mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 10:33:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: update kubernetes to v1.23.0

Browse Source 
updating go dependency to latest kubernetes
released version i.e v1.23.0

Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
2021-12-08 19:20:47 +05:30
committed by mergify[bot]
parent 42403e2ba7
commit 5762da3e91
789 changed files with 49781 additions and 11501 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
vendor/k8s.io/kubernetes/pkg/apis/apps/types.go generated vendored
View File

@ -97,6 +97,40 @@ type RollingUpdateStatefulSetStrategy struct {
Partition int32
}
// PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
// when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
// deleted or scaled down.
type PersistentVolumeClaimRetentionPolicyType string
const (
// RetainPersistentVolumeClaimRetentionPolicyType is the default
// PersistentVolumeClaimRetentionPolicy and specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will not be deleted.
RetainPersistentVolumeClaimRetentionPolicyType PersistentVolumeClaimRetentionPolicyType = "Retain"
// DeletePersistentVolumeClaimRetentionPolicyType specifies that
// PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
// will be deleted in the scenario specified in
// StatefulSetPersistentVolumeClaimPolicy.
DeletePersistentVolumeClaimRetentionPolicyType PersistentVolumeClaimRetentionPolicyType = "Delete"
)
// StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
// created from the StatefulSet VolumeClaimTemplates.
type StatefulSetPersistentVolumeClaimRetentionPolicy struct {
// WhenDeleted specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
// `Delete` policy causes those PVCs to be deleted.
WhenDeleted PersistentVolumeClaimRetentionPolicyType
// WhenScaled specifies what happens to PVCs created from StatefulSet
// VolumeClaimTemplates when the StatefulSet is scaled down. The default
// policy of `Retain` causes PVCs to not be affected by a scaledown. The
// `Delete` policy causes the associated PVCs for any excess pods above
// the replica count to be deleted.
WhenScaled PersistentVolumeClaimRetentionPolicyType
}
// A StatefulSetSpec is the specification of a StatefulSet.
type StatefulSetSpec struct {
// Replicas is the desired number of replicas of the given Template.
@ -164,6 +198,12 @@ type StatefulSetSpec struct {
// This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
// +optional
MinReadySeconds int32
// PersistentVolumeClaimRetentionPolicy describes the policy used for PVCs created from
// the StatefulSet VolumeClaimTemplates. This requires the
// StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha.
// +optional
PersistentVolumeClaimRetentionPolicy *StatefulSetPersistentVolumeClaimRetentionPolicy
}
// StatefulSetStatus represents the current state of a StatefulSet.
@ -205,9 +245,7 @@ type StatefulSetStatus struct {
Conditions []StatefulSetCondition
// Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
// This is an alpha field and requires enabling StatefulSetMinReadySeconds feature gate.
// Remove omitempty when graduating to beta
// +optional
// This is a beta field and requires enabling StatefulSetMinReadySeconds feature gate.
AvailableReplicas int32
}
@ -572,7 +610,7 @@ type RollingUpdateDaemonSet struct {
// pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
// on that node is marked deleted. If the old pod becomes unavailable for any
// reason (Ready transitions to false, is evicted, or is drained) an updated
// pod is immediatedly created on that node without considering surge limits.
// pod is immediately created on that node without considering surge limits.
// Allowing surge implies the possibility that the resources consumed by the
// daemonset on any given node can double if the readiness check fails, and
// so resource intensive daemonsets should take into account that they may

