Only one of sinceSeconds or sinceTime may be specified. + // +optional + sinceTime?: null | metav1.#Time @go(SinceTime,*metav1.Time) @protobuf(5,bytes,opt) + + // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line + // of log output. Defaults to false. + // +optional + timestamps?: bool @go(Timestamps) @protobuf(6,varint,opt) + + // If set, the number of lines from the end of the logs to show. If not specified, + // logs are shown from the creation of the container or sinceSeconds or sinceTime + // +optional + tailLines?: null | int64 @go(TailLines,*int64) @protobuf(7,varint,opt) + + // If set, the number of bytes to read from the server before terminating the + // log output. This may not display a complete final line of logging, and may return + // slightly more or slightly less than the specified limit. + // +optional + limitBytes?: null | int64 @go(LimitBytes,*int64) @protobuf(8,varint,opt) + + // insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the + // serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver + // and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real + // kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the + // connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept + // the actual log data coming from the real kubelet). + // +optional + insecureSkipTLSVerifyBackend?: bool @go(InsecureSkipTLSVerifyBackend) @protobuf(9,varint,opt) +} + +// PodAttachOptions is the query options to a Pod's remote attach call. +// --- +// TODO: merge w/ PodExecOptions below for stdin, stdout, etc +// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY +#PodAttachOptions: { + metav1.#TypeMeta + + // Stdin if true, redirects the standard input stream of the pod for this call. + // Defaults to false. + // +optional + stdin?: bool @go(Stdin) @protobuf(1,varint,opt) + + // Stdout if true indicates that stdout is to be redirected for the attach call. + // Defaults to true. + // +optional + stdout?: bool @go(Stdout) @protobuf(2,varint,opt) + + // Stderr if true indicates that stderr is to be redirected for the attach call. + // Defaults to true. + // +optional + stderr?: bool @go(Stderr) @protobuf(3,varint,opt) + + // TTY if true indicates that a tty will be allocated for the attach call. + // This is passed through the container runtime so the tty + // is allocated on the worker node by the container runtime. + // Defaults to false. + // +optional + tty?: bool @go(TTY) @protobuf(4,varint,opt) + + // The container in which to execute the command. + // Defaults to only container if there is only one container in the pod. + // +optional + container?: string @go(Container) @protobuf(5,bytes,opt) +} + +// PodExecOptions is the query options to a Pod's remote exec call. +// --- +// TODO: This is largely identical to PodAttachOptions above, make sure they stay in sync and see about merging +// and also when we cut V2, we should export a "StreamOptions" or somesuch that contains Stdin, Stdout, Stder and TTY +#PodExecOptions: { + metav1.#TypeMeta + + // Redirect the standard input stream of the pod for this call. + // Defaults to false. + // +optional + stdin?: bool @go(Stdin) @protobuf(1,varint,opt) + + // Redirect the standard output stream of the pod for this call. + // +optional + stdout?: bool @go(Stdout) @protobuf(2,varint,opt) + + // Redirect the standard error stream of the pod for this call. + // +optional + stderr?: bool @go(Stderr) @protobuf(3,varint,opt) + + // TTY if true indicates that a tty will be allocated for the exec call. + // Defaults to false. + // +optional + tty?: bool @go(TTY) @protobuf(4,varint,opt) + + // Container in which to execute the command. + // Defaults to only container if there is only one container in the pod. + // +optional + container?: string @go(Container) @protobuf(5,bytes,opt) + + // Command is the remote command to execute. argv array. Not executed within a shell. + command: [...string] @go(Command,[]string) @protobuf(6,bytes,rep) +} + +// PodPortForwardOptions is the query options to a Pod's port forward call +// when using WebSockets. +// The `port` query parameter must specify the port or +// ports (comma separated) to forward over. +// Port forwarding over SPDY does not use these options. It requires the port +// to be passed in the `port` header as part of request. +#PodPortForwardOptions: { + metav1.#TypeMeta + + // List of ports to forward + // Required when using WebSockets + // +optional + ports?: [...int32] @go(Ports,[]int32) @protobuf(1,varint,rep) +} + +// PodProxyOptions is the query options to a Pod's proxy call. +#PodProxyOptions: { + metav1.#TypeMeta + + // Path is the URL path to use for the current proxy request to pod. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) +} + +// NodeProxyOptions is the query options to a Node's proxy call. +#NodeProxyOptions: { + metav1.#TypeMeta + + // Path is the URL path to use for the current proxy request to node. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) +} + +// ServiceProxyOptions is the query options to a Service's proxy call. +#ServiceProxyOptions: { + metav1.#TypeMeta + + // Path is the part of URLs that include service endpoints, suffixes, + // and parameters to use for the current proxy request to service. + // For example, the whole request URL is + // http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. + // Path is _search?q=user:kimchy. + // +optional + path?: string @go(Path) @protobuf(1,bytes,opt) +} + +// ObjectReference contains enough information to let you inspect or modify the referred object. +// --- +// New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. +// 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. +// 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular +// restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". +// Those cannot be well described when embedded. +// 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. +// 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity +// during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple +// and the version of the actual struct is irrelevant. +// 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type +// will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. +// +// Instead of using this type, create a locally provided and used type that is well-focused on your reference. +// For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +structType=atomic +#ObjectReference: { + // Kind of the referent. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + kind?: string @go(Kind) @protobuf(1,bytes,opt) + + // Namespace of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + // +optional + namespace?: string @go(Namespace) @protobuf(2,bytes,opt) + + // Name of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + // +optional + name?: string @go(Name) @protobuf(3,bytes,opt) + + // UID of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + // +optional + uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // API version of the referent. + // +optional + apiVersion?: string @go(APIVersion) @protobuf(5,bytes,opt) + + // Specific resourceVersion to which this reference is made, if any. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) + + // If referring to a piece of an object instead of an entire object, this string + // should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + // For example, if the object reference is to a container within a pod, this would take on a value like: + // "spec.containers{name}" (where "name" refers to the name of the container that triggered + // the event) or if no container name is specified "spec.containers[2]" (container with + // index 2 in this pod). This syntax is chosen only to have some well-defined way of + // referencing a part of an object. + // TODO: this design is not final and this field is subject to change in the future. + // +optional + fieldPath?: string @go(FieldPath) @protobuf(7,bytes,opt) +} + +// LocalObjectReference contains enough information to let you locate the +// referenced object inside the same namespace. +// +structType=atomic +#LocalObjectReference: { + // Name of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + // TODO: Add other useful fields. apiVersion, kind, uid? + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) +} + +// TypedLocalObjectReference contains enough information to let you locate the +// typed referenced object inside the same namespace. +// +structType=atomic +#TypedLocalObjectReference: { + // APIGroup is the group for the resource being referenced. + // If APIGroup is not specified, the specified Kind must be in the core API group. + // For any other third-party types, APIGroup is required. + // +optional + apiGroup?: null | string @go(APIGroup,*string) @protobuf(1,bytes,opt) + + // Kind is the type of resource being referenced + kind: string @go(Kind) @protobuf(2,bytes,opt) + + // Name is the name of resource being referenced + name: string @go(Name) @protobuf(3,bytes,opt) +} + +// SerializedReference is a reference to serialized object. +#SerializedReference: { + metav1.#TypeMeta + + // The reference to an object in the system. + // +optional + reference?: #ObjectReference @go(Reference) @protobuf(1,bytes,opt) +} + +// EventSource contains information for an event. +#EventSource: { + // Component from which the event is generated. + // +optional + component?: string @go(Component) @protobuf(1,bytes,opt) + + // Node name on which the event is generated. + // +optional + host?: string @go(Host) @protobuf(2,bytes,opt) +} + +// Information only and will not cause any problems +#EventTypeNormal: "Normal" + +// These events are to warn that something might go wrong +#EventTypeWarning: "Warning" + +// Event is a report of an event somewhere in the cluster. Events +// have a limited retention time and triggers and messages may evolve +// with time. Event consumers should not rely on the timing of an event +// with a given Reason reflecting a consistent underlying trigger, or the +// continued existence of events with that Reason. Events should be +// treated as informative, best-effort, supplemental data. +#Event: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metadata: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // The object that this event is about. + involvedObject: #ObjectReference @go(InvolvedObject) @protobuf(2,bytes,opt) + + // This should be a short, machine understandable string that gives the reason + // for the transition into the object's current status. + // TODO: provide exact specification for format. + // +optional + reason?: string @go(Reason) @protobuf(3,bytes,opt) + + // A human-readable description of the status of this operation. + // TODO: decide on maximum length. + // +optional + message?: string @go(Message) @protobuf(4,bytes,opt) + + // The component reporting this event. Should be a short machine understandable string. + // +optional + source?: #EventSource @go(Source) @protobuf(5,bytes,opt) + + // The time at which the event was first recorded. (Time of server receipt is in TypeMeta.) + // +optional + firstTimestamp?: metav1.#Time @go(FirstTimestamp) @protobuf(6,bytes,opt) + + // The time at which the most recent occurrence of this event was recorded. + // +optional + lastTimestamp?: metav1.#Time @go(LastTimestamp) @protobuf(7,bytes,opt) + + // The number of times this event has occurred. + // +optional + count?: int32 @go(Count) @protobuf(8,varint,opt) + + // Type of this event (Normal, Warning), new types could be added in the future + // +optional + type?: string @go(Type) @protobuf(9,bytes,opt) + + // Time when this Event was first observed. + // +optional + eventTime?: metav1.#MicroTime @go(EventTime) @protobuf(10,bytes,opt) + + // Data about the Event series this event represents or nil if it's a singleton Event. + // +optional + series?: null | #EventSeries @go(Series,*EventSeries) @protobuf(11,bytes,opt) + + // What action was taken/failed regarding to the Regarding object. + // +optional + action?: string @go(Action) @protobuf(12,bytes,opt) + + // Optional secondary object for more complex actions. + // +optional + related?: null | #ObjectReference @go(Related,*ObjectReference) @protobuf(13,bytes,opt) + + // Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`. + // +optional + reportingComponent: string @go(ReportingController) @protobuf(14,bytes,opt) + + // ID of the controller instance, e.g. `kubelet-xyzf`. + // +optional + reportingInstance: string @go(ReportingInstance) @protobuf(15,bytes,opt) +} + +// EventSeries contain information on series of events, i.e. thing that was/is happening +// continuously for some time. +#EventSeries: { + // Number of occurrences in this series up to the last heartbeat time + count?: int32 @go(Count) @protobuf(1,varint) + + // Time of the last occurrence observed + lastObservedTime?: metav1.#MicroTime @go(LastObservedTime) @protobuf(2,bytes) +} + +// EventList is a list of events. +#EventList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of events + items: [...#Event] @go(Items,[]Event) @protobuf(2,bytes,rep) +} + +// List holds a list of objects, which may not be known by the server. +#List: metav1.#List + +// LimitType is a type of object that is limited. It can be Pod, Container, PersistentVolumeClaim or +// a fully qualified resource name. +#LimitType: string // #enumLimitType + +#enumLimitType: + #LimitTypePod | + #LimitTypeContainer | + #LimitTypePersistentVolumeClaim + +// Limit that applies to all pods in a namespace +#LimitTypePod: #LimitType & "Pod" + +// Limit that applies to all containers in a namespace +#LimitTypeContainer: #LimitType & "Container" + +// Limit that applies to all persistent volume claims in a namespace +#LimitTypePersistentVolumeClaim: #LimitType & "PersistentVolumeClaim" + +// LimitRangeItem defines a min/max usage limit for any resource that matches on kind. +#LimitRangeItem: { + // Type of resource that this limit applies to. + type: #LimitType @go(Type) @protobuf(1,bytes,opt,casttype=LimitType) + + // Max usage constraints on this kind by resource name. + // +optional + max?: #ResourceList @go(Max) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Min usage constraints on this kind by resource name. + // +optional + min?: #ResourceList @go(Min) @protobuf(3,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Default resource requirement limit value by resource name if resource limit is omitted. + // +optional + default?: #ResourceList @go(Default) @protobuf(4,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. + // +optional + defaultRequest?: #ResourceList @go(DefaultRequest) @protobuf(5,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. + // +optional + maxLimitRequestRatio?: #ResourceList @go(MaxLimitRequestRatio) @protobuf(6,bytes,rep,casttype=ResourceList,castkey=ResourceName) +} + +// LimitRangeSpec defines a min/max usage limit for resources that match on kind. +#LimitRangeSpec: { + // Limits is the list of LimitRangeItem objects that are enforced. + limits: [...#LimitRangeItem] @go(Limits,[]LimitRangeItem) @protobuf(1,bytes,rep) +} + +// LimitRange sets resource usage limits for each kind of resource in a Namespace. +#LimitRange: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the limits enforced. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #LimitRangeSpec @go(Spec) @protobuf(2,bytes,opt) +} + +// LimitRangeList is a list of LimitRange items. +#LimitRangeList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of LimitRange objects. + // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + items: [...#LimitRange] @go(Items,[]LimitRange) @protobuf(2,bytes,rep) +} + +// Pods, number +#ResourcePods: #ResourceName & "pods" + +// Services, number +#ResourceServices: #ResourceName & "services" + +// ReplicationControllers, number +#ResourceReplicationControllers: #ResourceName & "replicationcontrollers" + +// ResourceQuotas, number +#ResourceQuotas: #ResourceName & "resourcequotas" + +// ResourceSecrets, number +#ResourceSecrets: #ResourceName & "secrets" + +// ResourceConfigMaps, number +#ResourceConfigMaps: #ResourceName & "configmaps" + +// ResourcePersistentVolumeClaims, number +#ResourcePersistentVolumeClaims: #ResourceName & "persistentvolumeclaims" + +// ResourceServicesNodePorts, number +#ResourceServicesNodePorts: #ResourceName & "services.nodeports" + +// ResourceServicesLoadBalancers, number +#ResourceServicesLoadBalancers: #ResourceName & "services.loadbalancers" + +// CPU request, in cores. (500m = .5 cores) +#ResourceRequestsCPU: #ResourceName & "requests.cpu" + +// Memory request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceRequestsMemory: #ResourceName & "requests.memory" + +// Storage request, in bytes +#ResourceRequestsStorage: #ResourceName & "requests.storage" + +// Local ephemeral storage request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceRequestsEphemeralStorage: #ResourceName & "requests.ephemeral-storage" + +// CPU limit, in cores. (500m = .5 cores) +#ResourceLimitsCPU: #ResourceName & "limits.cpu" + +// Memory limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceLimitsMemory: #ResourceName & "limits.memory" + +// Local ephemeral storage limit, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +#ResourceLimitsEphemeralStorage: #ResourceName & "limits.ephemeral-storage" + +// HugePages request, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) +// As burst is not supported for HugePages, we would only quota its request, and ignore the limit. +#ResourceRequestsHugePagesPrefix: "requests.hugepages-" + +// Default resource requests prefix +#DefaultResourceRequestsPrefix: "requests." + +// A ResourceQuotaScope defines a filter that must match each object tracked by a quota +// +enum +#ResourceQuotaScope: string // #enumResourceQuotaScope + +#enumResourceQuotaScope: + #ResourceQuotaScopeTerminating | + #ResourceQuotaScopeNotTerminating | + #ResourceQuotaScopeBestEffort | + #ResourceQuotaScopeNotBestEffort | + #ResourceQuotaScopePriorityClass | + #ResourceQuotaScopeCrossNamespacePodAffinity + +// Match all pod objects where spec.activeDeadlineSeconds >=0 +#ResourceQuotaScopeTerminating: #ResourceQuotaScope & "Terminating" + +// Match all pod objects where spec.activeDeadlineSeconds is nil +#ResourceQuotaScopeNotTerminating: #ResourceQuotaScope & "NotTerminating" + +// Match all pod objects that have best effort quality of service +#ResourceQuotaScopeBestEffort: #ResourceQuotaScope & "BestEffort" + +// Match all pod objects that do not have best effort quality of service +#ResourceQuotaScopeNotBestEffort: #ResourceQuotaScope & "NotBestEffort" + +// Match all pod objects that have priority class mentioned +#ResourceQuotaScopePriorityClass: #ResourceQuotaScope & "PriorityClass" + +// Match all pod objects that have cross-namespace pod (anti)affinity mentioned. +#ResourceQuotaScopeCrossNamespacePodAffinity: #ResourceQuotaScope & "CrossNamespacePodAffinity" + +// ResourceQuotaSpec defines the desired hard limits to enforce for Quota. +#ResourceQuotaSpec: { + // hard is the set of desired hard limits for each named resource. + // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + // +optional + hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // A collection of filters that must match each object tracked by a quota. + // If not specified, the quota matches all objects. + // +optional + scopes?: [...#ResourceQuotaScope] @go(Scopes,[]ResourceQuotaScope) @protobuf(2,bytes,rep,casttype=ResourceQuotaScope) + + // scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota + // but expressed using ScopeSelectorOperator in combination with possible values. + // For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + // +optional + scopeSelector?: null | #ScopeSelector @go(ScopeSelector,*ScopeSelector) @protobuf(3,bytes,opt) +} + +// A scope selector represents the AND of the selectors represented +// by the scoped-resource selector requirements. +// +structType=atomic +#ScopeSelector: { + // A list of scope selector requirements by scope of the resources. + // +optional + matchExpressions?: [...#ScopedResourceSelectorRequirement] @go(MatchExpressions,[]ScopedResourceSelectorRequirement) @protobuf(1,bytes,rep) +} + +// A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator +// that relates the scope name and values. +#ScopedResourceSelectorRequirement: { + // The name of the scope that the selector applies to. + scopeName: #ResourceQuotaScope @go(ScopeName) @protobuf(1,bytes,opt) + + // Represents a scope's relationship to a set of values. + // Valid operators are In, NotIn, Exists, DoesNotExist. + operator: #ScopeSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=ScopedResourceSelectorOperator) + + // An array of string values. If the operator is In or NotIn, + // the values array must be non-empty. If the operator is Exists or DoesNotExist, + // the values array must be empty. + // This array is replaced during a strategic merge patch. + // +optional + values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) +} + +// A scope selector operator is the set of operators that can be used in +// a scope selector requirement. +// +enum +#ScopeSelectorOperator: string // #enumScopeSelectorOperator + +#enumScopeSelectorOperator: + #ScopeSelectorOpIn | + #ScopeSelectorOpNotIn | + #ScopeSelectorOpExists | + #ScopeSelectorOpDoesNotExist + +#ScopeSelectorOpIn: #ScopeSelectorOperator & "In" +#ScopeSelectorOpNotIn: #ScopeSelectorOperator & "NotIn" +#ScopeSelectorOpExists: #ScopeSelectorOperator & "Exists" +#ScopeSelectorOpDoesNotExist: #ScopeSelectorOperator & "DoesNotExist" + +// ResourceQuotaStatus defines the enforced hard limits and observed use. +#ResourceQuotaStatus: { + // Hard is the set of enforced hard limits for each named resource. + // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + // +optional + hard?: #ResourceList @go(Hard) @protobuf(1,bytes,rep,casttype=ResourceList,castkey=ResourceName) + + // Used is the current observed total usage of the resource in the namespace. + // +optional + used?: #ResourceList @go(Used) @protobuf(2,bytes,rep,casttype=ResourceList,castkey=ResourceName) +} + +// ResourceQuota sets aggregate quota restrictions enforced per namespace +#ResourceQuota: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Spec defines the desired quota. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + spec?: #ResourceQuotaSpec @go(Spec) @protobuf(2,bytes,opt) + + // Status defines the actual enforced quota and its current usage. + // https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: #ResourceQuotaStatus @go(Status) @protobuf(3,bytes,opt) +} + +// ResourceQuotaList is a list of ResourceQuota items. +#ResourceQuotaList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of ResourceQuota objects. + // More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + items: [...