22
vendor/k8s.io/kubernetes/pkg/apis/apps/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
@ -711,6 +712,22 @@ func (in *StatefulSetList) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StatefulSetPersistentVolumeClaimRetentionPolicy) DeepCopyInto(out *StatefulSetPersistentVolumeClaimRetentionPolicy) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulSetPersistentVolumeClaimRetentionPolicy.
func (in *StatefulSetPersistentVolumeClaimRetentionPolicy) DeepCopy() *StatefulSetPersistentVolumeClaimRetentionPolicy {
if in == nil {
return nil
}
out := new(StatefulSetPersistentVolumeClaimRetentionPolicy)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *StatefulSetSpec) DeepCopyInto(out *StatefulSetSpec) {
*out = *in
@ -733,6 +750,11 @@ func (in *StatefulSetSpec) DeepCopyInto(out *StatefulSetSpec) {
*out = new(int32)
**out = **in
}
if in.PersistentVolumeClaimRetentionPolicy != nil {
in, out := &in.PersistentVolumeClaimRetentionPolicy, &out.PersistentVolumeClaimRetentionPolicy
*out = new(StatefulSetPersistentVolumeClaimRetentionPolicy)
**out = **in
}
return
}

1
vendor/k8s.io/kubernetes/pkg/apis/autoscaling/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*

16
vendor/k8s.io/kubernetes/pkg/apis/batch/types.go generated vendored
View File

@ -173,8 +173,6 @@ type JobSpec struct {
// guarantees (e.g. finalizers) will be honored. If this field is unset,
// the Job won't be automatically deleted. If this field is set to zero,
// the Job becomes eligible to be deleted immediately after it finishes.
// This field is alpha-level and is only honored by servers that enable the
// TTLAfterFinished feature.
// +optional
TTLSecondsAfterFinished *int32
@ -243,10 +241,17 @@ type JobStatus struct {
// +optional
CompletionTime *metav1.Time
// The number of actively running pods.
// The number of pending and running pods.
// +optional
Active int32
// The number of active pods which have a Ready condition.
//
// This field is alpha-level. The job controller populates the field when
// the feature gate JobReadyPods is enabled (disabled by default).
// +optional
Ready *int32
// The number of pods which reached phase Succeeded.
// +optional
Succeeded int32
@ -276,8 +281,9 @@ type JobStatus struct {
// (3) Remove the pod UID from the array while increasing the corresponding
// counter.
//
// This field is alpha-level. The job controller only makes use of this field
// when the feature gate PodTrackingWithFinalizers is enabled.
// This field is beta-level. The job controller only makes use of this field
// when the feature gate JobTrackingWithFinalizers is enabled (enabled
// by default).
// Old jobs might not be tracked using this field, in which case the field
// remains null.
// +optional

6
vendor/k8s.io/kubernetes/pkg/apis/batch/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
@ -313,6 +314,11 @@ func (in *JobStatus) DeepCopyInto(out *JobStatus) {
in, out := &in.CompletionTime, &out.CompletionTime
*out = (*in).DeepCopy()
}
if in.Ready != nil {
in, out := &in.Ready, &out.Ready
*out = new(int32)
**out = **in
}
if in.UncountedTerminatedPods != nil {
in, out := &in.UncountedTerminatedPods, &out.UncountedTerminatedPods
*out = new(UncountedTerminatedPods)

2
vendor/k8s.io/kubernetes/pkg/apis/core/annotation_key_constants.go generated vendored
View File

@ -99,7 +99,7 @@ const (
EndpointsLastChangeTriggerTime = "endpoints.kubernetes.io/last-change-trigger-time"
// EndpointsOverCapacity will be set on an Endpoints resource when it
// exceeds the maximum capacity of 1000 addresses. Inititially the Endpoints
// exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
// controller will set this annotation with a value of "warning". In a
// future release, the controller may set this annotation with a value of
// "truncated" to indicate that any addresses exceeding the limit of 1000