#ResourceQuota] @go(Items,[]ResourceQuota) @protobuf(2,bytes,rep) +} + +// Secret holds secret data of a certain type. The total bytes of the values in +// the Data field must be less than MaxSecretSize bytes. +#Secret: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Immutable, if set to true, ensures that data stored in the Secret cannot + // be updated (only object metadata can be modified). + // If not set to true, the field can be modified at any time. + // Defaulted to nil. + // +optional + immutable?: null | bool @go(Immutable,*bool) @protobuf(5,varint,opt) + + // Data contains the secret data. Each key must consist of alphanumeric + // characters, '-', '_' or '.'. The serialized form of the secret data is a + // base64 encoded string, representing the arbitrary (possibly non-string) + // data value here. Described in https://tools.ietf.org/html/rfc4648#section-4 + // +optional + data?: {[string]: bytes} @go(Data,map[string][]byte) @protobuf(2,bytes,rep) + + // stringData allows specifying non-binary secret data in string form. + // It is provided as a write-only input field for convenience. + // All keys and values are merged into the data field on write, overwriting any existing values. + // The stringData field is never output when reading from the API. + // +k8s:conversion-gen=false + // +optional + stringData?: {[string]: string} @go(StringData,map[string]string) @protobuf(4,bytes,rep) + + // Used to facilitate programmatic handling of secret data. + // More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types + // +optional + type?: #SecretType @go(Type) @protobuf(3,bytes,opt,casttype=SecretType) +} + +#MaxSecretSize: 1048576 + +#SecretType: string // #enumSecretType + +#enumSecretType: + #SecretTypeOpaque | + #SecretTypeServiceAccountToken | + #SecretTypeDockercfg | + #SecretTypeDockerConfigJson | + #SecretTypeBasicAuth | + #SecretTypeSSHAuth | + #SecretTypeTLS | + #SecretTypeBootstrapToken + +// SecretTypeOpaque is the default. Arbitrary user-defined data +#SecretTypeOpaque: #SecretType & "Opaque" + +// SecretTypeServiceAccountToken contains a token that identifies a service account to the API +// +// Required fields: +// - Secret.Annotations["kubernetes.io/service-account.name"] - the name of the ServiceAccount the token identifies +// - Secret.Annotations["kubernetes.io/service-account.uid"] - the UID of the ServiceAccount the token identifies +// - Secret.Data["token"] - a token that identifies the service account to the API +#SecretTypeServiceAccountToken: #SecretType & "kubernetes.io/service-account-token" + +// ServiceAccountNameKey is the key of the required annotation for SecretTypeServiceAccountToken secrets +#ServiceAccountNameKey: "kubernetes.io/service-account.name" + +// ServiceAccountUIDKey is the key of the required annotation for SecretTypeServiceAccountToken secrets +#ServiceAccountUIDKey: "kubernetes.io/service-account.uid" + +// ServiceAccountTokenKey is the key of the required data for SecretTypeServiceAccountToken secrets +#ServiceAccountTokenKey: "token" + +// ServiceAccountKubeconfigKey is the key of the optional kubeconfig data for SecretTypeServiceAccountToken secrets +#ServiceAccountKubeconfigKey: "kubernetes.kubeconfig" + +// ServiceAccountRootCAKey is the key of the optional root certificate authority for SecretTypeServiceAccountToken secrets +#ServiceAccountRootCAKey: "ca.crt" + +// ServiceAccountNamespaceKey is the key of the optional namespace to use as the default for namespaced API calls +#ServiceAccountNamespaceKey: "namespace" + +// SecretTypeDockercfg contains a dockercfg file that follows the same format rules as ~/.dockercfg +// +// Required fields: +// - Secret.Data[".dockercfg"] - a serialized ~/.dockercfg file +#SecretTypeDockercfg: #SecretType & "kubernetes.io/dockercfg" + +// DockerConfigKey is the key of the required data for SecretTypeDockercfg secrets +#DockerConfigKey: ".dockercfg" + +// SecretTypeDockerConfigJson contains a dockercfg file that follows the same format rules as ~/.docker/config.json +// +// Required fields: +// - Secret.Data[".dockerconfigjson"] - a serialized ~/.docker/config.json file +#SecretTypeDockerConfigJson: #SecretType & "kubernetes.io/dockerconfigjson" + +// DockerConfigJsonKey is the key of the required data for SecretTypeDockerConfigJson secrets +#DockerConfigJsonKey: ".dockerconfigjson" + +// SecretTypeBasicAuth contains data needed for basic authentication. +// +// Required at least one of fields: +// - Secret.Data["username"] - username used for authentication +// - Secret.Data["password"] - password or token needed for authentication +#SecretTypeBasicAuth: #SecretType & "kubernetes.io/basic-auth" + +// BasicAuthUsernameKey is the key of the username for SecretTypeBasicAuth secrets +#BasicAuthUsernameKey: "username" + +// BasicAuthPasswordKey is the key of the password or token for SecretTypeBasicAuth secrets +#BasicAuthPasswordKey: "password" + +// SecretTypeSSHAuth contains data needed for SSH authetication. +// +// Required field: +// - Secret.Data["ssh-privatekey"] - private SSH key needed for authentication +#SecretTypeSSHAuth: #SecretType & "kubernetes.io/ssh-auth" + +// SSHAuthPrivateKey is the key of the required SSH private key for SecretTypeSSHAuth secrets +#SSHAuthPrivateKey: "ssh-privatekey" + +// SecretTypeTLS contains information about a TLS client or server secret. It +// is primarily used with TLS termination of the Ingress resource, but may be +// used in other types. +// +// Required fields: +// - Secret.Data["tls.key"] - TLS private key. +// Secret.Data["tls.crt"] - TLS certificate. +// TODO: Consider supporting different formats, specifying CA/destinationCA. +#SecretTypeTLS: #SecretType & "kubernetes.io/tls" + +// TLSCertKey is the key for tls certificates in a TLS secret. +#TLSCertKey: "tls.crt" + +// TLSPrivateKeyKey is the key for the private key field in a TLS secret. +#TLSPrivateKeyKey: "tls.key" + +// SecretTypeBootstrapToken is used during the automated bootstrap process (first +// implemented by kubeadm). It stores tokens that are used to sign well known +// ConfigMaps. They are used for authn. +#SecretTypeBootstrapToken: #SecretType & "bootstrap.kubernetes.io/token" + +// SecretList is a list of Secret. +#SecretList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is a list of secret objects. + // More info: https://kubernetes.io/docs/concepts/configuration/secret + items: [...#Secret] @go(Items,[]Secret) @protobuf(2,bytes,rep) +} + +// ConfigMap holds configuration data for pods to consume. +#ConfigMap: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Immutable, if set to true, ensures that data stored in the ConfigMap cannot + // be updated (only object metadata can be modified). + // If not set to true, the field can be modified at any time. + // Defaulted to nil. + // +optional + immutable?: null | bool @go(Immutable,*bool) @protobuf(4,varint,opt) + + // Data contains the configuration data. + // Each key must consist of alphanumeric characters, '-', '_' or '.'. + // Values with non-UTF-8 byte sequences must use the BinaryData field. + // The keys stored in Data must not overlap with the keys in + // the BinaryData field, this is enforced during validation process. + // +optional + data?: {[string]: string} @go(Data,map[string]string) @protobuf(2,bytes,rep) + + // BinaryData contains the binary data. + // Each key must consist of alphanumeric characters, '-', '_' or '.'. + // BinaryData can contain byte sequences that are not in the UTF-8 range. + // The keys stored in BinaryData must not overlap with the ones in + // the Data field, this is enforced during validation process. + // Using this field will require 1.10+ apiserver and + // kubelet. + // +optional + binaryData?: {[string]: bytes} @go(BinaryData,map[string][]byte) @protobuf(3,bytes,rep) +} + +// ConfigMapList is a resource containing a list of ConfigMap objects. +#ConfigMapList: { + metav1.#TypeMeta + + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Items is the list of ConfigMaps. + items: [...#ConfigMap] @go(Items,[]ConfigMap) @protobuf(2,bytes,rep) +} + +// Type and constants for component health validation. +#ComponentConditionType: string // #enumComponentConditionType + +#enumComponentConditionType: + #ComponentHealthy + +#ComponentHealthy: #ComponentConditionType & "Healthy" + +// Information about the condition of a component. +#ComponentCondition: { + // Type of condition for a component. + // Valid value: "Healthy" + type: #ComponentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ComponentConditionType) + + // Status of the condition for a component. + // Valid values for "Healthy": "True", "False", or "Unknown". + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=ConditionStatus) + + // Message about the condition for a component. + // For example, information about a health check. + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // Condition error code for a component. + // For example, a health check error code. + // +optional + error?: string @go(Error) @protobuf(4,bytes,opt) +} + +// ComponentStatus (and ComponentStatusList) holds the cluster validation info. +// Deprecated: This API is deprecated in v1.19+ +#ComponentStatus: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // List of component conditions observed + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + conditions?: [...#ComponentCondition] @go(Conditions,[]ComponentCondition) @protobuf(2,bytes,rep) +} + +// Status of all the conditions for the component as a list of ComponentStatus objects. +// Deprecated: This API is deprecated in v1.19+ +#ComponentStatusList: { + metav1.#TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of ComponentStatus objects. + items: [...#ComponentStatus] @go(Items,[]ComponentStatus) @protobuf(2,bytes,rep) +} + +// DownwardAPIVolumeSource represents a volume containing downward API info. +// Downward API volumes support ownership management and SELinux relabeling. +#DownwardAPIVolumeSource: { + // Items is a list of downward API volume file + // +optional + items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) + + // Optional: mode bits to use on created files by default. Must be a + // Optional: mode bits used to set permissions on created files by default. + // Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // Defaults to 0644. + // Directories within the path are not affected by this setting. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + defaultMode?: null | int32 @go(DefaultMode,*int32) @protobuf(2,varint,opt) +} + +#DownwardAPIVolumeSourceDefaultMode: int32 & 0o644 + +// DownwardAPIVolumeFile represents information to create the file containing the pod field +#DownwardAPIVolumeFile: { + // Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..' + path: string @go(Path) @protobuf(1,bytes,opt) + + // Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + // +optional + fieldRef?: null | #ObjectFieldSelector @go(FieldRef,*ObjectFieldSelector) @protobuf(2,bytes,opt) + + // Selects a resource of the container: only resources limits and requests + // (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + // +optional + resourceFieldRef?: null | #ResourceFieldSelector @go(ResourceFieldRef,*ResourceFieldSelector) @protobuf(3,bytes,opt) + + // Optional: mode bits used to set permissions on this file, must be an octal value + // between 0000 and 0777 or a decimal value between 0 and 511. + // YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + // If not specified, the volume defaultMode will be used. + // This might be in conflict with other options that affect the file + // mode, like fsGroup, and the result can be other mode bits set. + // +optional + mode?: null | int32 @go(Mode,*int32) @protobuf(4,varint,opt) +} + +// Represents downward API info for projecting into a projected volume. +// Note that this is identical to a downwardAPI volume source without the default +// mode. +#DownwardAPIProjection: { + // Items is a list of DownwardAPIVolume file + // +optional + items?: [...#DownwardAPIVolumeFile] @go(Items,[]DownwardAPIVolumeFile) @protobuf(1,bytes,rep) +} + +// SecurityContext holds security configuration that will be applied to a container. +// Some fields are present in both SecurityContext and PodSecurityContext. When both +// are set, the values in SecurityContext take precedence. +#SecurityContext: { + // The capabilities to add/drop when running containers. + // Defaults to the default set of capabilities granted by the container runtime. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + capabilities?: null | #Capabilities @go(Capabilities,*Capabilities) @protobuf(1,bytes,opt) + + // Run container in privileged mode. + // Processes in privileged containers are essentially equivalent to root on the host. + // Defaults to false. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + privileged?: null | bool @go(Privileged,*bool) @protobuf(2,varint,opt) + + // The SELinux context to be applied to the container. + // If unspecified, the container runtime will allocate a random SELinux context for each + // container. May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seLinuxOptions?: null | #SELinuxOptions @go(SELinuxOptions,*SELinuxOptions) @protobuf(3,bytes,opt) + + // The Windows specific settings applied to all containers. + // If unspecified, the options from the PodSecurityContext will be used. + // If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is linux. + // +optional + windowsOptions?: null | #WindowsSecurityContextOptions @go(WindowsOptions,*WindowsSecurityContextOptions) @protobuf(10,bytes,opt) + + // The UID to run the entrypoint of the container process. + // Defaults to user specified in image metadata if unspecified. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsUser?: null | int64 @go(RunAsUser,*int64) @protobuf(4,varint,opt) + + // The GID to run the entrypoint of the container process. + // Uses runtime default if unset. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + runAsGroup?: null | int64 @go(RunAsGroup,*int64) @protobuf(8,varint,opt) + + // Indicates that the container must run as a non-root user. + // If true, the Kubelet will validate the image at runtime to ensure that it + // does not run as UID 0 (root) and fail to start the container if it does. + // If unset or false, no such validation will be performed. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // +optional + runAsNonRoot?: null | bool @go(RunAsNonRoot,*bool) @protobuf(5,varint,opt) + + // Whether this container has a read-only root filesystem. + // Default is false. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + readOnlyRootFilesystem?: null | bool @go(ReadOnlyRootFilesystem,*bool) @protobuf(6,varint,opt) + + // AllowPrivilegeEscalation controls whether a process can gain more + // privileges than its parent process. This bool directly controls if + // the no_new_privs flag will be set on the container process. + // AllowPrivilegeEscalation is true always when the container is: + // 1) run as Privileged + // 2) has CAP_SYS_ADMIN + // Note that this field cannot be set when spec.os.name is windows. + // +optional + allowPrivilegeEscalation?: null | bool @go(AllowPrivilegeEscalation,*bool) @protobuf(7,varint,opt) + + // procMount denotes the type of proc mount to use for the containers. + // The default is DefaultProcMount which uses the container runtime defaults for + // readonly paths and masked paths. + // This requires the ProcMountType feature flag to be enabled. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + procMount?: null | #ProcMountType @go(ProcMount,*ProcMountType) @protobuf(9,bytes,opt) + + // The seccomp options to use by this container. If seccomp options are + // provided at both the pod & container level, the container options + // override the pod options. + // Note that this field cannot be set when spec.os.name is windows. + // +optional + seccompProfile?: null | #SeccompProfile @go(SeccompProfile,*SeccompProfile) @protobuf(11,bytes,opt) +} + +// +enum +#ProcMountType: string // #enumProcMountType + +#enumProcMountType: + #DefaultProcMount | + #UnmaskedProcMount + +// DefaultProcMount uses the container runtime defaults for readonly and masked +// paths for /proc. Most container runtimes mask certain paths in /proc to avoid +// accidental security exposure of special devices or information. +#DefaultProcMount: #ProcMountType & "Default" + +// UnmaskedProcMount bypasses the default masking behavior of the container +// runtime and ensures the newly created /proc the container stays in tact with +// no modifications. +#UnmaskedProcMount: #ProcMountType & "Unmasked" + +// SELinuxOptions are the labels to be applied to the container +#SELinuxOptions: { + // User is a SELinux user label that applies to the container. + // +optional + user?: string @go(User) @protobuf(1,bytes,opt) + + // Role is a SELinux role label that applies to the container. + // +optional + role?: string @go(Role) @protobuf(2,bytes,opt) + + // Type is a SELinux type label that applies to the container. + // +optional + type?: string @go(Type) @protobuf(3,bytes,opt) + + // Level is SELinux level label that applies to the container. + // +optional + level?: string @go(Level) @protobuf(4,bytes,opt) +} + +// WindowsSecurityContextOptions contain Windows-specific options and credentials. +#WindowsSecurityContextOptions: { + // GMSACredentialSpecName is the name of the GMSA credential spec to use. + // +optional + gmsaCredentialSpecName?: null | string @go(GMSACredentialSpecName,*string) @protobuf(1,bytes,opt) + + // GMSACredentialSpec is where the GMSA admission webhook + // (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + // GMSA credential spec named by the GMSACredentialSpecName field. + // +optional + gmsaCredentialSpec?: null | string @go(GMSACredentialSpec,*string) @protobuf(2,bytes,opt) + + // The UserName in Windows to run the entrypoint of the container process. + // Defaults to the user specified in image metadata if unspecified. + // May also be set in PodSecurityContext. If set in both SecurityContext and + // PodSecurityContext, the value specified in SecurityContext takes precedence. + // +optional + runAsUserName?: null | string @go(RunAsUserName,*string) @protobuf(3,bytes,opt) + + // HostProcess determines if a container should be run as a 'Host Process' container. + // All of a Pod's containers must have the same effective HostProcess value + // (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + // In addition, if HostProcess is true then HostNetwork must also be set to true. + // +optional + hostProcess?: null | bool @go(HostProcess,*bool) @protobuf(4,bytes,opt) +} + +// RangeAllocation is not a public type. +#RangeAllocation: { + metav1.#TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) + + // Range is string that identifies the range represented by 'data'. + range: string @go(Range) @protobuf(2,bytes,opt) + + // Data is a bit array containing all allocated addresses in the previous segment. + data: bytes @go(Data,[]byte) @protobuf(3,bytes,opt) +} + +// DefaultSchedulerName defines the name of default scheduler. +#DefaultSchedulerName: "default-scheduler" + +// RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule +// corresponding to every RequiredDuringScheduling affinity rule. +// When the --hard-pod-affinity-weight scheduler flag is not specified, +// DefaultHardPodAffinityWeight defines the weight of the implicit PreferredDuringScheduling affinity rule. +#DefaultHardPodAffinitySymmetricWeight: int32 & 1 + +// Sysctl defines a kernel parameter to be set +#Sysctl: { + // Name of a property to set + name: string @go(Name) @protobuf(1,bytes,opt) + + // Value of a property to set + value: string @go(Value) @protobuf(2,bytes,opt) +} + +// NodeResources is an object for conveying resource information about a node. +// see https://kubernetes.io/docs/concepts/architecture/nodes/#capacity for more details. +#NodeResources: { + // Capacity represents the available resources of a node + Capacity: #ResourceList @protobuf(1,bytes,rep,name=capacity,casttype=ResourceList,castkey=ResourceName) +} + +// Enable stdin for remote command execution +#ExecStdinParam: "input" + +// Enable stdout for remote command execution +#ExecStdoutParam: "output" + +// Enable stderr for remote command execution +#ExecStderrParam: "error" + +// Enable TTY for remote command execution +#ExecTTYParam: "tty" + +// Command to run for remote command execution +#ExecCommandParam: "command" + +// Name of header that specifies stream type +#StreamType: "streamType" + +// Value for streamType header for stdin stream +#StreamTypeStdin: "stdin" + +// Value for streamType header for stdout stream +#StreamTypeStdout: "stdout" + +// Value for streamType header for stderr stream +#StreamTypeStderr: "stderr" + +// Value for streamType header for data stream +#StreamTypeData: "data" + +// Value for streamType header for error stream +#StreamTypeError: "error" + +// Value for streamType header for terminal resize stream +#StreamTypeResize: "resize" + +// Name of header that specifies the port being forwarded +#PortHeader: "port" + +// Name of header that specifies a request ID used to associate the error +// and data streams for a single forwarded connection +#PortForwardRequestIDHeader: "requestID" + +// MixedProtocolNotSupported error in PortStatus means that the cloud provider +// can't publish the port on the load balancer because mixed values of protocols +// on the same LoadBalancer type of Service are not supported by the cloud provider. +#MixedProtocolNotSupported: "MixedProtocolNotSupported" + +#PortStatus: { + // Port is the port number of the service port of which status is recorded here + port: int32 @go(Port) @protobuf(1,varint,opt) + + // Protocol is the protocol of the service port of which status is recorded here + // The supported values are: "TCP", "UDP", "SCTP" + protocol: #Protocol @go(Protocol) @protobuf(2,bytes,opt,casttype=Protocol) + + // Error is to record the problem with the service port + // The format of the error shall comply with the following rules: + // - built-in error values shall be specified in this file and those shall use + // CamelCase names + // - cloud provider specific error values must have names that comply with the + // format foo.example.com/CamelCase. + // --- + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +optional + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + error?: null | string @go(Error,*string) @protobuf(3,bytes,opt) +} diff --git a/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue new file mode 100644 index 0000000..2a1f060 --- /dev/null +++ b/cue.mod/gen/k8s.io/api/core/v1/well_known_labels_go_gen.cue @@ -0,0 +1,59 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +#LabelHostname: "kubernetes.io/hostname" + +// Label value is the network location of kube-apiserver stored as +// Stored in APIServer Identity lease objects to view what address is used for peer proxy +#AnnotationPeerAdvertiseAddress: "kubernetes.io/peer-advertise-address" +#LabelTopologyZone: "topology.kubernetes.io/zone" +#LabelTopologyRegion: "topology.kubernetes.io/region" + +// These label have been deprecated since 1.17, but will be supported for +// the foreseeable future, to accommodate things like long-lived PVs that +// use them. New users should prefer the "topology.kubernetes.io/*" +// equivalents. +#LabelFailureDomainBetaZone: "failure-domain.beta.kubernetes.io/zone" +#LabelFailureDomainBetaRegion: "failure-domain.beta.kubernetes.io/region" + +// Retained for compat when vendored. Do not use these consts in new code. +#LabelZoneFailureDomain: "failure-domain.beta.kubernetes.io/zone" +#LabelZoneRegion: "failure-domain.beta.kubernetes.io/region" +#LabelZoneFailureDomainStable: "topology.kubernetes.io/zone" +#LabelZoneRegionStable: "topology.kubernetes.io/region" +#LabelInstanceType: "beta.kubernetes.io/instance-type" +#LabelInstanceTypeStable: "node.kubernetes.io/instance-type" +#LabelOSStable: "kubernetes.io/os" +#LabelArchStable: "kubernetes.io/arch" + +// LabelWindowsBuild is used on Windows nodes to specify the Windows build number starting with v1.17.0. +// It's in the format MajorVersion.MinorVersion.BuildNumber (for ex: 10.0.17763) +#LabelWindowsBuild: "node.kubernetes.io/windows-build" + +// LabelNamespaceSuffixKubelet is an allowed label namespace suffix kubelets can self-set ([*.]kubelet.kubernetes.io/*) +#LabelNamespaceSuffixKubelet: "kubelet.kubernetes.io" + +// LabelNamespaceSuffixNode is an allowed label namespace suffix kubelets can self-set ([*.]node.kubernetes.io/*) +#LabelNamespaceSuffixNode: "node.kubernetes.io" + +// LabelNamespaceNodeRestriction is a forbidden label namespace that kubelets may not self-set when the NodeRestriction admission plugin is enabled +#LabelNamespaceNodeRestriction: "node-restriction.kubernetes.io" + +// IsHeadlessService is added by Controller to an Endpoint denoting if its parent +// Service is Headless. The existence of this label can be used further by other +// controllers and kube-proxy to check if the Endpoint objects should be replicated when +// using Headless Services +#IsHeadlessService: "service.kubernetes.io/headless" + +// LabelNodeExcludeBalancers specifies that the node should not be considered as a target +// for external load-balancers which use nodes as a second hop (e.g. many cloud LBs which only +// understand nodes). For services that use externalTrafficPolicy=Local, this may mean that +// any backends on excluded nodes are not reachable by those external load-balancers. +// Implementations of this exclusion may vary based on provider. +#LabelNodeExcludeBalancers: "node.kubernetes.io/exclude-from-external-load-balancers" + +// LabelMetadataName is the label name which, in-tree, is used to automatically label namespaces, so they can be selected easily by tools which require definitive labels +#LabelMetadataName: "kubernetes.io/metadata.name" diff --git a/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue b/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue new file mode 100644 index 0000000..b7c0973 --- /dev/null +++ b/cue.mod/gen/k8s.io/api/core/v1/well_known_taints_go_gen.cue @@ -0,0 +1,38 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/api/core/v1 + +package v1 + +// TaintNodeNotReady will be added when node is not ready +// and removed when node becomes ready. +#TaintNodeNotReady: "node.kubernetes.io/not-ready" + +// TaintNodeUnreachable will be added when node becomes unreachable +// (corresponding to NodeReady status ConditionUnknown) +// and removed when node becomes reachable (NodeReady status ConditionTrue). +#TaintNodeUnreachable: "node.kubernetes.io/unreachable" + +// TaintNodeUnschedulable will be added when node becomes unschedulable +// and removed when node becomes schedulable. +#TaintNodeUnschedulable: "node.kubernetes.io/unschedulable" + +// TaintNodeMemoryPressure will be added when node has memory pressure +// and removed when node has enough memory. +#TaintNodeMemoryPressure: "node.kubernetes.io/memory-pressure" + +// TaintNodeDiskPressure will be added when node has disk pressure +// and removed when node has enough disk. +#TaintNodeDiskPressure: "node.kubernetes.io/disk-pressure" + +// TaintNodeNetworkUnavailable will be added when node's network is unavailable +// and removed when network becomes ready. +#TaintNodeNetworkUnavailable: "node.kubernetes.io/network-unavailable" + +// TaintNodePIDPressure will be added when node has pid pressure +// and removed when node has enough pid. +#TaintNodePIDPressure: "node.kubernetes.io/pid-pressure" + +// TaintNodeOutOfService can be added when node is out of service in case of +// a non-graceful shutdown +#TaintNodeOutOfService: "node.kubernetes.io/out-of-service" diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue new file mode 100644 index 0000000..cef44ba --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/amount_go_gen.cue @@ -0,0 +1,47 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +// Scale is used for getting and setting the base-10 scaled value. +// Base-2 scales are omitted for mathematical simplicity. +// See Quantity.ScaledValue for more details. +#Scale: int32 // #enumScale + +#enumScale: + #Nano | + #Micro | + #Milli | + #Kilo | + #Mega | + #Giga | + #Tera | + #Peta | + #Exa + +#values_Scale: { + Nano: #Nano + Micro: #Micro + Milli: #Milli + Kilo: #Kilo + Mega: #Mega + Giga: #Giga + Tera: #Tera + Peta: #Peta + Exa: #Exa +} + +#Nano: #Scale & -9 +#Micro: #Scale & -6 +#Milli: #Scale & -3 +#Kilo: #Scale & 3 +#Mega: #Scale & 6 +#Giga: #Scale & 9 +#Tera: #Scale & 12 +#Peta: #Scale & 15 +#Exa: #Scale & 18 + +// infDecAmount implements common operations over an inf.Dec that are specific to the quantity +// representation. +_#infDecAmount: string diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue new file mode 100644 index 0000000..711f209 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/math_go_gen.cue @@ -0,0 +1,13 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +// maxInt64Factors is the highest value that will be checked when removing factors of 10 from an int64. +// It is also the maximum decimal digits that can be represented with an int64. +_#maxInt64Factors: 18 + +_#mostNegative: -9223372036854775808 + +_#mostPositive: 9223372036854775807 diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue new file mode 100644 index 0000000..9d9713a --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/quantity_go_gen.cue @@ -0,0 +1,107 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +// Quantity is a fixed-point representation of a number. +// It provides convenient marshaling/unmarshaling in JSON and YAML, +// in addition to String() and AsInt64() accessors. +// +// The serialization format is: +// +// ``` +// ::= +// +// (Note that may be empty, from the "" case in .) +// +// ::= 0 | 1 | ... | 9 +// ::= | +// ::= | . | . | . +// ::= "+" | "-" +// ::= | +// ::= | | +// ::= Ki | Mi | Gi | Ti | Pi | Ei +// +// (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) +// +// ::= m | "" | k | M | G | T | P | E +// +// (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) +// +// ::= "e" | "E" +// ``` +// +// No matter which of the three exponent forms is used, no quantity may represent +// a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal +// places. Numbers larger or more precise will be capped or rounded up. +// (E.g.: 0.1m will rounded up to 1m.) +// This may be extended in the future if we require larger or smaller quantities. +// +// When a Quantity is parsed from a string, it will remember the type of suffix +// it had, and will use the same type again when it is serialized. +// +// Before serializing, Quantity will be put in "canonical form". +// This means that Exponent/suffix will be adjusted up or down (with a +// corresponding increase or decrease in Mantissa) such that: +// +// - No precision is lost +// - No fractional digits will be emitted +// - The exponent (or suffix) is as large as possible. +// +// The sign will be omitted unless the number is negative. +// +// Examples: +// +// - 1.5 will be serialized as "1500m" +// - 1.5Gi will be serialized as "1536Mi" +// +// Note that the quantity will NEVER be internally represented by a +// floating point number. That is the whole point of this exercise. +// +// Non-canonical values will still parse as long as they are well formed, +// but will be re-emitted in their canonical form. (So always use canonical +// form, or don't diff.) +// +// This format is intended to make it difficult to use these numbers without +// writing some sort of special handling code in the hopes that that will +// cause implementors to also use a fixed point implementation. +// +// +protobuf=true +// +protobuf.embed=string +// +protobuf.options.marshal=false +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:deepcopy-gen=true +// +k8s:openapi-gen=true +#Quantity: _ + +// CanonicalValue allows a quantity amount to be converted to a string. +#CanonicalValue: _ + +// Format lists the three possible formattings of a quantity. +#Format: string // #enumFormat + +#enumFormat: + #DecimalExponent | + #BinarySI | + #DecimalSI + +#DecimalExponent: #Format & "DecimalExponent" +#BinarySI: #Format & "BinarySI" +#DecimalSI: #Format & "DecimalSI" + +// splitREString is used to separate a number from its suffix; as such, +// this is overly permissive, but that's OK-- it will be checked later. +_#splitREString: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + +_#int64QuantityExpectedBytes: 18 + +// QuantityValue makes it possible to use a Quantity as value for a command +// line parameter. +// +// +protobuf=true +// +protobuf.embed=string +// +protobuf.options.marshal=false +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:deepcopy-gen=true +#QuantityValue: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue new file mode 100644 index 0000000..b40d68e --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/api/resource/suffix_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/api/resource + +package resource + +_#suffix: string + +// suffixer can interpret and construct suffixes. +_#suffixer: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue new file mode 100644 index 0000000..25ea8ec --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/duration_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// Duration is a wrapper around time.Duration which supports correct +// marshaling to YAML and JSON. In particular, it marshals into strings, which +// can be used as map keys in json. +#Duration: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue new file mode 100644 index 0000000..7ff5386 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/group_version_go_gen.cue @@ -0,0 +1,48 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying +// concepts during lookup stages without having partially valid types +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupResource: { + group: string @go(Group) @protobuf(1,bytes,opt) + resource: string @go(Resource) @protobuf(2,bytes,opt) +} + +// GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion +// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupVersionResource: { + group: string @go(Group) @protobuf(1,bytes,opt) + version: string @go(Version) @protobuf(2,bytes,opt) + resource: string @go(Resource) @protobuf(3,bytes,opt) +} + +// GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying +// concepts during lookup stages without having partially valid types +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupKind: { + group: string @go(Group) @protobuf(1,bytes,opt) + kind: string @go(Kind) @protobuf(2,bytes,opt) +} + +// GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion +// to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupVersionKind: { + group: string @go(Group) @protobuf(1,bytes,opt) + version: string @go(Version) @protobuf(2,bytes,opt) + kind: string @go(Kind) @protobuf(3,bytes,opt) +} + +// GroupVersion contains the "group" and the "version", which uniquely identifies the API. +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +#GroupVersion: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue new file mode 100644 index 0000000..f3c39a4 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/meta_go_gen.cue @@ -0,0 +1,33 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// TODO: move this, Object, List, and Type to a different package +#ObjectMetaAccessor: _ + +// Object lets you work with object metadata from any of the versioned or +// internal API objects. Attempting to set or retrieve a field on an object that does +// not support that field (Name, UID, Namespace on lists) will be a no-op and return +// a default value. +#Object: _ + +// ListMetaAccessor retrieves the list interface from an object +#ListMetaAccessor: _ + +// Common lets you work with core metadata from any of the versioned or +// internal API objects. Attempting to set or retrieve a field on an object that does +// not support that field will be a no-op and return a default value. +// TODO: move this, and TypeMeta and ListMeta, to a different package +#Common: _ + +// ListInterface lets you work with list metadata from any of the versioned or +// internal API objects. Attempting to set or retrieve a field on an object that does +// not support that field will be a no-op and return a default value. +// TODO: move this, and TypeMeta and ListMeta, to a different package +#ListInterface: _ + +// Type exposes the type and APIVersion of versioned or internal API objects. +// TODO: move this, and TypeMeta and ListMeta, to a different package +#Type: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue new file mode 100644 index 0000000..3c067ba --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_go_gen.cue @@ -0,0 +1,14 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +#RFC3339Micro: "2006-01-02T15:04:05.000000Z07:00" + +// MicroTime is version of Time with microsecond level precision. +// +// +protobuf.options.marshal=false +// +protobuf.as=Timestamp +// +protobuf.options.(gogoproto.goproto_stringer)=false +#MicroTime: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue new file mode 100644 index 0000000..39d23b2 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/register_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +#GroupName: "meta.k8s.io" + +#WatchEventKind: "WatchEvent" diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue new file mode 100644 index 0000000..b3c8ec2 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_go_gen.cue @@ -0,0 +1,14 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// Time is a wrapper around time.Time which supports correct +// marshaling to YAML and JSON. Wrappers are provided for many +// of the factory methods that the time package offers. +// +// +protobuf.options.marshal=false +// +protobuf.as=Timestamp +// +protobuf.options.(gogoproto.goproto_stringer)=false +#Time: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue new file mode 100644 index 0000000..8353927 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto_go_gen.cue @@ -0,0 +1,21 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +// Timestamp is a struct that is equivalent to Time, but intended for +// protobuf marshalling/unmarshalling. It is generated into a serialization +// that matches Time. Do not use in Go structs. +#Timestamp: { + // Represents seconds of UTC time since Unix epoch + // 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to + // 9999-12-31T23:59:59Z inclusive. + seconds: int64 @go(Seconds) @protobuf(1,varint,opt) + + // Non-negative fractions of a second at nanosecond resolution. Negative + // second values with fractions must still have non-negative nanos values + // that count forward in time. Must be from 0 to 999,999,999 + // inclusive. This field may be limited in precision depending on context. + nanos: int32 @go(Nanos) @protobuf(2,varint,opt) +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue new file mode 100644 index 0000000..a0deb7c --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/types_go_gen.cue @@ -0,0 +1,1561 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +// Package v1 contains API types that are common to all versions. +// +// The package contains two categories of types: +// - external (serialized) types that lack their own version (e.g TypeMeta) +// - internal (never-serialized) types that are needed by several different +// api groups, and so live here, to avoid duplication and/or import loops +// (e.g. LabelSelector). +// +// In the future, we will probably move these categories of objects into +// separate packages. +package v1 + +import ( + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/runtime" +) + +// TypeMeta describes an individual object in an API response or request +// with strings representing the type of the object and its API schema version. +// Structures that are versioned or persisted should inline TypeMeta. +// +// +k8s:deepcopy-gen=false +#TypeMeta: { + // Kind is a string value representing the REST resource this object represents. + // Servers may infer this from the endpoint the client submits requests to. + // Cannot be updated. + // In CamelCase. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + kind?: string @go(Kind) @protobuf(1,bytes,opt) + + // APIVersion defines the versioned schema of this representation of an object. + // Servers should convert recognized schemas to the latest internal value, and + // may reject unrecognized values. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + // +optional + apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt) +} + +// ListMeta describes metadata that synthetic resources must have, including lists and +// various status objects. A resource may have only one of {ObjectMeta, ListMeta}. +#ListMeta: { + // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. + // +optional + selfLink?: string @go(SelfLink) @protobuf(1,bytes,opt) + + // String that identifies the server's internal version of this object that + // can be used by clients to determine when objects have changed. + // Value must be treated as opaque by clients and passed unmodified back to the server. + // Populated by the system. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(2,bytes,opt) + + // continue may be set if the user set a limit on the number of items returned, and indicates that + // the server has more data available. The value is opaque and may be used to issue another request + // to the endpoint that served this list to retrieve the next set of available objects. Continuing a + // consistent list may not be possible if the server configuration has changed or more than a few + // minutes have passed. The resourceVersion field returned when using this continue value will be + // identical to the value in the first response, unless you have received this token from an error + // message. + continue?: string @go(Continue) @protobuf(3,bytes,opt) + + // remainingItemCount is the number of subsequent items in the list which are not included in this + // list response. If the list request contained label or field selectors, then the number of + // remaining items is unknown and the field will be left unset and omitted during serialization. + // If the list is complete (either because it is not chunking or because this is the last chunk), + // then there are no more remaining items and this field will be left unset and omitted during + // serialization. + // Servers older than v1.15 do not set this field. + // The intended use of the remainingItemCount is *estimating* the size of a collection. Clients + // should not rely on the remainingItemCount to be set or to be exact. + // +optional + remainingItemCount?: null | int64 @go(RemainingItemCount,*int64) @protobuf(4,bytes,opt) +} + +#ObjectNameField: "metadata.name" + +#FinalizerOrphanDependents: "orphan" +#FinalizerDeleteDependents: "foregroundDeletion" + +// ObjectMeta is metadata that all persisted resources must have, which includes all objects +// users must create. +#ObjectMeta: { + // Name must be unique within a namespace. Is required when creating resources, although + // some resources may allow a client to request the generation of an appropriate name + // automatically. Name is primarily intended for creation idempotence and configuration + // definition. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // GenerateName is an optional prefix, used by the server, to generate a unique + // name ONLY IF the Name field has not been provided. + // If this field is used, the name returned to the client will be different + // than the name passed. This value will also be combined with a unique suffix. + // The provided value has the same validation rules as the Name field, + // and may be truncated by the length of the suffix required to make the value + // unique on the server. + // + // If this field is specified and the generated name exists, the server will return a 409. + // + // Applied only if Name is not specified. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + // +optional + generateName?: string @go(GenerateName) @protobuf(2,bytes,opt) + + // Namespace defines the space within which each name must be unique. An empty namespace is + // equivalent to the "default" namespace, but "default" is the canonical representation. + // Not all objects are required to be scoped to a namespace - the value of this field for + // those objects will be empty. + // + // Must be a DNS_LABEL. + // Cannot be updated. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces + // +optional + namespace?: string @go(Namespace) @protobuf(3,bytes,opt) + + // Deprecated: selfLink is a legacy read-only field that is no longer populated by the system. + // +optional + selfLink?: string @go(SelfLink) @protobuf(4,bytes,opt) + + // UID is the unique in time and space value for this object. It is typically generated by + // the server on successful creation of a resource and is not allowed to change on PUT + // operations. + // + // Populated by the system. + // Read-only. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + // +optional + uid?: types.#UID @go(UID) @protobuf(5,bytes,opt,casttype=k8s.io/kubernetes/pkg/types.UID) + + // An opaque value that represents the internal version of this object that can + // be used by clients to determine when objects have changed. May be used for optimistic + // concurrency, change detection, and the watch operation on a resource or set of resources. + // Clients must treat these values as opaque and passed unmodified back to the server. + // They may only be valid for a particular resource or set of resources. + // + // Populated by the system. + // Read-only. + // Value must be treated as opaque by clients and . + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(6,bytes,opt) + + // A sequence number representing a specific generation of the desired state. + // Populated by the system. Read-only. + // +optional + generation?: int64 @go(Generation) @protobuf(7,varint,opt) + + // CreationTimestamp is a timestamp representing the server time when this object was + // created. It is not guaranteed to be set in happens-before order across separate operations. + // Clients may not set this value. It is represented in RFC3339 form and is in UTC. + // + // Populated by the system. + // Read-only. + // Null for lists. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + creationTimestamp?: #Time @go(CreationTimestamp) @protobuf(8,bytes,opt) + + // DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This + // field is set by the server when a graceful deletion is requested by the user, and is not + // directly settable by a client. The resource is expected to be deleted (no longer visible + // from resource lists, and not reachable by name) after the time in this field, once the + // finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. + // Once the deletionTimestamp is set, this value may not be unset or be set further into the + // future, although it may be shortened or the resource may be deleted prior to this time. + // For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react + // by sending a graceful termination signal to the containers in the pod. After that 30 seconds, + // the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, + // remove the pod from the API. In the presence of network partitions, this object may still + // exist after this timestamp, until an administrator or automated process can determine the + // resource is fully terminated. + // If not set, graceful deletion of the object has not been requested. + // + // Populated by the system when a graceful deletion is requested. + // Read-only. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + deletionTimestamp?: null | #Time @go(DeletionTimestamp,*Time) @protobuf(9,bytes,opt) + + // Number of seconds allowed for this object to gracefully terminate before + // it will be removed from the system. Only set when deletionTimestamp is also set. + // May only be shortened. + // Read-only. + // +optional + deletionGracePeriodSeconds?: null | int64 @go(DeletionGracePeriodSeconds,*int64) @protobuf(10,varint,opt) + + // Map of string keys and values that can be used to organize and categorize + // (scope and select) objects. May match selectors of replication controllers + // and services. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // +optional + labels?: {[string]: string} @go(Labels,map[string]string) @protobuf(11,bytes,rep) + + // Annotations is an unstructured key value map stored with a resource that may be + // set by external tools to store and retrieve arbitrary metadata. They are not + // queryable and should be preserved when modifying objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + // +optional + annotations?: {[string]: string} @go(Annotations,map[string]string) @protobuf(12,bytes,rep) + + // List of objects depended by this object. If ALL objects in the list have + // been deleted, this object will be garbage collected. If this object is managed by a controller, + // then an entry in this list will point to this controller, with the controller field set to true. + // There cannot be more than one managing controller. + // +optional + // +patchMergeKey=uid + // +patchStrategy=merge + ownerReferences?: [...#OwnerReference] @go(OwnerReferences,[]OwnerReference) @protobuf(13,bytes,rep) + + // Must be empty before the object is deleted from the registry. Each entry + // is an identifier for the responsible component that will remove the entry + // from the list. If the deletionTimestamp of the object is non-nil, entries + // in this list can only be removed. + // Finalizers may be processed and removed in any order. Order is NOT enforced + // because it introduces significant risk of stuck finalizers. + // finalizers is a shared field, any actor with permission can reorder it. + // If the finalizer list is processed in order, then this can lead to a situation + // in which the component responsible for the first finalizer in the list is + // waiting for a signal (field value, external system, or other) produced by a + // component responsible for a finalizer later in the list, resulting in a deadlock. + // Without enforced ordering finalizers are free to order amongst themselves and + // are not vulnerable to ordering changes in the list. + // +optional + // +patchStrategy=merge + finalizers?: [...string] @go(Finalizers,[]string) @protobuf(14,bytes,rep) + + // ManagedFields maps workflow-id and version to the set of fields + // that are managed by that workflow. This is mostly for internal + // housekeeping, and users typically shouldn't need to set or + // understand this field. A workflow can be the user's name, a + // controller's name, or the name of a specific apply path like + // "ci-cd". The set of fields is always in the version that the + // workflow used when modifying the object. + // + // +optional + managedFields?: [...#ManagedFieldsEntry] @go(ManagedFields,[]ManagedFieldsEntry) @protobuf(17,bytes,rep) +} + +// NamespaceDefault means the object is in the default namespace which is applied when not specified by clients +#NamespaceDefault: "default" + +// NamespaceAll is the default argument to specify on a context when you want to list or filter resources across all namespaces +#NamespaceAll: "" + +// NamespaceNone is the argument for a context when there is no namespace. +#NamespaceNone: "" + +// NamespaceSystem is the system namespace where we place system components. +#NamespaceSystem: "kube-system" + +// NamespacePublic is the namespace where we place public info (ConfigMaps) +#NamespacePublic: "kube-public" + +// OwnerReference contains enough information to let you identify an owning +// object. An owning object must be in the same namespace as the dependent, or +// be cluster-scoped, so there is no namespace field. +// +structType=atomic +#OwnerReference: { + // API version of the referent. + apiVersion: string @go(APIVersion) @protobuf(5,bytes,opt) + + // Kind of the referent. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + kind: string @go(Kind) @protobuf(1,bytes,opt) + + // Name of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + name: string @go(Name) @protobuf(3,bytes,opt) + + // UID of the referent. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + uid: types.#UID @go(UID) @protobuf(4,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // If true, this reference points to the managing controller. + // +optional + controller?: null | bool @go(Controller,*bool) @protobuf(6,varint,opt) + + // If true, AND if the owner has the "foregroundDeletion" finalizer, then + // the owner cannot be deleted from the key-value store until this + // reference is removed. + // See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + // for how the garbage collector interacts with this field and enforces the foreground deletion. + // Defaults to false. + // To set this field, a user needs "delete" permission of the owner, + // otherwise 422 (Unprocessable Entity) will be returned. + // +optional + blockOwnerDeletion?: null | bool @go(BlockOwnerDeletion,*bool) @protobuf(7,varint,opt) +} + +// ListOptions is the query options to a standard REST list call. +#ListOptions: { + #TypeMeta + + // A selector to restrict the list of returned objects by their labels. + // Defaults to everything. + // +optional + labelSelector?: string @go(LabelSelector) @protobuf(1,bytes,opt) + + // A selector to restrict the list of returned objects by their fields. + // Defaults to everything. + // +optional + fieldSelector?: string @go(FieldSelector) @protobuf(2,bytes,opt) + + // Watch for changes to the described resources and return them as a stream of + // add, update, and remove notifications. Specify resourceVersion. + // +optional + watch?: bool @go(Watch) @protobuf(3,varint,opt) + + // allowWatchBookmarks requests watch events with type "BOOKMARK". + // Servers that do not implement bookmarks may ignore this flag and + // bookmarks are sent at the server's discretion. Clients should not + // assume bookmarks are returned at any specific interval, nor may they + // assume the server will send any BOOKMARK event during a session. + // If this is not a watch, this field is ignored. + // +optional + allowWatchBookmarks?: bool @go(AllowWatchBookmarks) @protobuf(9,varint,opt) + + // resourceVersion sets a constraint on what resource versions a request may be served from. + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for + // details. + // + // Defaults to unset + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(4,bytes,opt) + + // resourceVersionMatch determines how resourceVersion is applied to list calls. + // It is highly recommended that resourceVersionMatch be set for list calls where + // resourceVersion is set + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for + // details. + // + // Defaults to unset + // +optional + resourceVersionMatch?: #ResourceVersionMatch @go(ResourceVersionMatch) @protobuf(10,bytes,opt,casttype=ResourceVersionMatch) + + // Timeout for the list/watch call. + // This limits the duration of the call, regardless of any activity or inactivity. + // +optional + timeoutSeconds?: null | int64 @go(TimeoutSeconds,*int64) @protobuf(5,varint,opt) + + // limit is a maximum number of responses to return for a list call. If more items exist, the + // server will set the `continue` field on the list metadata to a value that can be used with the + // same initial query to retrieve the next set of results. Setting a limit may return fewer than + // the requested amount of items (up to zero items) in the event all requested objects are + // filtered out and clients should only use the presence of the continue field to determine whether + // more results are available. Servers may choose not to support the limit argument and will return + // all of the available results. If limit is specified and the continue field is empty, clients may + // assume that no more results are available. This field is not supported if watch is true. + // + // The server guarantees that the objects returned when using continue will be identical to issuing + // a single list call without a limit - that is, no objects created, modified, or deleted after the + // first request is issued will be included in any subsequent continued requests. This is sometimes + // referred to as a consistent snapshot, and ensures that a client that is using limit to receive + // smaller chunks of a very large result can ensure they see all possible objects. If objects are + // updated during a chunked list the version of the object that was present at the time the first list + // result was calculated is returned. + limit?: int64 @go(Limit) @protobuf(7,varint,opt) + + // The continue option should be set when retrieving more results from the server. Since this value is + // server defined, clients may only use the continue value from a previous query result with identical + // query parameters (except for the value of continue) and the server may reject a continue value it + // does not recognize. If the specified continue value is no longer valid whether due to expiration + // (generally five to fifteen minutes) or a configuration change on the server, the server will + // respond with a 410 ResourceExpired error together with a continue token. If the client needs a + // consistent list, it must restart their list without the continue field. Otherwise, the client may + // send another list request with the token received with the 410 error, the server will respond with + // a list starting from the next key, but from the latest snapshot, which is inconsistent from the + // previous list results - objects that are created, modified, or deleted after the first list request + // will be included in the response, as long as their keys are after the "next key". + // + // This field is not supported when watch is true. Clients may start a watch from the last + // resourceVersion value returned by the server and not miss any modifications. + continue?: string @go(Continue) @protobuf(8,bytes,opt) + + // `sendInitialEvents=true` may be set together with `watch=true`. + // In that case, the watch stream will begin with synthetic events to + // produce the current state of objects in the collection. Once all such + // events have been sent, a synthetic "Bookmark" event will be sent. + // The bookmark will report the ResourceVersion (RV) corresponding to the + // set of objects, and be marked with `"k8s.io/initial-events-end": "true"` annotation. + // Afterwards, the watch stream will proceed as usual, sending watch events + // corresponding to changes (subsequent to the RV) to objects watched. + // + // When `sendInitialEvents` option is set, we require `resourceVersionMatch` + // option to also be set. The semantic of the watch request is as following: + // - `resourceVersionMatch` = NotOlderThan + // is interpreted as "data at least as new as the provided `resourceVersion`" + // and the bookmark event is send when the state is synced + // to a `resourceVersion` at least as fresh as the one provided by the ListOptions. + // If `resourceVersion` is unset, this is interpreted as "consistent read" and the + // bookmark event is send when the state is synced at least to the moment + // when request started being processed. + // - `resourceVersionMatch` set to any other value or unset + // Invalid error is returned. + // + // Defaults to true if `resourceVersion=""` or `resourceVersion="0"` (for backward + // compatibility reasons) and to false otherwise. + // +optional + sendInitialEvents?: null | bool @go(SendInitialEvents,*bool) @protobuf(11,varint,opt) +} + +// resourceVersionMatch specifies how the resourceVersion parameter is applied. resourceVersionMatch +// may only be set if resourceVersion is also set. +// +// "NotOlderThan" matches data at least as new as the provided resourceVersion. +// "Exact" matches data at the exact resourceVersion provided. +// +// See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for +// details. +#ResourceVersionMatch: string // #enumResourceVersionMatch + +#enumResourceVersionMatch: + #ResourceVersionMatchNotOlderThan | + #ResourceVersionMatchExact + +// ResourceVersionMatchNotOlderThan matches data at least as new as the provided +// resourceVersion. +#ResourceVersionMatchNotOlderThan: #ResourceVersionMatch & "NotOlderThan" + +// ResourceVersionMatchExact matches data at the exact resourceVersion +// provided. +#ResourceVersionMatchExact: #ResourceVersionMatch & "Exact" + +// GetOptions is the standard query options to the standard REST get call. +#GetOptions: { + #TypeMeta + + // resourceVersion sets a constraint on what resource versions a request may be served from. + // See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for + // details. + // + // Defaults to unset + // +optional + resourceVersion?: string @go(ResourceVersion) @protobuf(1,bytes,opt) +} + +// DeletionPropagation decides if a deletion will propagate to the dependents of +// the object, and how the garbage collector will handle the propagation. +#DeletionPropagation: string // #enumDeletionPropagation + +#enumDeletionPropagation: + #DeletePropagationOrphan | + #DeletePropagationBackground | + #DeletePropagationForeground + +// Orphans the dependents. +#DeletePropagationOrphan: #DeletionPropagation & "Orphan" + +// Deletes the object from the key-value store, the garbage collector will +// delete the dependents in the background. +#DeletePropagationBackground: #DeletionPropagation & "Background" + +// The object exists in the key-value store until the garbage collector +// deletes all the dependents whose ownerReference.blockOwnerDeletion=true +// from the key-value store. API sever will put the "foregroundDeletion" +// finalizer on the object, and sets its deletionTimestamp. This policy is +// cascading, i.e., the dependents will be deleted with Foreground. +#DeletePropagationForeground: #DeletionPropagation & "Foreground" + +// DryRunAll means to complete all processing stages, but don't +// persist changes to storage. +#DryRunAll: "All" + +// DeleteOptions may be provided when deleting an API object. +#DeleteOptions: { + #TypeMeta + + // The duration in seconds before the object should be deleted. Value must be non-negative integer. + // The value zero indicates delete immediately. If this value is nil, the default grace period for the + // specified type will be used. + // Defaults to a per object value if not specified. zero means delete immediately. + // +optional + gracePeriodSeconds?: null | int64 @go(GracePeriodSeconds,*int64) @protobuf(1,varint,opt) + + // Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be + // returned. + // +k8s:conversion-gen=false + // +optional + preconditions?: null | #Preconditions @go(Preconditions,*Preconditions) @protobuf(2,bytes,opt) + + // Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. + // Should the dependent objects be orphaned. If true/false, the "orphan" + // finalizer will be added to/removed from the object's finalizers list. + // Either this field or PropagationPolicy may be set, but not both. + // +optional + orphanDependents?: null | bool @go(OrphanDependents,*bool) @protobuf(3,varint,opt) + + // Whether and how garbage collection will be performed. + // Either this field or OrphanDependents may be set, but not both. + // The default policy is decided by the existing finalizer set in the + // metadata.finalizers and the resource-specific default policy. + // Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - + // allow the garbage collector to delete the dependents in the background; + // 'Foreground' - a cascading policy that deletes all dependents in the + // foreground. + // +optional + propagationPolicy?: null | #DeletionPropagation @go(PropagationPolicy,*DeletionPropagation) @protobuf(4,varint,opt) + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(5,bytes,rep) +} + +// FieldValidationIgnore ignores unknown/duplicate fields +#FieldValidationIgnore: "Ignore" + +// FieldValidationWarn responds with a warning, but successfully serve the request +#FieldValidationWarn: "Warn" + +// FieldValidationStrict fails the request on unknown/duplicate fields +#FieldValidationStrict: "Strict" + +// CreateOptions may be provided when creating an API object. +#CreateOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. + // +optional + fieldManager?: string @go(FieldManager) @protobuf(3,bytes) + + // fieldValidation instructs the server on how to handle + // objects in the request (POST/PUT/PATCH) containing unknown + // or duplicate fields. Valid values are: + // - Ignore: This will ignore any unknown fields that are silently + // dropped from the object, and will ignore all but the last duplicate + // field that the decoder encounters. This is the default behavior + // prior to v1.23. + // - Warn: This will send a warning via the standard warning response + // header for each unknown field that is dropped from the object, and + // for each duplicate field that is encountered. The request will + // still succeed if there are no other errors, and will only persist + // the last of any duplicate fields. This is the default in v1.23+ + // - Strict: This will fail the request with a BadRequest error if + // any unknown fields would be dropped from the object, or if any + // duplicate fields are present. The error returned from the server + // will contain all unknown and duplicate fields encountered. + // +optional + fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) +} + +// PatchOptions may be provided when patching an API object. +// PatchOptions is meant to be a superset of UpdateOptions. +#PatchOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // Force is going to "force" Apply requests. It means user will + // re-acquire conflicting fields owned by other people. Force + // flag must be unset for non-apply patch requests. + // +optional + force?: null | bool @go(Force,*bool) @protobuf(2,varint,opt) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. This + // field is required for apply requests + // (application/apply-patch) but optional for non-apply patch + // types (JsonPatch, MergePatch, StrategicMergePatch). + // +optional + fieldManager?: string @go(FieldManager) @protobuf(3,bytes) + + // fieldValidation instructs the server on how to handle + // objects in the request (POST/PUT/PATCH) containing unknown + // or duplicate fields. Valid values are: + // - Ignore: This will ignore any unknown fields that are silently + // dropped from the object, and will ignore all but the last duplicate + // field that the decoder encounters. This is the default behavior + // prior to v1.23. + // - Warn: This will send a warning via the standard warning response + // header for each unknown field that is dropped from the object, and + // for each duplicate field that is encountered. The request will + // still succeed if there are no other errors, and will only persist + // the last of any duplicate fields. This is the default in v1.23+ + // - Strict: This will fail the request with a BadRequest error if + // any unknown fields would be dropped from the object, or if any + // duplicate fields are present. The error returned from the server + // will contain all unknown and duplicate fields encountered. + // +optional + fieldValidation?: string @go(FieldValidation) @protobuf(4,bytes) +} + +// ApplyOptions may be provided when applying an API object. +// FieldManager is required for apply requests. +// ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation +// that speaks specifically to how the options fields relate to apply. +#ApplyOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // Force is going to "force" Apply requests. It means user will + // re-acquire conflicting fields owned by other people. + force: bool @go(Force) @protobuf(2,varint,opt) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. This + // field is required. + fieldManager: string @go(FieldManager) @protobuf(3,bytes) +} + +// UpdateOptions may be provided when updating an API object. +// All fields in UpdateOptions should also be present in PatchOptions. +#UpdateOptions: { + #TypeMeta + + // When present, indicates that modifications should not be + // persisted. An invalid or unrecognized dryRun directive will + // result in an error response and no further processing of the + // request. Valid values are: + // - All: all dry run stages will be processed + // +optional + dryRun?: [...string] @go(DryRun,[]string) @protobuf(1,bytes,rep) + + // fieldManager is a name associated with the actor or entity + // that is making these changes. The value must be less than or + // 128 characters long, and only contain printable characters, + // as defined by https://golang.org/pkg/unicode/#IsPrint. + // +optional + fieldManager?: string @go(FieldManager) @protobuf(2,bytes) + + // fieldValidation instructs the server on how to handle + // objects in the request (POST/PUT/PATCH) containing unknown + // or duplicate fields. Valid values are: + // - Ignore: This will ignore any unknown fields that are silently + // dropped from the object, and will ignore all but the last duplicate + // field that the decoder encounters. This is the default behavior + // prior to v1.23. + // - Warn: This will send a warning via the standard warning response + // header for each unknown field that is dropped from the object, and + // for each duplicate field that is encountered. The request will + // still succeed if there are no other errors, and will only persist + // the last of any duplicate fields. This is the default in v1.23+ + // - Strict: This will fail the request with a BadRequest error if + // any unknown fields would be dropped from the object, or if any + // duplicate fields are present. The error returned from the server + // will contain all unknown and duplicate fields encountered. + // +optional + fieldValidation?: string @go(FieldValidation) @protobuf(3,bytes) +} + +// Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out. +#Preconditions: { + // Specifies the target UID. + // +optional + uid?: null | types.#UID @go(UID,*types.UID) @protobuf(1,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // Specifies the target ResourceVersion + // +optional + resourceVersion?: null | string @go(ResourceVersion,*string) @protobuf(2,bytes,opt) +} + +// Status is a return value for calls that don't return other objects. +#Status: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // Status of the operation. + // One of: "Success" or "Failure". + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + status?: string @go(Status) @protobuf(2,bytes,opt) + + // A human-readable description of the status of this operation. + // +optional + message?: string @go(Message) @protobuf(3,bytes,opt) + + // A machine-readable description of why this operation is in the + // "Failure" status. If this value is empty there + // is no information available. A Reason clarifies an HTTP status + // code but does not override it. + // +optional + reason?: #StatusReason @go(Reason) @protobuf(4,bytes,opt,casttype=StatusReason) + + // Extended data associated with the reason. Each reason may define its + // own extended details. This field is optional and the data returned + // is not guaranteed to conform to any schema except that defined by + // the reason type. + // +optional + details?: null | #StatusDetails @go(Details,*StatusDetails) @protobuf(5,bytes,opt) + + // Suggested HTTP return code for this status, 0 if not set. + // +optional + code?: int32 @go(Code) @protobuf(6,varint,opt) +} + +// StatusDetails is a set of additional properties that MAY be set by the +// server to provide additional information about a response. The Reason +// field of a Status object defines what attributes will be set. Clients +// must ignore fields that do not match the defined type of each attribute, +// and should assume that any attribute may be empty, invalid, or under +// defined. +#StatusDetails: { + // The name attribute of the resource associated with the status StatusReason + // (when there is a single name which can be described). + // +optional + name?: string @go(Name) @protobuf(1,bytes,opt) + + // The group attribute of the resource associated with the status StatusReason. + // +optional + group?: string @go(Group) @protobuf(2,bytes,opt) + + // The kind attribute of the resource associated with the status StatusReason. + // On some operations may differ from the requested resource Kind. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + kind?: string @go(Kind) @protobuf(3,bytes,opt) + + // UID of the resource. + // (when there is a single resource which can be described). + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + // +optional + uid?: types.#UID @go(UID) @protobuf(6,bytes,opt,casttype=k8s.io/apimachinery/pkg/types.UID) + + // The Causes array includes more details associated with the StatusReason + // failure. Not all StatusReasons may provide detailed causes. + // +optional + causes?: [...#StatusCause] @go(Causes,[]StatusCause) @protobuf(4,bytes,rep) + + // If specified, the time in seconds before the operation should be retried. Some errors may indicate + // the client must take an alternate action - for those errors this field may indicate how long to wait + // before taking the alternate action. + // +optional + retryAfterSeconds?: int32 @go(RetryAfterSeconds) @protobuf(5,varint,opt) +} + +#StatusSuccess: "Success" +#StatusFailure: "Failure" + +// StatusReason is an enumeration of possible failure causes. Each StatusReason +// must map to a single HTTP status code, but multiple reasons may map +// to the same HTTP status code. +// TODO: move to apiserver +#StatusReason: string // #enumStatusReason + +#enumStatusReason: + #StatusReasonUnknown | + #StatusReasonUnauthorized | + #StatusReasonForbidden | + #StatusReasonNotFound | + #StatusReasonAlreadyExists | + #StatusReasonConflict | + #StatusReasonGone | + #StatusReasonInvalid | + #StatusReasonServerTimeout | + #StatusReasonTimeout | + #StatusReasonTooManyRequests | + #StatusReasonBadRequest | + #StatusReasonMethodNotAllowed | + #StatusReasonNotAcceptable | + #StatusReasonRequestEntityTooLarge | + #StatusReasonUnsupportedMediaType | + #StatusReasonInternalError | + #StatusReasonExpired | + #StatusReasonServiceUnavailable + +// StatusReasonUnknown means the server has declined to indicate a specific reason. +// The details field may contain other information about this error. +// Status code 500. +#StatusReasonUnknown: #StatusReason & "" + +// StatusReasonUnauthorized means the server can be reached and understood the request, but requires +// the user to present appropriate authorization credentials (identified by the WWW-Authenticate header) +// in order for the action to be completed. If the user has specified credentials on the request, the +// server considers them insufficient. +// Status code 401 +#StatusReasonUnauthorized: #StatusReason & "Unauthorized" + +// StatusReasonForbidden means the server can be reached and understood the request, but refuses +// to take any further action. It is the result of the server being configured to deny access for some reason +// to the requested resource by the client. +// Details (optional): +// "kind" string - the kind attribute of the forbidden resource +// on some operations may differ from the requested +// resource. +// "id" string - the identifier of the forbidden resource +// Status code 403 +#StatusReasonForbidden: #StatusReason & "Forbidden" + +// StatusReasonNotFound means one or more resources required for this operation +// could not be found. +// Details (optional): +// "kind" string - the kind attribute of the missing resource +// on some operations may differ from the requested +// resource. +// "id" string - the identifier of the missing resource +// Status code 404 +#StatusReasonNotFound: #StatusReason & "NotFound" + +// StatusReasonAlreadyExists means the resource you are creating already exists. +// Details (optional): +// "kind" string - the kind attribute of the conflicting resource +// "id" string - the identifier of the conflicting resource +// Status code 409 +#StatusReasonAlreadyExists: #StatusReason & "AlreadyExists" + +// StatusReasonConflict means the requested operation cannot be completed +// due to a conflict in the operation. The client may need to alter the +// request. Each resource may define custom details that indicate the +// nature of the conflict. +// Status code 409 +#StatusReasonConflict: #StatusReason & "Conflict" + +// StatusReasonGone means the item is no longer available at the server and no +// forwarding address is known. +// Status code 410 +#StatusReasonGone: #StatusReason & "Gone" + +// StatusReasonInvalid means the requested create or update operation cannot be +// completed due to invalid data provided as part of the request. The client may +// need to alter the request. When set, the client may use the StatusDetails +// message field as a summary of the issues encountered. +// Details (optional): +// "kind" string - the kind attribute of the invalid resource +// "id" string - the identifier of the invalid resource +// "causes" - one or more StatusCause entries indicating the data in the +// provided resource that was invalid. The code, message, and +// field attributes will be set. +// Status code 422 +#StatusReasonInvalid: #StatusReason & "Invalid" + +// StatusReasonServerTimeout means the server can be reached and understood the request, +// but cannot complete the action in a reasonable time. The client should retry the request. +// This is may be due to temporary server load or a transient communication issue with +// another server. Status code 500 is used because the HTTP spec provides no suitable +// server-requested client retry and the 5xx class represents actionable errors. +// Details (optional): +// "kind" string - the kind attribute of the resource being acted on. +// "id" string - the operation that is being attempted. +// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried +// Status code 500 +#StatusReasonServerTimeout: #StatusReason & "ServerTimeout" + +// StatusReasonTimeout means that the request could not be completed within the given time. +// Clients can get this response only when they specified a timeout param in the request, +// or if the server cannot complete the operation within a reasonable amount of time. +// The request might succeed with an increased value of timeout param. The client *should* +// wait at least the number of seconds specified by the retryAfterSeconds field. +// Details (optional): +// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried +// Status code 504 +#StatusReasonTimeout: #StatusReason & "Timeout" + +// StatusReasonTooManyRequests means the server experienced too many requests within a +// given window and that the client must wait to perform the action again. A client may +// always retry the request that led to this error, although the client should wait at least +// the number of seconds specified by the retryAfterSeconds field. +// Details (optional): +// "retryAfterSeconds" int32 - the number of seconds before the operation should be retried +// Status code 429 +#StatusReasonTooManyRequests: #StatusReason & "TooManyRequests" + +// StatusReasonBadRequest means that the request itself was invalid, because the request +// doesn't make any sense, for example deleting a read-only object. This is different than +// StatusReasonInvalid above which indicates that the API call could possibly succeed, but the +// data was invalid. API calls that return BadRequest can never succeed. +// Status code 400 +#StatusReasonBadRequest: #StatusReason & "BadRequest" + +// StatusReasonMethodNotAllowed means that the action the client attempted to perform on the +// resource was not supported by the code - for instance, attempting to delete a resource that +// can only be created. API calls that return MethodNotAllowed can never succeed. +// Status code 405 +#StatusReasonMethodNotAllowed: #StatusReason & "MethodNotAllowed" + +// StatusReasonNotAcceptable means that the accept types indicated by the client were not acceptable +// to the server - for instance, attempting to receive protobuf for a resource that supports only json and yaml. +// API calls that return NotAcceptable can never succeed. +// Status code 406 +#StatusReasonNotAcceptable: #StatusReason & "NotAcceptable" + +// StatusReasonRequestEntityTooLarge means that the request entity is too large. +// Status code 413 +#StatusReasonRequestEntityTooLarge: #StatusReason & "RequestEntityTooLarge" + +// StatusReasonUnsupportedMediaType means that the content type sent by the client is not acceptable +// to the server - for instance, attempting to send protobuf for a resource that supports only json and yaml. +// API calls that return UnsupportedMediaType can never succeed. +// Status code 415 +#StatusReasonUnsupportedMediaType: #StatusReason & "UnsupportedMediaType" + +// StatusReasonInternalError indicates that an internal error occurred, it is unexpected +// and the outcome of the call is unknown. +// Details (optional): +// "causes" - The original error +// Status code 500 +#StatusReasonInternalError: #StatusReason & "InternalError" + +// StatusReasonExpired indicates that the request is invalid because the content you are requesting +// has expired and is no longer available. It is typically associated with watches that can't be +// serviced. +// Status code 410 (gone) +#StatusReasonExpired: #StatusReason & "Expired" + +// StatusReasonServiceUnavailable means that the request itself was valid, +// but the requested service is unavailable at this time. +// Retrying the request after some time might succeed. +// Status code 503 +#StatusReasonServiceUnavailable: #StatusReason & "ServiceUnavailable" + +// StatusCause provides more information about an api.Status failure, including +// cases when multiple errors are encountered. +#StatusCause: { + // A machine-readable description of the cause of the error. If this value is + // empty there is no information available. + // +optional + reason?: #CauseType @go(Type) @protobuf(1,bytes,opt,casttype=CauseType) + + // A human-readable description of the cause of the error. This field may be + // presented as-is to a reader. + // +optional + message?: string @go(Message) @protobuf(2,bytes,opt) + + // The field of the resource that has caused this error, as named by its JSON + // serialization. May include dot and postfix notation for nested attributes. + // Arrays are zero-indexed. Fields may appear more than once in an array of + // causes due to fields having multiple errors. + // Optional. + // + // Examples: + // "name" - the field "name" on the current resource + // "items[0].name" - the field "name" on the first array entry in "items" + // +optional + field?: string @go(Field) @protobuf(3,bytes,opt) +} + +// CauseType is a machine readable value providing more detail about what +// occurred in a status response. An operation may have multiple causes for a +// status (whether Failure or Success). +#CauseType: string // #enumCauseType + +#enumCauseType: + #CauseTypeFieldValueNotFound | + #CauseTypeFieldValueRequired | + #CauseTypeFieldValueDuplicate | + #CauseTypeFieldValueInvalid | + #CauseTypeFieldValueNotSupported | + #CauseTypeForbidden | + #CauseTypeTooLong | + #CauseTypeTooMany | + #CauseTypeInternal | + #CauseTypeTypeInvalid | + #CauseTypeUnexpectedServerResponse | + #CauseTypeFieldManagerConflict | + #CauseTypeResourceVersionTooLarge + +// CauseTypeFieldValueNotFound is used to report failure to find a requested value +// (e.g. looking up an ID). +#CauseTypeFieldValueNotFound: #CauseType & "FieldValueNotFound" + +// CauseTypeFieldValueRequired is used to report required values that are not +// provided (e.g. empty strings, null values, or empty arrays). +#CauseTypeFieldValueRequired: #CauseType & "FieldValueRequired" + +// CauseTypeFieldValueDuplicate is used to report collisions of values that must be +// unique (e.g. unique IDs). +#CauseTypeFieldValueDuplicate: #CauseType & "FieldValueDuplicate" + +// CauseTypeFieldValueInvalid is used to report malformed values (e.g. failed regex +// match). +#CauseTypeFieldValueInvalid: #CauseType & "FieldValueInvalid" + +// CauseTypeFieldValueNotSupported is used to report valid (as per formatting rules) +// values that can not be handled (e.g. an enumerated string). +#CauseTypeFieldValueNotSupported: #CauseType & "FieldValueNotSupported" + +// CauseTypeForbidden is used to report valid (as per formatting rules) +// values which would be accepted under some conditions, but which are not +// permitted by the current conditions (such as security policy). See +// Forbidden(). +#CauseTypeForbidden: #CauseType & "FieldValueForbidden" + +// CauseTypeTooLong is used to report that the given value is too long. +// This is similar to ErrorTypeInvalid, but the error will not include the +// too-long value. See TooLong(). +#CauseTypeTooLong: #CauseType & "FieldValueTooLong" + +// CauseTypeTooMany is used to report "too many". This is used to +// report that a given list has too many items. This is similar to FieldValueTooLong, +// but the error indicates quantity instead of length. +#CauseTypeTooMany: #CauseType & "FieldValueTooMany" + +// CauseTypeInternal is used to report other errors that are not related +// to user input. See InternalError(). +#CauseTypeInternal: #CauseType & "InternalError" + +// CauseTypeTypeInvalid is for the value did not match the schema type for that field +#CauseTypeTypeInvalid: #CauseType & "FieldValueTypeInvalid" + +// CauseTypeUnexpectedServerResponse is used to report when the server responded to the client +// without the expected return type. The presence of this cause indicates the error may be +// due to an intervening proxy or the server software malfunctioning. +#CauseTypeUnexpectedServerResponse: #CauseType & "UnexpectedServerResponse" + +// FieldManagerConflict is used to report when another client claims to manage this field, +// It should only be returned for a request using server-side apply. +#CauseTypeFieldManagerConflict: #CauseType & "FieldManagerConflict" + +// CauseTypeResourceVersionTooLarge is used to report that the requested resource version +// is newer than the data observed by the API server, so the request cannot be served. +#CauseTypeResourceVersionTooLarge: #CauseType & "ResourceVersionTooLarge" + +// List holds a list of objects, which may not be known by the server. +#List: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // List of objects + items: [...runtime.#RawExtension] @go(Items,[]runtime.RawExtension) @protobuf(2,bytes,rep) +} + +// APIVersions lists the versions that are available, to allow clients to +// discover the API at /api, which is the root path of the legacy v1 API. +// +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#APIVersions: { + #TypeMeta + + // versions are the api versions that are available. + versions: [...string] @go(Versions,[]string) @protobuf(1,bytes,rep) + + // a map of client CIDR to server address that is serving this group. + // This is to help clients reach servers in the most network-efficient way possible. + // Clients can use the appropriate server address as per the CIDR that they match. + // In case of multiple matches, clients should use the longest matching CIDR. + // The server returns only those CIDRs that it thinks that the client can match. + // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. + // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. + serverAddressByClientCIDRs: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(2,bytes,rep) +} + +// APIGroupList is a list of APIGroup, to allow clients to discover the API at +// /apis. +#APIGroupList: { + #TypeMeta + + // groups is a list of APIGroup. + groups: [...#APIGroup] @go(Groups,[]APIGroup) @protobuf(1,bytes,rep) +} + +// APIGroup contains the name, the supported versions, and the preferred version +// of a group. +#APIGroup: { + #TypeMeta + + // name is the name of the group. + name: string @go(Name) @protobuf(1,bytes,opt) + + // versions are the versions supported in this group. + versions: [...#GroupVersionForDiscovery] @go(Versions,[]GroupVersionForDiscovery) @protobuf(2,bytes,rep) + + // preferredVersion is the version preferred by the API server, which + // probably is the storage version. + // +optional + preferredVersion?: #GroupVersionForDiscovery @go(PreferredVersion) @protobuf(3,bytes,opt) + + // a map of client CIDR to server address that is serving this group. + // This is to help clients reach servers in the most network-efficient way possible. + // Clients can use the appropriate server address as per the CIDR that they match. + // In case of multiple matches, clients should use the longest matching CIDR. + // The server returns only those CIDRs that it thinks that the client can match. + // For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. + // Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP. + // +optional + serverAddressByClientCIDRs?: [...