221
vendor/k8s.io/kubernetes/pkg/apis/core/types.go generated vendored
View File

@ -111,7 +111,7 @@ type VolumeSource struct {
// +optional
FlexVolume *FlexVolumeSource
// Cinder represents a cinder volume attached and mounted on kubelets host machine.
// Cinder represents a cinder volume attached and mounted on kubelet's host machine.
// +optional
Cinder *CinderVolumeSource
@ -135,17 +135,17 @@ type VolumeSource struct {
// ConfigMap represents a configMap that should populate this volume
// +optional
ConfigMap *ConfigMapVolumeSource
// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
// VsphereVolume represents a vSphere volume attached and mounted on kubelet's host machine
// +optional
VsphereVolume *VsphereVirtualDiskVolumeSource
// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
// +optional
AzureDisk *AzureDiskVolumeSource
// PhotonPersistentDisk represents a Photon Controller persistent disk attached and mounted on kubelets host machine
// PhotonPersistentDisk represents a Photon Controller persistent disk attached and mounted on kubelet's host machine
PhotonPersistentDisk *PhotonPersistentDiskVolumeSource
// Items for all in one resources secrets, configmaps, and downward API
Projected *ProjectedVolumeSource
// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine
// PortworxVolume represents a portworx volume attached and mounted on kubelet's host machine
// +optional
PortworxVolume *PortworxVolumeSource
// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
@ -182,9 +182,6 @@ type VolumeSource struct {
// A pod can use both types of ephemeral volumes and
// persistent volumes at the same time.
//
// This is a beta feature and only available when the GenericEphemeralVolume
// feature gate is enabled.
//
// +optional
Ephemeral *EphemeralVolumeSource
}
@ -226,7 +223,7 @@ type PersistentVolumeSource struct {
// provisioned/attached using an exec based plugin.
// +optional
FlexVolume *FlexPersistentVolumeSource
// Cinder represents a cinder volume attached and mounted on kubelets host machine.
// Cinder represents a cinder volume attached and mounted on kubelet's host machine.
// +optional
Cinder *CinderPersistentVolumeSource
// CephFS represents a Ceph FS mount on the host that shares a pod's lifetime
@ -241,15 +238,15 @@ type PersistentVolumeSource struct {
// AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
// +optional
AzureFile *AzureFilePersistentVolumeSource
// VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
// VsphereVolume represents a vSphere volume attached and mounted on kubelet's host machine
// +optional
VsphereVolume *VsphereVirtualDiskVolumeSource
// AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
// +optional
AzureDisk *AzureDiskVolumeSource
// PhotonPersistentDisk represents a Photon Controller persistent disk attached and mounted on kubelets host machine
// PhotonPersistentDisk represents a Photon Controller persistent disk attached and mounted on kubelet's host machine
PhotonPersistentDisk *PhotonPersistentDiskVolumeSource
// PortworxVolume represents a portworx volume attached and mounted on kubelets host machine
// PortworxVolume represents a portworx volume attached and mounted on kubelet's host machine
// +optional
PortworxVolume *PortworxVolumeSource
// ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
@ -433,6 +430,9 @@ type PersistentVolumeClaimSpec struct {
// +optional
Selector *metav1.LabelSelector
// Resources represents the minimum resources required
// If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
// that are lower than previous value but must still be higher than capacity recorded in the
// status field of the claim.
// +optional
Resources ResourceRequirements
// VolumeName is the binding reference to the PersistentVolume backing this
@ -489,6 +489,26 @@ const (
PersistentVolumeClaimFileSystemResizePending PersistentVolumeClaimConditionType = "FileSystemResizePending"
)
// +enum
type PersistentVolumeClaimResizeStatus string
const (
// When expansion is complete, the empty string is set by resize controller or kubelet.
PersistentVolumeClaimNoExpansionInProgress PersistentVolumeClaimResizeStatus = ""
// State set when resize controller starts expanding the volume in control-plane
PersistentVolumeClaimControllerExpansionInProgress PersistentVolumeClaimResizeStatus = "ControllerExpansionInProgress"
// State set when expansion has failed in resize controller with a terminal error.
// Transient errors such as timeout should not set this status and should leave ResizeStatus
// unmodified, so as resize controller can resume the volume expansion.