#ServerAddressByClientCIDR] @go(ServerAddressByClientCIDRs,[]ServerAddressByClientCIDR) @protobuf(4,bytes,rep) +} + +// ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match. +#ServerAddressByClientCIDR: { + // The CIDR with which clients can match their IP to figure out the server address that they should use. + clientCIDR: string @go(ClientCIDR) @protobuf(1,bytes,opt) + + // Address of this server, suitable for a client that matches the above CIDR. + // This can be a hostname, hostname:port, IP or IP:port. + serverAddress: string @go(ServerAddress) @protobuf(2,bytes,opt) +} + +// GroupVersion contains the "group/version" and "version" string of a version. +// It is made a struct to keep extensibility. +#GroupVersionForDiscovery: { + // groupVersion specifies the API group and version in the form "group/version" + groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) + + // version specifies the version in the form of "version". This is to save + // the clients the trouble of splitting the GroupVersion. + version: string @go(Version) @protobuf(2,bytes,opt) +} + +// APIResource specifies the name of a resource and whether it is namespaced. +#APIResource: { + // name is the plural name of the resource. + name: string @go(Name) @protobuf(1,bytes,opt) + + // singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. + // The singularName is more correct for reporting status on a single item and both singular and plural are allowed + // from the kubectl CLI interface. + singularName: string @go(SingularName) @protobuf(6,bytes,opt) + + // namespaced indicates if a resource is namespaced or not. + namespaced: bool @go(Namespaced) @protobuf(2,varint,opt) + + // group is the preferred group of the resource. Empty implies the group of the containing resource list. + // For subresources, this may have a different value, for example: Scale". + group?: string @go(Group) @protobuf(8,bytes,opt) + + // version is the preferred version of the resource. Empty implies the version of the containing resource list + // For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)". + version?: string @go(Version) @protobuf(9,bytes,opt) + + // kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo') + kind: string @go(Kind) @protobuf(3,bytes,opt) + + // verbs is a list of supported kube verbs (this includes get, list, watch, create, + // update, patch, delete, deletecollection, and proxy) + verbs: #Verbs @go(Verbs) @protobuf(4,bytes,opt) + + // shortNames is a list of suggested short names of the resource. + shortNames?: [...string] @go(ShortNames,[]string) @protobuf(5,bytes,rep) + + // categories is a list of the grouped resources this resource belongs to (e.g. 'all') + categories?: [...string] @go(Categories,[]string) @protobuf(7,bytes,rep) + + // The hash value of the storage version, the version this resource is + // converted to when written to the data store. Value must be treated + // as opaque by clients. Only equality comparison on the value is valid. + // This is an alpha feature and may change or be removed in the future. + // The field is populated by the apiserver only if the + // StorageVersionHash feature gate is enabled. + // This field will remain optional even if it graduates. + // +optional + storageVersionHash?: string @go(StorageVersionHash) @protobuf(10,bytes,opt) +} + +// Verbs masks the value so protobuf can generate +// +// +protobuf.nullable=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +#Verbs: [...string] + +// APIResourceList is a list of APIResource, it is used to expose the name of the +// resources supported in a specific group and version, and if the resource +// is namespaced. +#APIResourceList: { + #TypeMeta + + // groupVersion is the group and version this APIResourceList is for. + groupVersion: string @go(GroupVersion) @protobuf(1,bytes,opt) + + // resources contains the name of the resources and if they are namespaced. + resources: [...#APIResource] @go(APIResources,[]APIResource) @protobuf(2,bytes,rep) +} + +// RootPaths lists the paths available at root. +// For example: "/healthz", "/apis". +#RootPaths: { + // paths are the paths available at root. + paths: [...string] @go(Paths,[]string) @protobuf(1,bytes,rep) +} + +// Patch is provided to give a concrete name and type to the Kubernetes PATCH request body. +#Patch: { +} + +// A label selector is a label query over a set of resources. The result of matchLabels and +// matchExpressions are ANDed. An empty label selector matches all objects. A null +// label selector matches no objects. +// +structType=atomic +#LabelSelector: { + // matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + // map is equivalent to an element of matchExpressions, whose key field is "key", the + // operator is "In", and the values array contains only "value". The requirements are ANDed. + // +optional + matchLabels?: {[string]: string} @go(MatchLabels,map[string]string) @protobuf(1,bytes,rep) + + // matchExpressions is a list of label selector requirements. The requirements are ANDed. + // +optional + matchExpressions?: [...#LabelSelectorRequirement] @go(MatchExpressions,[]LabelSelectorRequirement) @protobuf(2,bytes,rep) +} + +// A label selector requirement is a selector that contains values, a key, and an operator that +// relates the key and values. +#LabelSelectorRequirement: { + // key is the label key that the selector applies to. + key: string @go(Key) @protobuf(1,bytes,opt) + + // operator represents a key's relationship to a set of values. + // Valid operators are In, NotIn, Exists and DoesNotExist. + operator: #LabelSelectorOperator @go(Operator) @protobuf(2,bytes,opt,casttype=LabelSelectorOperator) + + // values is an array of string values. If the operator is In or NotIn, + // the values array must be non-empty. If the operator is Exists or DoesNotExist, + // the values array must be empty. This array is replaced during a strategic + // merge patch. + // +optional + values?: [...string] @go(Values,[]string) @protobuf(3,bytes,rep) +} + +// A label selector operator is the set of operators that can be used in a selector requirement. +#LabelSelectorOperator: string // #enumLabelSelectorOperator + +#enumLabelSelectorOperator: + #LabelSelectorOpIn | + #LabelSelectorOpNotIn | + #LabelSelectorOpExists | + #LabelSelectorOpDoesNotExist + +#LabelSelectorOpIn: #LabelSelectorOperator & "In" +#LabelSelectorOpNotIn: #LabelSelectorOperator & "NotIn" +#LabelSelectorOpExists: #LabelSelectorOperator & "Exists" +#LabelSelectorOpDoesNotExist: #LabelSelectorOperator & "DoesNotExist" + +// ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource +// that the fieldset applies to. +#ManagedFieldsEntry: { + // Manager is an identifier of the workflow managing these fields. + manager?: string @go(Manager) @protobuf(1,bytes,opt) + + // Operation is the type of operation which lead to this ManagedFieldsEntry being created. + // The only valid values for this field are 'Apply' and 'Update'. + operation?: #ManagedFieldsOperationType @go(Operation) @protobuf(2,bytes,opt,casttype=ManagedFieldsOperationType) + + // APIVersion defines the version of this resource that this field set + // applies to. The format is "group/version" just like the top-level + // APIVersion field. It is necessary to track the version of a field + // set because it cannot be automatically converted. + apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt) + + // Time is the timestamp of when the ManagedFields entry was added. The + // timestamp will also be updated if a field is added, the manager + // changes any of the owned fields value or removes a field. The + // timestamp does not update when a field is removed from the entry + // because another manager took it over. + // +optional + time?: null | #Time @go(Time,*Time) @protobuf(4,bytes,opt) + + // FieldsType is the discriminator for the different fields format and version. + // There is currently only one possible value: "FieldsV1" + fieldsType?: string @go(FieldsType) @protobuf(6,bytes,opt) + + // FieldsV1 holds the first JSON version format as described in the "FieldsV1" type. + // +optional + fieldsV1?: null | #FieldsV1 @go(FieldsV1,*FieldsV1) @protobuf(7,bytes,opt) + + // Subresource is the name of the subresource used to update that object, or + // empty string if the object was updated through the main resource. The + // value of this field is used to distinguish between managers, even if they + // share the same name. For example, a status update will be distinct from a + // regular update using the same manager name. + // Note that the APIVersion field is not related to the Subresource field and + // it always corresponds to the version of the main resource. + subresource?: string @go(Subresource) @protobuf(8,bytes,opt) +} + +// ManagedFieldsOperationType is the type of operation which lead to a ManagedFieldsEntry being created. +#ManagedFieldsOperationType: string // #enumManagedFieldsOperationType + +#enumManagedFieldsOperationType: + #ManagedFieldsOperationApply | + #ManagedFieldsOperationUpdate + +#ManagedFieldsOperationApply: #ManagedFieldsOperationType & "Apply" +#ManagedFieldsOperationUpdate: #ManagedFieldsOperationType & "Update" + +// FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format. +// +// Each key is either a '.' representing the field itself, and will always map to an empty set, +// or a string representing a sub-field or item. The string will follow one of these four formats: +// 'f:', where is the name of a field in a struct, or key in a map +// 'v:', where is the exact json formatted value of a list item +// 'i:', where is position of a item in a list +// 'k:', where is a map of a list item's key fields to their unique values +// If a key maps to an empty Fields value, the field that key represents is part of the set. +// +// The exact format is defined in sigs.k8s.io/structured-merge-diff +// +protobuf.options.(gogoproto.goproto_stringer)=false +#FieldsV1: _ + +// Table is a tabular representation of a set of API resources. The server transforms the +// object into a set of preferred columns for quickly reviewing the objects. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +protobuf=false +#Table: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) + + // columnDefinitions describes each column in the returned items array. The number of cells per row + // will always match the number of column definitions. + columnDefinitions: [...#TableColumnDefinition] @go(ColumnDefinitions,[]TableColumnDefinition) + + // rows is the list of items in the table. + rows: [...#TableRow] @go(Rows,[]TableRow) +} + +// TableColumnDefinition contains information about a column returned in the Table. +// +protobuf=false +#TableColumnDefinition: { + // name is a human readable name for the column. + name: string @go(Name) + + // type is an OpenAPI type definition for this column, such as number, integer, string, or + // array. + // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. + type: string @go(Type) + + // format is an optional OpenAPI type modifier for this column. A format modifies the type and + // imposes additional rules, like date or time formatting for a string. The 'name' format is applied + // to the primary identifier column which has type 'string' to assist in clients identifying column + // is the resource name. + // See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more. + format: string @go(Format) + + // description is a human readable description of this column. + description: string @go(Description) + + // priority is an integer defining the relative importance of this column compared to others. Lower + // numbers are considered higher priority. Columns that may be omitted in limited space scenarios + // should be given a higher priority. + priority: int32 @go(Priority) +} + +// TableRow is an individual row in a table. +// +protobuf=false +#TableRow: { + // cells will be as wide as the column definitions array and may contain strings, numbers (float64 or + // int64), booleans, simple maps, lists, or null. See the type field of the column definition for a + // more detailed description. + cells: [...] @go(Cells,[]interface{}) + + // conditions describe additional status of a row that are relevant for a human user. These conditions + // apply to the row, not to the object, and will be specific to table output. The only defined + // condition type is 'Completed', for a row that indicates a resource that has run to completion and + // can be given less visual priority. + // +optional + conditions?: [...#TableRowCondition] @go(Conditions,[]TableRowCondition) + + // This field contains the requested additional information about each object based on the includeObject + // policy when requesting the Table. If "None", this field is empty, if "Object" this will be the + // default serialization of the object for the current API version, and if "Metadata" (the default) will + // contain the object metadata. Check the returned kind and apiVersion of the object before parsing. + // The media type of the object will always match the enclosing list - if this as a JSON table, these + // will be JSON encoded objects. + // +optional + object?: runtime.#RawExtension @go(Object) +} + +// TableRowCondition allows a row to be marked with additional information. +// +protobuf=false +#TableRowCondition: { + // Type of row condition. The only defined value is 'Completed' indicating that the + // object this row represents has reached a completed state and may be given less visual + // priority than other rows. Clients are not required to honor any conditions but should + // be consistent where possible about handling the conditions. + type: #RowConditionType @go(Type) + + // Status of the condition, one of True, False, Unknown. + status: #ConditionStatus @go(Status) + + // (brief) machine readable reason for the condition's last transition. + // +optional + reason?: string @go(Reason) + + // Human readable message indicating details about last transition. + // +optional + message?: string @go(Message) +} + +#RowConditionType: string // #enumRowConditionType + +#enumRowConditionType: + #RowCompleted + +// RowCompleted means the underlying resource has reached completion and may be given less +// visual priority than other resources. +#RowCompleted: #RowConditionType & "Completed" + +#ConditionStatus: string // #enumConditionStatus + +#enumConditionStatus: + #ConditionTrue | + #ConditionFalse | + #ConditionUnknown + +#ConditionTrue: #ConditionStatus & "True" +#ConditionFalse: #ConditionStatus & "False" +#ConditionUnknown: #ConditionStatus & "Unknown" + +// IncludeObjectPolicy controls which portion of the object is returned with a Table. +#IncludeObjectPolicy: string // #enumIncludeObjectPolicy + +#enumIncludeObjectPolicy: + #IncludeNone | + #IncludeMetadata | + #IncludeObject + +// IncludeNone returns no object. +#IncludeNone: #IncludeObjectPolicy & "None" + +// IncludeMetadata serializes the object containing only its metadata field. +#IncludeMetadata: #IncludeObjectPolicy & "Metadata" + +// IncludeObject contains the full object. +#IncludeObject: #IncludeObjectPolicy & "Object" + +// TableOptions are used when a Table is requested by the caller. +// +k8s:conversion-gen:explicit-from=net/url.Values +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#TableOptions: { + #TypeMeta + + // includeObject decides whether to include each object along with its columnar information. + // Specifying "None" will return no object, specifying "Object" will return the full object contents, and + // specifying "Metadata" (the default) will return the object's metadata in the PartialObjectMetadata kind + // in version v1beta1 of the meta.k8s.io API group. + includeObject?: #IncludeObjectPolicy @go(IncludeObject) @protobuf(1,bytes,opt,casttype=IncludeObjectPolicy) +} + +// PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients +// to get access to a particular ObjectMeta schema without knowing the details of the version. +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#PartialObjectMetadata: { + #TypeMeta + + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + metadata?: #ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt) +} + +// PartialObjectMetadataList contains a list of objects containing only their metadata +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#PartialObjectMetadataList: { + #TypeMeta + + // Standard list metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + // +optional + metadata?: #ListMeta @go(ListMeta) @protobuf(1,bytes,opt) + + // items contains each of the included items. + items: [...#PartialObjectMetadata] @go(Items,[]PartialObjectMetadata) @protobuf(2,bytes,rep) +} + +// Condition contains details for one aspect of the current state of this API Resource. +// --- +// This struct is intended for direct use as an array at the field path .status.conditions. For example, +// +// type FooStatus struct{ +// // Represents the observations of a foo's current state. +// // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" +// // +patchMergeKey=type +// // +patchStrategy=merge +// // +listType=map +// // +listMapKey=type +// Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +// +// // other fields +// } +#Condition: { + // type of condition in CamelCase or in foo.example.com/CamelCase. + // --- + // Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + // useful (see .node.status.conditions), the ability to deconflict is important. + // The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$` + // +kubebuilder:validation:MaxLength=316 + type: string @go(Type) @protobuf(1,bytes,opt) + + // status of the condition, one of True, False, Unknown. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + status: #ConditionStatus @go(Status) @protobuf(2,bytes,opt) + + // observedGeneration represents the .metadata.generation that the condition was set based upon. + // For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + // with respect to the current state of the instance. + // +optional + // +kubebuilder:validation:Minimum=0 + observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt) + + // lastTransitionTime is the last time the condition transitioned from one status to another. + // This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:Type=string + // +kubebuilder:validation:Format=date-time + lastTransitionTime: #Time @go(LastTransitionTime) @protobuf(4,bytes,opt) + + // reason contains a programmatic identifier indicating the reason for the condition's last transition. + // Producers of specific condition types may define expected values and meanings for this field, + // and whether the values are considered a guaranteed API. + // The value should be a CamelCase string. + // This field may not be empty. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=1024 + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:Pattern=`^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$` + reason: string @go(Reason) @protobuf(5,bytes,opt) + + // message is a human readable message indicating details about the transition. + // This may be an empty string. + // +required + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=32768 + message: string @go(Message) @protobuf(6,bytes,opt) +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue new file mode 100644 index 0000000..12f5f1b --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/apis/meta/v1/watch_go_gen.cue @@ -0,0 +1,30 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/apis/meta/v1 + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/watch" +) + +// Event represents a single event to a watched resource. +// +// +protobuf=true +// +k8s:deepcopy-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +#WatchEvent: { + type: string @go(Type) @protobuf(1,bytes,opt) + + // Object is: + // * If Type is Added or Modified: the new state of the object. + // * If Type is Deleted: the state of the object immediately before deletion. + // * If Type is Error: *Status is recommended; other types may make sense + // depending on context. + object: runtime.#RawExtension @go(Object) @protobuf(2,bytes,opt) +} + +// InternalEvent makes watch.Event versioned +// +protobuf=false +#InternalEvent: watch.#Event diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue new file mode 100644 index 0000000..43474c3 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/allocator_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// SimpleAllocator a wrapper around make([]byte) +// conforms to the MemoryAllocator interface +#SimpleAllocator: { +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue new file mode 100644 index 0000000..a05de5d --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/codec_go_gen.cue @@ -0,0 +1,37 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// codec binds an encoder and decoder. +_#codec: { + Encoder: #Encoder + Decoder: #Decoder +} + +// NoopEncoder converts an Decoder to a Serializer or Codec for code that expects them but only uses decoding. +#NoopEncoder: { + Decoder: #Decoder +} + +_#noopEncoderIdentifier: #Identifier & "noop" + +// NoopDecoder converts an Encoder to a Serializer or Codec for code that expects them but only uses encoding. +#NoopDecoder: { + Encoder: #Encoder +} + +_#base64Serializer: { + Encoder: #Encoder + Decoder: #Decoder +} + +_#internalGroupVersionerIdentifier: "internal" +_#disabledGroupVersionerIdentifier: "disabled" + +_#internalGroupVersioner: { +} + +_#disabledGroupVersioner: { +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue new file mode 100644 index 0000000..ce6d644 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/conversion_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +// Package runtime defines conversions between generic types and structs to map query strings +// to struct objects. +package runtime diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue new file mode 100644 index 0000000..f49ad1e --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/converter_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// UnstructuredConverter is an interface for converting between interface{} +// and map[string]interface representation. +#UnstructuredConverter: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue new file mode 100644 index 0000000..89c5c51 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/doc_go_gen.cue @@ -0,0 +1,39 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +// Package runtime includes helper functions for working with API objects +// that follow the kubernetes API object conventions, which are: +// +// 0. Your API objects have a common metadata struct member, TypeMeta. +// +// 1. Your code refers to an internal set of API objects. +// +// 2. In a separate package, you have an external set of API objects. +// +// 3. The external set is considered to be versioned, and no breaking +// changes are ever made to it (fields may be added but not changed +// or removed). +// +// 4. As your api evolves, you'll make an additional versioned package +// with every major change. +// +// 5. Versioned packages have conversion functions which convert to +// and from the internal version. +// +// 6. You'll continue to support older versions according to your +// deprecation policy, and you can easily provide a program/library +// to update old versions into new versions because of 5. +// +// 7. All of your serializations and deserializations are handled in a +// centralized place. +// +// Package runtime provides a conversion helper to make 5 easy, and the +// Encode/Decode/DecodeInto trio to accomplish 7. You can also register +// additional "codecs" which use a version of your choice. It's +// recommended that you register your types with runtime in your +// package's init function. +// +// As a bonus, a few common types useful from all api objects and versions +// are provided in types.go. +package runtime diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue new file mode 100644 index 0000000..d43f15f --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/embedded_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +_#encodable: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue new file mode 100644 index 0000000..ec8f1f0 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/helper_go_gen.cue @@ -0,0 +1,23 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// MultiObjectTyper returns the types of objects across multiple schemes in order. +#MultiObjectTyper: [...#ObjectTyper] + +_#defaultFramer: { +} + +// WithVersionEncoder serializes an object and ensures the GVK is set. +#WithVersionEncoder: { + Version: #GroupVersioner + Encoder: #Encoder + ObjectTyper: #ObjectTyper +} + +// WithoutVersionDecoder clears the group version kind of a deserialized object. +#WithoutVersionDecoder: { + Decoder: #Decoder +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue new file mode 100644 index 0000000..22abcb6 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/interfaces_go_gen.cue @@ -0,0 +1,165 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// APIVersionInternal may be used if you are registering a type that should not +// be considered stable or serialized - it is a convention only and has no +// special behavior in this package. +#APIVersionInternal: "__internal" + +// GroupVersioner refines a set of possible conversion targets into a single option. +#GroupVersioner: _ + +// Identifier represents an identifier. +// Identitier of two different objects should be equal if and only if for every +// input the output they produce is exactly the same. +#Identifier: string // #enumIdentifier + +#enumIdentifier: + _#noopEncoderIdentifier + +// Encoder writes objects to a serialized form +#Encoder: _ + +// MemoryAllocator is responsible for allocating memory. +// By encapsulating memory allocation into its own interface, we can reuse the memory +// across many operations in places we know it can significantly improve the performance. +#MemoryAllocator: _ + +// EncoderWithAllocator serializes objects in a way that allows callers to manage any additional memory allocations. +#EncoderWithAllocator: _ + +// Decoder attempts to load an object from data. +#Decoder: _ + +// Serializer is the core interface for transforming objects into a serialized format and back. +// Implementations may choose to perform conversion of the object, but no assumptions should be made. +#Serializer: _ + +// Codec is a Serializer that deals with the details of versioning objects. It offers the same +// interface as Serializer, so this is a marker to consumers that care about the version of the objects +// they receive. +#Codec: #Serializer + +// ParameterCodec defines methods for serializing and deserializing API objects to url.Values and +// performing any necessary conversion. Unlike the normal Codec, query parameters are not self describing +// and the desired version must be specified. +#ParameterCodec: _ + +// Framer is a factory for creating readers and writers that obey a particular framing pattern. +#Framer: _ + +// SerializerInfo contains information about a specific serialization format +#SerializerInfo: { + // MediaType is the value that represents this serializer over the wire. + MediaType: string + + // MediaTypeType is the first part of the MediaType ("application" in "application/json"). + MediaTypeType: string + + // MediaTypeSubType is the second part of the MediaType ("json" in "application/json"). + MediaTypeSubType: string + + // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. + EncodesAsText: bool + + // Serializer is the individual object serializer for this media type. + Serializer: #Serializer + + // PrettySerializer, if set, can serialize this object in a form biased towards + // readability. + PrettySerializer: #Serializer + + // StrictSerializer, if set, deserializes this object strictly, + // erring on unknown fields. + StrictSerializer: #Serializer + + // StreamSerializer, if set, describes the streaming serialization format + // for this media type. + StreamSerializer?: null | #StreamSerializerInfo @go(,*StreamSerializerInfo) +} + +// StreamSerializerInfo contains information about a specific stream serialization format +#StreamSerializerInfo: { + // EncodesAsText indicates this serializer can be encoded to UTF-8 safely. + EncodesAsText: bool + + // Serializer is the top level object serializer for this type when streaming + Serializer: #Serializer + + // Framer is the factory for retrieving streams that separate objects on the wire + Framer: #Framer +} + +// NegotiatedSerializer is an interface used for obtaining encoders, decoders, and serializers +// for multiple supported media types. This would commonly be accepted by a server component +// that performs HTTP content negotiation to accept multiple formats. +#NegotiatedSerializer: _ + +// ClientNegotiator handles turning an HTTP content type into the appropriate encoder. +// Use NewClientNegotiator or NewVersionedClientNegotiator to create this interface from +// a NegotiatedSerializer. +#ClientNegotiator: _ + +// StorageSerializer is an interface used for obtaining encoders, decoders, and serializers +// that can read and write data at rest. This would commonly be used by client tools that must +// read files, or server side storage interfaces that persist restful objects. +#StorageSerializer: _ + +// NestedObjectEncoder is an optional interface that objects may implement to be given +// an opportunity to encode any nested Objects / RawExtensions during serialization. +#NestedObjectEncoder: _ + +// NestedObjectDecoder is an optional interface that objects may implement to be given +// an opportunity to decode any nested Objects / RawExtensions during serialization. +// It is possible for DecodeNestedObjects to return a non-nil error but for the decoding +// to have succeeded in the case of strict decoding errors (e.g. unknown/duplicate fields). +// As such it is important for callers of DecodeNestedObjects to check to confirm whether +// an error is a runtime.StrictDecodingError before short circuiting. +// Similarly, implementations of DecodeNestedObjects should ensure that a runtime.StrictDecodingError +// is only returned when the rest of decoding has succeeded. +#NestedObjectDecoder: _ + +#ObjectDefaulter: _ + +#ObjectVersioner: _ + +// ObjectConvertor converts an object to a different version. +#ObjectConvertor: _ + +// ObjectTyper contains methods for extracting the APIVersion and Kind +// of objects. +#ObjectTyper: _ + +// ObjectCreater contains methods for instantiating an object by kind and version. +#ObjectCreater: _ + +// EquivalentResourceMapper provides information about resources that address the same underlying data as a specified resource +#EquivalentResourceMapper: _ + +// EquivalentResourceRegistry provides an EquivalentResourceMapper interface, +// and allows registering known resource[/subresource] -> kind +#EquivalentResourceRegistry: _ + +// ResourceVersioner provides methods for setting and retrieving +// the resource version from an API object. +#ResourceVersioner: _ + +// Namer provides methods for retrieving name and namespace of an API object. +#Namer: _ + +// Object interface must be supported by all API types registered with Scheme. Since objects in a scheme are +// expected to be serialized to the wire, the interface an Object must provide to the Scheme allows +// serializers to set the kind, version, and group the object is represented as. An Object may choose +// to return a no-op ObjectKindAccessor in cases where it is not expected to be serialized. +#Object: _ + +// CacheableObject allows an object to cache its different serializations +// to avoid performing the same serialization multiple times. +#CacheableObject: _ + +// Unstructured objects store values as map[string]interface{}, with only values that can be serialized +// to JSON allowed. +#Unstructured: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue new file mode 100644 index 0000000..7580f46 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/negotiate_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// NegotiateError is returned when a ClientNegotiator is unable to locate +// a serializer for the requested operation. +#NegotiateError: { + ContentType: string + Stream: bool +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue new file mode 100644 index 0000000..bd9c409 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/splice_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// Splice is the interface that wraps the Splice method. +// +// Splice moves data from given slice without copying the underlying data for +// efficiency purpose. Therefore, the caller should make sure the underlying +// data is not changed later. +#Splice: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue new file mode 100644 index 0000000..9dfc078 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator_go_gen.cue @@ -0,0 +1,14 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// Pair of strings. We keed the name of fields and the doc +#Pair: { + Name: string + Doc: string +} + +// KubeTypes is an array to represent all available types in a parsed file. [0] is for the type itself +#KubeTypes: [...#Pair] diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue new file mode 100644 index 0000000..d1ee609 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_go_gen.cue @@ -0,0 +1,97 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +// TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, +// like this: +// +// type MyAwesomeAPIObject struct { +// runtime.TypeMeta `json:",inline"` +// ... // other fields +// } +// +// func (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind +// +// TypeMeta is provided here for convenience. You may use it directly from this package or define +// your own with the same fields. +// +// +k8s:deepcopy-gen=false +// +protobuf=true +// +k8s:openapi-gen=true +#TypeMeta: { + // +optional + apiVersion?: string @go(APIVersion) @protobuf(1,bytes,opt) + + // +optional + kind?: string @go(Kind) @protobuf(2,bytes,opt) +} + +#ContentTypeJSON: "application/json" +#ContentTypeYAML: "application/yaml" +#ContentTypeProtobuf: "application/vnd.kubernetes.protobuf" + +// RawExtension is used to hold extensions in external versions. +// +// To use this, make a field which has RawExtension as its type in your external, versioned +// struct, and Object in your internal struct. You also need to register your +// various plugin types. +// +// // Internal package: +// +// type MyAPIObject struct { +// runtime.TypeMeta `json:",inline"` +// MyPlugin runtime.Object `json:"myPlugin"` +// } +// +// type PluginA struct { +// AOption string `json:"aOption"` +// } +// +// // External package: +// +// type MyAPIObject struct { +// runtime.TypeMeta `json:",inline"` +// MyPlugin runtime.RawExtension `json:"myPlugin"` +// } +// +// type PluginA struct { +// AOption string `json:"aOption"` +// } +// +// // On the wire, the JSON will look something like this: +// +// { +// "kind":"MyAPIObject", +// "apiVersion":"v1", +// "myPlugin": { +// "kind":"PluginA", +// "aOption":"foo", +// }, +// } +// +// So what happens? Decode first uses json or yaml to unmarshal the serialized data into +// your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. +// The next step is to copy (using pkg/conversion) into the internal struct. The runtime +// package's DefaultScheme has conversion functions installed which will unpack the +// JSON stored in RawExtension, turning it into the correct object type, and storing it +// in the Object. (TODO: In the case where the object is of an unknown type, a +// runtime.Unknown object will be created and stored.) +// +// +k8s:deepcopy-gen=true +// +protobuf=true +// +k8s:openapi-gen=true +#RawExtension: _ + +// Unknown allows api objects with unknown types to be passed-through. This can be used +// to deal with the API objects from a plug-in. Unknown objects still have functioning +// TypeMeta features-- kind, version, etc. +// TODO: Make this object have easy access to field based accessors and settors for +// metadata and field mutatation. +// +// +k8s:deepcopy-gen=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +protobuf=true +// +k8s:openapi-gen=true +#Unknown: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue new file mode 100644 index 0000000..8b8ddf8 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/runtime/types_proto_go_gen.cue @@ -0,0 +1,9 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/runtime + +package runtime + +#ProtobufMarshaller: _ + +#ProtobufReverseMarshaller: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue new file mode 100644 index 0000000..bfb4bcd --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/types/doc_go_gen.cue @@ -0,0 +1,6 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +// Package types implements various generic types used throughout kubernetes. +package types diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue new file mode 100644 index 0000000..7cb2745 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/types/namespacedname_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +#NamespacedName: { + Namespace: string + Name: string +} + +#Separator: 47 // '/' diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue new file mode 100644 index 0000000..8b264b8 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/types/nodename_go_gen.cue @@ -0,0 +1,31 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +// NodeName is a type that holds a api.Node's Name identifier. +// Being a type captures intent and helps make sure that the node name +// is not confused with similar concepts (the hostname, the cloud provider id, +// the cloud provider name etc) +// +// To clarify the various types: +// +// - Node.Name is the Name field of the Node in the API. This should be stored in a NodeName. +// Unfortunately, because Name is part of ObjectMeta, we can't store it as a NodeName at the API level. +// +// - Hostname is the hostname of the local machine (from uname -n). +// However, some components allow the user to pass in a --hostname-override flag, +// which will override this in most places. In the absence of anything more meaningful, +// kubelet will use Hostname as the Node.Name when it creates the Node. +// +// * The cloudproviders have the own names: GCE has InstanceName, AWS has InstanceId. +// +// For GCE, InstanceName is the Name of an Instance object in the GCE API. On GCE, Instance.Name becomes the +// Hostname, and thus it makes sense also to use it as the Node.Name. But that is GCE specific, and it is up +// to the cloudprovider how to do this mapping. +// +// For AWS, the InstanceID is not yet suitable for use as a Node.Name, so we actually use the +// PrivateDnsName for the Node.Name. And this is _not_ always the same as the hostname: if +// we are using a custom DHCP domain it won't be. +#NodeName: string diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue new file mode 100644 index 0000000..3de5d80 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/types/patch_go_gen.cue @@ -0,0 +1,21 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +// Similarly to above, these are constants to support HTTP PATCH utilized by +// both the client and server that didn't make sense for a whole package to be +// dedicated to. +#PatchType: string // #enumPatchType + +#enumPatchType: + #JSONPatchType | + #MergePatchType | + #StrategicMergePatchType | + #ApplyPatchType + +#JSONPatchType: #PatchType & "application/json-patch+json" +#MergePatchType: #PatchType & "application/merge-patch+json" +#StrategicMergePatchType: #PatchType & "application/strategic-merge-patch+json" +#ApplyPatchType: #PatchType & "application/apply-patch+yaml" diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue new file mode 100644 index 0000000..40bdd82 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/types/uid_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/types + +package types + +// UID is a type that holds unique ID values, including UUIDs. Because we +// don't ONLY use UUIDs, this is an alias to string. Being a type captures +// intent and helps make sure that UIDs and names do not get conflated. +#UID: string diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue new file mode 100644 index 0000000..2c8cc36 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/util/intstr/intstr_go_gen.cue @@ -0,0 +1,31 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/util/intstr + +package intstr + +// IntOrString is a type that can hold an int32 or a string. When used in +// JSON or YAML marshalling and unmarshalling, it produces or consumes the +// inner type. This allows you to have, for example, a JSON field that can +// accept a name or number. +// TODO: Rename to Int32OrString +// +// +protobuf=true +// +protobuf.options.(gogoproto.goproto_stringer)=false +// +k8s:openapi-gen=true +#IntOrString: _ + +// Type represents the stored type of IntOrString. +#Type: int64 // #enumType + +#enumType: + #Int | + #String + +#values_Type: { + Int: #Int + String: #String +} + +#Int: #Type & 0 +#String: #Type & 1 diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue new file mode 100644 index 0000000..bc1b918 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/doc_go_gen.cue @@ -0,0 +1,7 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +// Package watch contains a generic watchable interface, and a fake for +// testing code that uses the watch interface. +package watch diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue new file mode 100644 index 0000000..045e8ec --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/filter_go_gen.cue @@ -0,0 +1,10 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +// Recorder records all events that are sent from the watch until it is closed. +#Recorder: { + Interface: #Interface +} diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue new file mode 100644 index 0000000..dcf72d5 --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/mux_go_gen.cue @@ -0,0 +1,25 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +// FullChannelBehavior controls how the Broadcaster reacts if a watcher's watch +// channel is full. +#FullChannelBehavior: int // #enumFullChannelBehavior + +#enumFullChannelBehavior: + #WaitIfChannelFull | + #DropIfChannelFull + +#values_FullChannelBehavior: { + WaitIfChannelFull: #WaitIfChannelFull + DropIfChannelFull: #DropIfChannelFull +} + +#WaitIfChannelFull: #FullChannelBehavior & 0 +#DropIfChannelFull: #FullChannelBehavior & 1 + +_#incomingQueueLength: 25 + +_#internalRunFunctionMarker: "internal-do-function" diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue new file mode 100644 index 0000000..f0805cf --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/streamwatcher_go_gen.cue @@ -0,0 +1,12 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +// Decoder allows StreamWatcher to watch any stream for which a Decoder can be written. +#Decoder: _ + +// Reporter hides the details of how an error is turned into a runtime.Object for +// reporting on a watch stream since this package may not import a higher level report. +#Reporter: _ diff --git a/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue new file mode 100644 index 0000000..0db2e6b --- /dev/null +++ b/cue.mod/gen/k8s.io/apimachinery/pkg/watch/watch_go_gen.cue @@ -0,0 +1,48 @@ +// Code generated by cue get go. DO NOT EDIT. + +//cue:generate cue get go k8s.io/apimachinery/pkg/watch + +package watch + +import "k8s.io/apimachinery/pkg/runtime" + +// Interface can be implemented by anything that knows how to watch and report changes. +#Interface: _ + +// EventType defines the possible types of events. +#EventType: string // #enumEventType + +#enumEventType: + #Added | + #Modified | + #Deleted | + #Bookmark | + #Error + +#Added: #EventType & "ADDED" +#Modified: #EventType & "MODIFIED" +#Deleted: #EventType & "DELETED" +#Bookmark: #EventType & "BOOKMARK" +#Error: #EventType & "ERROR" + +// Event represents a single event to a watched resource. +// +k8s:deepcopy-gen=true +#Event: { + Type: #EventType + + // Object is: + // * If Type is Added or Modified: the new state of the object. + // * If Type is Deleted: the state of the object immediately before deletion. + // * If Type is Bookmark: the object (instance of a type being watched) where + // only ResourceVersion field is set. On successful restart of watch from a + // bookmark resourceVersion, client is guaranteed to not get repeat event + // nor miss any events. + // * If Type is Error: *api.Status is recommended; other types may make sense + // depending on context. + Object: runtime.