PersistentVolumeClaimControllerExpansionFailed PersistentVolumeClaimResizeStatus = "ControllerExpansionFailed"
// State set when resize controller has finished expanding the volume but further expansion is needed on the node.
PersistentVolumeClaimNodeExpansionPending PersistentVolumeClaimResizeStatus = "NodeExpansionPending"
// State set when kubelet starts expanding the volume.
PersistentVolumeClaimNodeExpansionInProgress PersistentVolumeClaimResizeStatus = "NodeExpansionInProgress"
// State set when expansion has failed in kubelet with a terminal error. Transient errors don't set NodeExpansionFailed.
PersistentVolumeClaimNodeExpansionFailed PersistentVolumeClaimResizeStatus = "NodeExpansionFailed"
)
// PersistentVolumeClaimCondition represents the current condition of PV claim
type PersistentVolumeClaimCondition struct {
Type PersistentVolumeClaimConditionType
@ -516,6 +536,24 @@ type PersistentVolumeClaimStatus struct {
Capacity ResourceList
// +optional
Conditions []PersistentVolumeClaimCondition
// The storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may
// be larger than the actual capacity when a volume expansion operation is requested.
// For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.
// If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.
// If a volume expansion capacity request is lowered, allocatedResources is only
// lowered if there are no expansion operations in progress and if the actual volume capacity
// is equal or lower than the requested capacity.
// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
// +featureGate=RecoverVolumeExpansionFailure
// +optional
AllocatedResources ResourceList
// ResizeStatus stores status of resize operation.
// ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty
// string by resize controller or kubelet.
// This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
// +featureGate=RecoverVolumeExpansionFailure
// +optional
ResizeStatus *PersistentVolumeClaimResizeStatus
}
// PersistentVolumeAccessMode defines various access modes for PV.
@ -1620,7 +1658,7 @@ type LocalVolumeSource struct {
// Filesystem type to mount.
// It applies only when the Path is a block device.
// Must be a filesystem type supported by the host operating system.
// Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a fileystem if unspecified.
// Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a filesystem if unspecified.
// +optional
FSType *string
}
@ -2025,7 +2063,7 @@ type ExecAction struct {
// alive or ready to receive traffic.
type Probe struct {
// The action taken to determine the health of a container
Handler
ProbeHandler
// Length of time before health checking is activated. In seconds.
// +optional
InitialDelaySeconds int32
@ -2191,10 +2229,9 @@ type Container struct {
TTY bool
}
// Handler defines a specific action that should be taken
// TODO: pass structured data to these actions, and document that data here.
type Handler struct {
// One and only one of the following should be specified.
// ProbeHandler defines a specific action that should be taken in a probe.
// One and only one of the fields must be specified.
type ProbeHandler struct {
// Exec specifies the action to take.
// +optional
Exec *ExecAction
@ -2202,9 +2239,43 @@ type Handler struct {
// +optional
HTTPGet *HTTPGetAction
// TCPSocket specifies an action involving a TCP port.
// TODO: implement a realistic TCP lifecycle hook
// +optional
TCPSocket *TCPSocketAction
// GRPC specifies an action involving a GRPC port.
// This is an alpha field and requires enabling GRPCContainerProbe feature gate.
// +featureGate=GRPCContainerProbe
// +optional
GRPC *GRPCAction
}
// LifecycleHandler defines a specific action that should be taken in a lifecycle
// hook. One and only one of the fields, except TCPSocket must be specified.
type LifecycleHandler struct {
// Exec specifies the action to take.
// +optional
Exec *ExecAction
// HTTPGet specifies the http request to perform.
// +optional
HTTPGet *HTTPGetAction
// Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
// for the backward compatibility. There are no validation of this field and
// lifecycle hooks will fail in runtime when tcp handler is specified.
// +optional
TCPSocket *TCPSocketAction
}
type GRPCAction struct {
// Port number of the gRPC service.
// Note: Number must be in the range 1 to 65535.
Port int32
// Service is the name of the service to place in the gRPC HealthCheckRequest
// (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
//