#Object +} + +// RaceFreeFakeWatcher lets you test anything that consumes a watch.Interface; threadsafe. +#RaceFreeFakeWatcher: { + Stopped: bool +} diff --git a/cue.mod/module.cue b/cue.mod/module.cue new file mode 100644 index 0000000..bf5d725 --- /dev/null +++ b/cue.mod/module.cue @@ -0,0 +1 @@ +module: "timoni.sh/keycloak" diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue new file mode 100644 index 0000000..2c579e9 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/action.cue @@ -0,0 +1,26 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +// Action holds the list of annotations for controlling +// Timoni's apply behaviour of Kubernetes resources. +Action: { + // Force annotation for recreating immutable resources such as Kubernetes Jobs. + Force: { + "action.timoni.sh/force": ActionStatus.Enabled + } + // One-off annotation for appling resources only if they don't exist on the cluster. + Oneoff: { + "action.timoni.sh/one-off": ActionStatus.Enabled + } + // Keep annotation for preventing Timoni's garbage collector from deleting resources. + Keep: { + "action.timoni.sh/prune": ActionStatus.Disabled + } +} + +ActionStatus: { + Enabled: "enabled" + Disabled: "disabled" +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue new file mode 100644 index 0000000..ec500aa --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/image.cue @@ -0,0 +1,101 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "encoding/base64" + "strings" +) + +// Image defines the schema for OCI image reference used in Kubernetes PodSpec container image. +#Image: { + + // Repository is the address of a container registry repository. + // An image repository is made up of slash-separated name components, optionally + // prefixed by a registry hostname and port in the format [HOST[:PORT_NUMBER]/]PATH. + repository!: string + + // Tag identifies an image in the repository. + // A tag name may contain lowercase and uppercase characters, digits, underscores, periods and dashes. + // A tag name may not start with a period or a dash and may contain a maximum of 128 characters. + tag!: string & strings.MaxRunes(128) + + // Digest uniquely and immutably identifies an image in the repository. + // Spec: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests. + digest!: string + + // PullPolicy defines the pull policy for the image. + // By default, it is set to IfNotPresent. + pullPolicy: *"IfNotPresent" | "Always" | "Never" + + // Reference is the image address computed from repository, tag and digest + // in the format [REPOSITORY]:[TAG]@[DIGEST]. + reference: string + + if digest != "" && tag != "" { + reference: "\(repository):\(tag)@\(digest)" + } + + if digest != "" && tag == "" { + reference: "\(repository)@\(digest)" + } + + if digest == "" && tag != "" { + reference: "\(repository):\(tag)" + } + + if digest == "" && tag == "" { + reference: "\(repository):latest" + } +} + +// ImagePullSecret is a generator for Kubernetes Secrets of type kubernetes.io/dockerconfigjson. +// Spec: https://kubernetes.io/docs/concepts/configuration/secret/#docker-config-secrets. +#ImagePullSecret: { + // Metadata is the Kubernetes object's metadata generated by Timoni. + meta=metadata: #Metadata + + // Registry is the hostname of the container registry in the format [HOST[:PORT_NUMBER]]. + registry!: string + + // Username is the username used to authenticate to the container registry. + username!: string + + // Password is the password used to authenticate to the container registry. + password!: string + + // Optional suffix used to generate the Secret name. + suffix: *"" | string + + let auth = base64.Encode(null, username+":"+password) + + // The object is a read-only struct that contains the generated + // Kubernetes Secret of type kubernetes.io/dockerconfigjson. + object: { + apiVersion: "v1" + kind: "Secret" + type: "kubernetes.io/dockerconfigjson" + metadata: { + name: meta.name + suffix + namespace: meta.namespace + labels: meta.labels + if meta.annotations != _|_ { + annotations: meta.annotations + } + } + stringData: { + ".dockerconfigjson": #""" + { + "auths": { + "\#(registry)": { + "username": "\#(username)", + "password": "\#(password)", + "auth": "\#(auth)" + } + } + } + """# + } + } +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue new file mode 100644 index 0000000..7b31c23 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/immutable.cue @@ -0,0 +1,49 @@ +// Copyright 2024 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "encoding/json" + "strings" + "uuid" +) + +#ConfigMapKind: "ConfigMap" +#SecretKind: "Secret" + +// ImmutableConfig is a generator for immutable Kubernetes ConfigMaps and Secrets. +// The metadata.name of the generated object is suffixed with the hash of the input data. +#ImmutableConfig: { + // Kind of the generated object. + #Kind: *#ConfigMapKind | #SecretKind + + // Metadata of the generated object. + #Meta: #Metadata + + // Optional suffix appended to the generate name. + #Suffix: *"" | string + + // Data of the generated object. + #Data: {[string]: string} + + let hash = strings.Split(uuid.SHA1(uuid.ns.DNS, json.Marshal(#Data)), "-")[0] + + apiVersion: "v1" + kind: #Kind + metadata: { + name: #Meta.name + #Suffix + "-" + hash + namespace: #Meta.namespace + labels: #Meta.labels + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + } + immutable: true + if kind == #ConfigMapKind { + data: #Data + } + if kind == #SecretKind { + stringData: #Data + } +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue new file mode 100644 index 0000000..ad96b06 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/instance.cue @@ -0,0 +1,27 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "strings" + +// InstanceName defines the schema for the name of a Timoni instance. +// The instance name is used as a Kubernetes label value and must be 63 characters or less. +#InstanceName: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) + +// InstanceNamespace defines the schema for the namespace of a Timoni instance. +// The instance namespace is used as a Kubernetes label value and must be 63 characters or less. +#InstanceNamespace: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MinRunes(1) & strings.MaxRunes(63) + +// InstanceOwnerReference defines the schema for Kubernetes labels used to denote ownership. +#InstanceOwnerReference: { + #Name: "instance.timoni.sh/name" + #Namespace: "instance.timoni.sh/namespace" +} + +// InstanceModule defines the schema for the Module of a Timoni instance. +#InstanceModule: { + url: string & =~"^((oci|file)://.*)$" + version: *"latest" | string + digest?: string +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue new file mode 100644 index 0000000..bcb7e43 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/metadata.cue @@ -0,0 +1,115 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "strings" + +// Annotations defines the schema for Kubernetes object metadata annotations. +#Annotations: {[string & strings.MaxRunes(253)]: string} + +// Labels defines the schema for Kubernetes object metadata labels. +#Labels: {[string & strings.MaxRunes(253)]: string & =~"^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" & strings.MaxRunes(63)} + +#StdLabelName: "app.kubernetes.io/name" +#StdLabelVersion: "app.kubernetes.io/version" +#StdLabelPartOf: "app.kubernetes.io/part-of" +#StdLabelManagedBy: "app.kubernetes.io/managed-by" +#StdLabelComponent: "app.kubernetes.io/component" +#StdLabelInstance: "app.kubernetes.io/instance" + +// Metadata defines the schema for Kubernetes object metadata. +#Metadata: { + // Version should be in the strict semver format. Is required when creating resources. + #Version!: string & strings.MaxRunes(63) + + // Name must be unique within a namespace. Is required when creating resources. + // Name is primarily intended for creation idempotence and configuration definition. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + name!: #InstanceName + + // Namespace defines the space within which each name must be unique. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces + namespace!: #InstanceNamespace + + // Annotations is an unstructured key value map stored with a resource that may be + // set to store and retrieve arbitrary metadata. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + annotations?: #Annotations + + // Map of string keys and values that can be used to organize and categorize (scope and select) objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + labels: #Labels + + // Standard Kubernetes labels: app name, version and managed-by. + labels: { + "\(#StdLabelName)": name + "\(#StdLabelVersion)": #Version + "\(#StdLabelManagedBy)": "timoni" + } + + // LabelSelector selects Pods based on the app.kubernetes.io/name label. + #LabelSelector: #Labels & { + "\(#StdLabelName)": name + } +} + +// MetaComponent generates the Kubernetes object metadata for a module namespaced component. +// The metadata.name is composed of the instance name and the component name. +// The metadata.labels contain the app.kubernetes.io/component label. +#MetaComponent: { + // Meta is the Kubernetes object's metadata generated by Timoni. + #Meta!: #Metadata + + // Component is the name of the component used + // as a suffix for the generate object name. + #Component!: string & strings.MaxRunes(30) + + name: #Meta.name + "-" + #Component + namespace: #Meta.namespace + + labels: #Meta.labels + labels: "\(#StdLabelComponent)": #Component + + annotations?: #Annotations + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + + // LabelSelector selects Pods based on the app.kubernetes.io/name + // and app.kubernetes.io/component labels. + #LabelSelector: #Labels & { + "\(#StdLabelComponent)": #Component + "\(#StdLabelName)": #Meta.name + } +} + +// MetaClusterComponent generates the Kubernetes object metadata for a module non-namespaced component. +// The metadata.name is composed of the instance name and the component name. +// The metadata.namespace is unset. +// The metadata.labels contain the app.kubernetes.io/component label. +#MetaClusterComponent: { + // Meta is the Kubernetes object's metadata generated by Timoni. + #Meta!: #Metadata + + // Component is the name of the component used + // as a suffix for the generate object name. + #Component!: string & strings.MaxRunes(30) + + name: #Meta.name + "-" + #Component + + labels: #Meta.labels + labels: "\(#StdLabelComponent)": #Component + + annotations?: #Annotations + if #Meta.annotations != _|_ { + annotations: #Meta.annotations + } + + // LabelSelector selects Pods based on the app.kubernetes.io/name + // and app.kubernetes.io/component labels. + #LabelSelector: #Labels & { + "\(#StdLabelComponent)": #Component + "\(#StdLabelName)": #Meta.name + } +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue new file mode 100644 index 0000000..1dcdb69 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/object.cue @@ -0,0 +1,21 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import "strings" + +// ObjectReference is a reference to a Kubernetes object. +#ObjectReference: { + // Name of the referent. + name!: string & strings.MaxRunes(256) + + // Namespace of the referent. + namespace?: string & strings.MaxRunes(256) + + // API version of the referent. + apiVersion?: string & strings.MaxRunes(256) + + // Kind of the referent. + kind?: string & strings.MaxRunes(256) +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue new file mode 100644 index 0000000..d3b5573 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/requirements.cue @@ -0,0 +1,40 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "strconv" + "strings" +) + +// CPUQuantity is a string that is validated as a quantity of CPU, such as 100m or 2000m. +#CPUQuantity: string & =~"^[1-9]\\d*m$" + +// MemoryQuantity is a string that is validated as a quantity of memory, such as 128Mi or 2Gi. +#MemoryQuantity: string & =~"^[1-9]\\d*(Mi|Gi)$" + +// ResourceRequirement defines the schema for the CPU and Memory resource requirements. +#ResourceRequirement: { + cpu?: #CPUQuantity + memory?: #MemoryQuantity +} + +// ResourceRequirements defines the schema for the compute resource requirements of a container. +// More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. +#ResourceRequirements: { + // Limits describes the maximum amount of compute resources allowed. + limits?: #ResourceRequirement + + // Requests describes the minimum amount of compute resources required. + // Requests cannot exceed Limits. + requests?: #ResourceRequirement & { + if limits != _|_ { + if limits.cpu != _|_ { + _lc: strconv.Atoi(strings.Split(limits.cpu, "m")[0]) + _rc: strconv.Atoi(strings.Split(requests.cpu, "m")[0]) + #cpu: int & >=_rc & _lc + } + } + } +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue new file mode 100644 index 0000000..ed141f4 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/selector.cue @@ -0,0 +1,19 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +// Selector defines the schema for Kubernetes Pod label selector used in Deployments, Services, Jobs, etc. +#Selector: { + // Name must be unique within a namespace. Is required when creating resources. + // Name is primarily intended for creation idempotence and configuration definition. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + #Name!: #InstanceName + + // Map of string keys and values that can be used to organize and categorize (scope and select) objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + labels: #Labels + + // Standard Kubernetes label: app name. + labels: "\(#StdLabelName)": #Name +} diff --git a/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue b/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue new file mode 100644 index 0000000..ecd1e39 --- /dev/null +++ b/cue.mod/pkg/timoni.sh/core/v1alpha1/semver.cue @@ -0,0 +1,29 @@ +// Copyright 2023 Stefan Prodan +// SPDX-License-Identifier: Apache-2.0 + +package v1alpha1 + +import ( + "strconv" + "strings" +) + +// SemVer validates the input version string and extracts the major and minor version numbers. +// When Minimum is set, the major and minor parts must be greater or equal to the minimum +// or a validation error is returned. +#SemVer: { + // Input version string in strict semver format. + #Version!: string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" + + // Minimum is the minimum allowed MAJOR.MINOR version. + #Minimum: *"0.0.0" | string & =~"^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?(\\+[0-9A-Za-z-]+(\\.[0-9A-Za-z-]+)*)?$" + + let minMajor = strconv.Atoi(strings.Split(#Minimum, ".")[0]) + let minMinor = strconv.Atoi(strings.Split(#Minimum, ".")[1]) + + major: int & >=minMajor + major: strconv.Atoi(strings.Split(#Version, ".")[0]) + + minor: int & >=minMinor + minor: strconv.Atoi(strings.Split(#Version, ".")[1]) +} diff --git a/debug_tool.cue b/debug_tool.cue new file mode 100644 index 0000000..ec8136d --- /dev/null +++ b/debug_tool.cue @@ -0,0 +1,35 @@ +package main + +import ( + "tool/cli" + "encoding/yaml" + "text/tabwriter" +) + +_resources: timoni.apply.app + +// The build command generates the Kubernetes manifests and prints the multi-docs YAML to stdout. +// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. +command: build: { + task: print: cli.Print & { + text: yaml.MarshalStream(_resources) + } +} + +// The ls command prints a table with the Kubernetes resources kind, namespace, name and version. +// Example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 ls'. +command: ls: { + task: print: cli.Print & { + text: tabwriter.Write([ + "RESOURCE \tAPI VERSION", + for r in _resources { + if r.metadata.namespace == _|_ { + "\(r.kind)/\(r.metadata.name) \t\(r.apiVersion)" + } + if r.metadata.namespace != _|_ { + "\(r.kind)/\(r.metadata.namespace)/\(r.metadata.name) \t\(r.apiVersion)" + } + }, + ]) + } +} diff --git a/debug_values.cue b/debug_values.cue new file mode 100644 index 0000000..870da56 --- /dev/null +++ b/debug_values.cue @@ -0,0 +1,27 @@ +@if(debug) + +package main + +// Values used by debug_tool.cue. +// Debug example 'cue cmd -t debug -t name=test -t namespace=test -t mv=1.0.0 -t kv=1.28.0 build'. +values: { + image: { + repository: "docker.io/nginx" + tag: "1-alpine-slim" + digest: "" + } + + pod: { + annotations: "cluster-autoscaler.kubernetes.io/safe-to-evict": "true" + imagePullSecrets: [{ + name: "regcred" + }] + } + + resources: { + limits: { + cpu: "100m" + memory: "128Mi" + } + } +} diff --git a/templates/config.cue b/templates/config.cue new file mode 100644 index 0000000..0e78460 --- /dev/null +++ b/templates/config.cue @@ -0,0 +1,107 @@ +package templates + +import ( + corev1 "k8s.io/api/core/v1" + timoniv1 "timoni.sh/core/v1alpha1" +) + +// Config defines the schema and defaults for the Instance values. +#Config: { + // The kubeVersion is a required field, set at apply-time + // via timoni.cue by querying the user's Kubernetes API. + kubeVersion!: string + // Using the kubeVersion you can enforce a minimum Kubernetes minor version. + // By default, the minimum Kubernetes version is set to 1.20. + clusterVersion: timoniv1.#SemVer & {#Version: kubeVersion, #Minimum: "1.20.0"} + + // The moduleVersion is set from the user-supplied module version. + // This field is used for the `app.kubernetes.io/version` label. + moduleVersion!: string + + // The Kubernetes metadata common to all resources. + // The `metadata.name` and `metadata.namespace` fields are + // set from the user-supplied instance name and namespace. + metadata: timoniv1.#Metadata & {#Version: moduleVersion} + + // The labels allows adding `metadata.labels` to all resources. + // The `app.kubernetes.io/name` and `app.kubernetes.io/version` labels + // are automatically generated and can't be overwritten. + metadata: labels: timoniv1.#Labels + + // The annotations allows adding `metadata.annotations` to all resources. + metadata: annotations?: timoniv1.#Annotations + + // The selector allows adding label selectors to Deployments and Services. + // The `app.kubernetes.io/name` label selector is automatically generated + // from the instance name and can't be overwritten. + selector: timoniv1.#Selector & {#Name: metadata.name} + + // The image allows setting the container image repository, + // tag, digest and pull policy. + image: timoniv1.#Image & { + repository: *"docker.io/nginx" | string + tag: *"1-alpine" | string + digest: *"" | string + } + + // The pod allows setting the Kubernetes Pod annotations, image pull secrets, + // affinity and anti-affinity rules. By default, pods are scheduled on Linux nodes. + pod: { + annotations?: timoniv1.#Annotations + + affinity: *{ + nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: [{ + matchExpressions: [{ + key: corev1.#LabelOSStable + operator: "In" + values: ["linux"] + }] + }] + } | corev1.#Affinity + + imagePullSecrets?: [...timoniv1.#ObjectReference] + } + + // The resources allows setting the container resource requirements. + // By default, the container requests 10m CPU and 32Mi memory. + resources: timoniv1.#ResourceRequirements & { + requests: { + cpu: *"10m" | timoniv1.#CPUQuantity + memory: *"32Mi" | timoniv1.#MemoryQuantity + } + } + + // The number of pods replicas. + // By default, the number of replicas is 1. + replicas: *1 | int & >0 + + // The securityContext allows setting the container security context. + // By default, the container is denined privilege escalation. + securityContext: corev1.#SecurityContext & { + allowPrivilegeEscalation: *false | true + privileged: *false | true + capabilities: + { + drop: *["ALL"] | [string] + add: *["CHOWN", "NET_BIND_SERVICE", "SETGID", "SETUID"] | [string] + } + } + + // The service allows setting the Kubernetes Service annotations and port. + // By default, the HTTP port is 80. + service: { + annotations?: timoniv1.#Annotations + + port: *80 | int & >0 & <=65535 + } +} + +// Instance takes the config values and outputs the Kubernetes objects. +#Instance: { + config: #Config + + objects: { + deploy: #Deployment & {#config: config} + service: #Service & {#config: config} + } +} diff --git a/templates/deployment.cue b/templates/deployment.cue new file mode 100644 index 0000000..c188152 --- /dev/null +++ b/templates/deployment.cue @@ -0,0 +1,68 @@ +package templates + +import ( + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" +) + +#Deployment: appsv1.#Deployment & { + #config: #Config + apiVersion: "apps/v1" + kind: "Deployment" + metadata: #config.metadata + spec: appsv1.#DeploymentSpec & { + replicas: #config.replicas + selector: matchLabels: #config.selector.labels + template: { + metadata: { + labels: #config.selector.labels + if #config.pod.annotations != _|_ { + annotations: #config.pod.annotations + } + } + spec: corev1.#PodSpec & { + containers: [ + { + name: #config.metadata.name + image: #config.image.reference + imagePullPolicy: #config.image.pullPolicy + ports: [ + { + name: "http" + containerPort: 80 + protocol: "TCP" + }, + ] + readinessProbe: { + httpGet: { + path: "/" + port: "http" + } + initialDelaySeconds: 5 + periodSeconds: 10 + } + livenessProbe: { + tcpSocket: { + port: "http" + } + initialDelaySeconds: 5 + periodSeconds: 5 + } + if #config.resources != _|_ { + resources: #config.resources + } + if #config.securityContext != _|_ { + securityContext: #config.securityContext + } + }, + ] + if #config.pod.affinity != _|_ { + affinity: #config.pod.affinity + } + if #config.pod.imagePullSecrets != _|_ { + imagePullSecrets: #config.pod.imagePullSecrets + } + } + } + } +} diff --git a/templates/service.cue b/templates/service.cue new file mode 100644 index 0000000..e6dbe5c --- /dev/null +++ b/templates/service.cue @@ -0,0 +1,27 @@ +package templates + +import ( + corev1 "k8s.io/api/core/v1" +) + +#Service: corev1.#Service & { + #config: #Config + apiVersion: "v1" + kind: "Service" + metadata: #config.metadata + if #config.service.annotations != _|_ { + metadata: annotations: #config.service.annotations + } + spec: corev1.#ServiceSpec & { + type: corev1.#ServiceTypeClusterIP + selector: #config.selector.labels + ports: [ + { + port: #config.service.port + protocol: "TCP" + name: "http" + targetPort: name + }, + ] + } +} diff --git a/timoni.cue b/timoni.cue new file mode 100644 index 0000000..3e6e5fd --- /dev/null +++ b/timoni.cue @@ -0,0 +1,42 @@ +// Code generated by timoni. +// Note that this file is required and should contain +// the values schema and the timoni workflow. + +package main + +import ( + templates "timoni.sh/keycloak/templates" +) + +// Define the schema for the user-supplied values. +// At runtime, Timoni injects the supplied values +// and validates them according to the Config schema. +values: templates.#Config + +// Define how Timoni should build, validate and +// apply the Kubernetes resources. +timoni: { + apiVersion: "v1alpha1" + + // Define the instance that outputs the Kubernetes resources. + // At runtime, Timoni builds the instance and validates + // the resulting resources according to their Kubernetes schema. + instance: templates.#Instance & { + // The user-supplied values are merged with the + // default values at runtime by Timoni. + config: values + // These values are injected at runtime by Timoni. + config: { + metadata: { + name: string @tag(name) + namespace: string @tag(namespace) + } + moduleVersion: string @tag(mv, var=moduleVersion) + kubeVersion: string @tag(kv, var=kubeVersion) + } + } + + // Pass Kubernetes resources outputted by the instance + // to Timoni's multi-step apply. + apply: app: [for obj in instance.objects {obj}] +} diff --git a/timoni.ignore b/timoni.ignore new file mode 100644 index 0000000..0722c34 --- /dev/null +++ b/timoni.ignore @@ -0,0 +1,14 @@ +# VCS +.git/ +.gitignore +.gitmodules +.gitattributes + +# Go +vendor/ +go.mod +go.sum + +# CUE +*_tool.cue +debug_values.cue diff --git a/values.cue b/values.cue new file mode 100644 index 0000000..b2723ef --- /dev/null +++ b/values.cue @@ -0,0 +1,10 @@ +// Code generated by timoni. +// Note that this file must have no imports and all values must be concrete. + +@if(!debug) + +package main + +// Placeholder for user-supplied values. +values: { +}