// If this is not specified, the default behavior is to probe the server's overall health status.
// +optional
Service *string
}
// Lifecycle describes actions that the management system should take in response to container lifecycle
@ -2213,19 +2284,20 @@ type Handler struct {
type Lifecycle struct {
// PostStart is called immediately after a container is created. If the handler fails, the container
// is terminated and restarted.
// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
// +optional
PostStart *Handler
PostStart *LifecycleHandler
// PreStop is called immediately before a container is terminated due to an
// API request or management event such as liveness/startup probe failure,
// preemption, resource contention, etc. The handler is not called if the
// container crashes or exits. The reason for termination is passed to the
// handler. The Pod's termination grace period countdown begins before the
// PreStop hooked is executed. Regardless of the outcome of the handler, the
// container crashes or exits. The Pod's termination grace period countdown begins before the
// PreStop hook is executed. Regardless of the outcome of the handler, the
// container will eventually terminate within the Pod's termination grace
// period. Other management of the container blocks until the hook completes
// period (unless delayed by finalizers). Other management of the container blocks until the hook completes
// or until the termination grace period is reached.
// More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
// +optional
PreStop *Handler
PreStop *LifecycleHandler
}
// The below types are used by kube_client and api_server.
@ -2749,7 +2821,7 @@ type PodSpec struct {
// pod to perform user-initiated actions such as debugging. This list cannot be specified when
// creating a pod, and it cannot be modified by updating the pod spec. In order to add an
// ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
// This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.
// This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.
// +optional
EphemeralContainers []EphemeralContainer
// +optional
@ -2887,6 +2959,54 @@ type PodSpec struct {
// All topologySpreadConstraints are ANDed.
// +optional
TopologySpreadConstraints []TopologySpreadConstraint
// Specifies the OS of the containers in the pod.
// Some pod and container fields are restricted if this is set.
//
// If the OS field is set to linux, the following fields must be unset:
// - securityContext.windowsOptions
//
// If the OS field is set to windows, following fields must be unset:
// - spec.hostPID
// - spec.hostIPC
// - spec.securityContext.seLinuxOptions
// - spec.securityContext.seccompProfile
// - spec.securityContext.fsGroup
// - spec.securityContext.fsGroupChangePolicy
// - spec.securityContext.sysctls
// - spec.shareProcessNamespace
// - spec.securityContext.runAsUser
// - spec.securityContext.runAsGroup
// - spec.securityContext.supplementalGroups
// - spec.containers[*].securityContext.seLinuxOptions
// - spec.containers[*].securityContext.seccompProfile
// - spec.containers[*].securityContext.capabilities
// - spec.containers[*].securityContext.readOnlyRootFilesystem
// - spec.containers[*].securityContext.privileged
// - spec.containers[*].securityContext.allowPrivilegeEscalation
// - spec.containers[*].securityContext.procMount
// - spec.containers[*].securityContext.runAsUser
// - spec.containers[*].securityContext.runAsGroup
// +optional
// This is an alpha field and requires the IdentifyPodOS feature
OS *PodOS
}
// OSName is the set of OS'es that can be used in OS.
type OSName string
// These are valid values for OSName
const (
Linux OSName = "linux"
Windows OSName = "windows"
)
// PodOS defines the OS parameters of a pod.
type PodOS struct {
// Name is the name of the operating system. The currently supported values are linux and windows.
// Additional value may be defined in future and can be one of:
// https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
// Clients should expect to handle additional values and treat unrecognized values in this field as os: null
Name OSName
}
// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
@ -2932,11 +3052,13 @@ type PodSecurityContext struct {
HostNetwork bool
// Use the host's pid namespace.
// Optional: Default to false.
// Note that this field cannot be set when spec.os.name is windows.
// +k8s:conversion-gen=false
// +optional
HostPID bool
// Use the host's ipc namespace.
// Optional: Default to false.
// Note that this field cannot be set when spec.os.name is windows.
// +k8s:conversion-gen=false
// +optional
HostIPC bool
@ -2944,6 +3066,7 @@ type PodSecurityContext struct {
// When this is set containers will be able to view and signal processes from other containers
// in the same pod, and the first process in each container will not be assigned PID 1.
// HostPID and ShareProcessNamespace cannot both be set.
// Note that this field cannot be set when spec.os.name is windows.
// Optional: Default to false.
// +k8s:conversion-gen=false
// +optional
@ -2953,11 +3076,13 @@ type PodSecurityContext struct {
// container. May also be set in SecurityContext. If set in
// both SecurityContext and PodSecurityContext, the value specified in SecurityContext
// takes precedence for that container.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
SELinuxOptions *SELinuxOptions
// The Windows specific settings applied to all containers.
// If unspecified, the options within a container's SecurityContext will be used.
// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is linux.
// +optional
WindowsOptions *WindowsSecurityContextOptions
// The UID to run the entrypoint of the container process.
@ -2965,6 +3090,7 @@ type PodSecurityContext struct {
// May also be set in SecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence
// for that container.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
RunAsUser *int64
// The GID to run the entrypoint of the container process.
@ -2972,6 +3098,7 @@ type PodSecurityContext struct {
// May also be set in SecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence
// for that container.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
RunAsGroup *int64
// Indicates that the container must run as a non-root user.
@ -2986,6 +3113,7 @@ type PodSecurityContext struct {
// A list of groups applied to the first process run in each container, in addition
// to the container's primary GID. If unspecified, no groups will be added to
// any container.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
SupplementalGroups []int64
// A special supplemental group that applies to all containers in a pod.
@ -2997,6 +3125,7 @@ type PodSecurityContext struct {
// 3. The permission bits are OR'd with rw-rw----
//
// If unset, the Kubelet will not modify the ownership and permissions of any volume.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
FSGroup *int64
// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
@ -3005,13 +3134,16 @@ type PodSecurityContext struct {
// It will have no effect on ephemeral volume types such as: secret, configmaps
// and emptydir.
// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
FSGroupChangePolicy *PodFSGroupChangePolicy
// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
// sysctls (by the container runtime) might fail to launch.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
Sysctls []Sysctl
// The seccomp options to use by the containers in this pod.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
SeccompProfile *SeccompProfile
}
@ -3137,6 +3269,7 @@ type EphemeralContainerCommon struct {
// already allocated to the pod.
// +optional
Resources ResourceRequirements
// Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
// +optional
VolumeMounts []VolumeMount
// volumeDevices is the list of block devices to be used by the container.
@ -3180,15 +3313,16 @@ type EphemeralContainerCommon struct {
// these two types.
var _ = Container(EphemeralContainerCommon{})
// An EphemeralContainer is a temporary container that may be added to an existing pod for
// An EphemeralContainer is a temporary container that you may add to an existing Pod for
// user-initiated activities such as debugging. Ephemeral containers have no resource or
// scheduling guarantees, and they will not be restarted when they exit or when a pod is
// removed or restarted. If an ephemeral container causes a pod to exceed its resource
// allocation, the pod may be evicted.
// Ephemeral containers may not be added by directly updating the pod spec. They must be added
// via the pod's ephemeralcontainers subresource, and they will appear in the pod spec
// once added.
// This is an alpha feature enabled by the EphemeralContainers feature flag.
// scheduling guarantees, and they will not be restarted when they exit or when a Pod is
// removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
// Pod to exceed its resource allocation.
//
// To add an ephemeral container, use the ephemeralcontainers subresource of an existing
// Pod. Ephemeral containers may not be removed or restarted.
//
// This is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate.
type EphemeralContainer struct {
// Ephemeral containers have all of the fields of Container, plus additional fields
// specific to ephemeral containers. Fields in common with Container are in the
@ -3198,8 +3332,10 @@ type EphemeralContainer struct {
// If set, the name of the container from PodSpec that this ephemeral container targets.
// The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
// If not set then the ephemeral container is run in whatever namespaces are shared
// for the pod. Note that the container runtime must support this feature.
// If not set then the ephemeral container uses the namespaces configured in the Pod spec.
//
// The container runtime must implement support for this feature. If the runtime does not
// support namespace targeting then the result of setting this field is undefined.
// +optional
TargetContainerName string
}
@ -3253,7 +3389,7 @@ type PodStatus struct {
ContainerStatuses []ContainerStatus
// Status for any ephemeral containers that have run in this pod.
// This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.
// This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.
// +optional
EphemeralContainerStatuses []ContainerStatus
}
@ -5044,6 +5180,7 @@ type Secret struct {
Data map[string][]byte `datapolicy:"password,security-key,token"`
// Used to facilitate programmatic handling of secret data.
// More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types
// +optional
Type SecretType
}
@ -5284,34 +5421,40 @@ type ComponentStatusList struct {
type SecurityContext struct {
// The capabilities to add/drop when running containers.
// Defaults to the default set of capabilities granted by the container runtime.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
Capabilities *Capabilities
// Run container in privileged mode.
// Processes in privileged containers are essentially equivalent to root on the host.
// Defaults to false.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
Privileged *bool
// The SELinux context to be applied to the container.
// If unspecified, the container runtime will allocate a random SELinux context for each
// container. May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
SELinuxOptions *SELinuxOptions
// The Windows specific settings applied to all containers.
// If unspecified, the options from the PodSecurityContext will be used.
// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is linux.
// +optional
WindowsOptions *WindowsSecurityContextOptions
// The UID to run the entrypoint of the container process.
// Defaults to user specified in image metadata if unspecified.
// May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
RunAsUser *int64
// The GID to run the entrypoint of the container process.
// Uses runtime default if unset.
// May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
RunAsGroup *int64
// Indicates that the container must run as a non-root user.
@ -5324,21 +5467,25 @@ type SecurityContext struct {
RunAsNonRoot *bool
// The read-only root filesystem allows you to restrict the locations that an application can write
// files to, ensuring the persistent data can only be written to mounts.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
ReadOnlyRootFilesystem *bool
// AllowPrivilegeEscalation controls whether a process can gain more
// privileges than its parent process. This bool directly controls if
// the no_new_privs flag will be set on the container process.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
AllowPrivilegeEscalation *bool
// ProcMount denotes the type of proc mount to use for the containers.
// The default is DefaultProcMount which uses the container runtime defaults for
// readonly paths and masked paths.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
ProcMount *ProcMountType
// The seccomp options to use by this container. If seccomp options are
// provided at both the pod & container level, the container options
// override the pod options.
// Note that this field cannot be set when spec.os.name is windows.
// +optional
SeccompProfile *SeccompProfile
}
@ -5484,7 +5631,7 @@ type TopologySpreadConstraint struct {
// but giving higher precedence to topologies that would help reduce the
// skew.
// A constraint is considered "Unsatisfiable" for an incoming pod
// if and only if every possible node assigment for that pod would violate
// if and only if every possible node assignment for that pod would violate
// "MaxSkew" on some topology.
// For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
// labelSelector spread as 3/1/1:

2
vendor/k8s.io/kubernetes/pkg/apis/core/v1/doc.go generated vendored
View File

@ -17,7 +17,7 @@ limitations under the License.
// +k8s:conversion-gen=k8s.io/kubernetes/pkg/apis/core
// +k8s:conversion-gen-external-types=k8s.io/api/core/v1
// +k8s:defaulter-gen=TypeMeta
// +k8s:defaulter-gen-input=../../../../vendor/k8s.io/api/core/v1
// +k8s:defaulter-gen-input=k8s.io/api/core/v1
// Package v1 is the v1 version of the API.
package v1 // import "k8s.io/kubernetes/pkg/apis/core/v1"

185
vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.conversion.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
@ -641,6 +642,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.GRPCAction)(nil), (*core.GRPCAction)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_GRPCAction_To_core_GRPCAction(a.(*v1.GRPCAction), b.(*core.GRPCAction), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*core.GRPCAction)(nil), (*v1.GRPCAction)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_core_GRPCAction_To_v1_GRPCAction(a.(*core.GRPCAction), b.(*v1.GRPCAction), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.GitRepoVolumeSource)(nil), (*core.GitRepoVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource(a.(*v1.GitRepoVolumeSource), b.(*core.GitRepoVolumeSource), scope)
}); err != nil {
@ -691,16 +702,6 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.Handler)(nil), (*core.Handler)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_Handler_To_core_Handler(a.(*v1.Handler), b.(*core.Handler), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*core.Handler)(nil), (*v1.Handler)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_core_Handler_To_v1_Handler(a.(*core.Handler), b.(*v1.Handler), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.HostAlias)(nil), (*core.HostAlias)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_HostAlias_To_core_HostAlias(a.(*v1.HostAlias), b.(*core.HostAlias), scope)
}); err != nil {
@ -761,6 +762,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.LifecycleHandler)(nil), (*core.LifecycleHandler)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_LifecycleHandler_To_core_LifecycleHandler(a.(*v1.LifecycleHandler), b.(*core.LifecycleHandler), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*core.LifecycleHandler)(nil), (*v1.LifecycleHandler)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_core_LifecycleHandler_To_v1_LifecycleHandler(a.(*core.LifecycleHandler), b.(*v1.LifecycleHandler), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.LimitRange)(nil), (*core.LimitRange)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_LimitRange_To_core_LimitRange(a.(*v1.LimitRange), b.(*core.LimitRange), scope)
}); err != nil {
@ -1301,6 +1312,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.PodOS)(nil), (*core.PodOS)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_PodOS_To_core_PodOS(a.(*v1.PodOS), b.(*core.PodOS), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*core.PodOS)(nil), (*v1.PodOS)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_core_PodOS_To_v1_PodOS(a.(*core.PodOS), b.(*v1.PodOS), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.PodPortForwardOptions)(nil), (*core.PodPortForwardOptions)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions(a.(*v1.PodPortForwardOptions), b.(*core.PodPortForwardOptions), scope)
}); err != nil {
@ -1441,6 +1462,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.ProbeHandler)(nil), (*core.ProbeHandler)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_ProbeHandler_To_core_ProbeHandler(a.(*v1.ProbeHandler), b.(*core.ProbeHandler), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*core.ProbeHandler)(nil), (*v1.ProbeHandler)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_core_ProbeHandler_To_v1_ProbeHandler(a.(*core.ProbeHandler), b.(*v1.ProbeHandler), scope)
}); err != nil {
return err
}
if err := s.AddGeneratedConversionFunc((*v1.ProjectedVolumeSource)(nil), (*core.ProjectedVolumeSource)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(a.(*v1.ProjectedVolumeSource), b.(*core.ProjectedVolumeSource), scope)
}); err != nil {
@ -3806,6 +3837,28 @@ func Convert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSou
return autoConvert_core_GCEPersistentDiskVolumeSource_To_v1_GCEPersistentDiskVolumeSource(in, out, s)
}
func autoConvert_v1_GRPCAction_To_core_GRPCAction(in *v1.GRPCAction, out *core.GRPCAction, s conversion.Scope) error {
out.Port = in.Port
out.Service = (*string)(unsafe.Pointer(in.Service))
return nil
}
// Convert_v1_GRPCAction_To_core_GRPCAction is an autogenerated conversion function.
func Convert_v1_GRPCAction_To_core_GRPCAction(in *v1.GRPCAction, out *core.GRPCAction, s conversion.Scope) error {
return autoConvert_v1_GRPCAction_To_core_GRPCAction(in, out, s)
}
func autoConvert_core_GRPCAction_To_v1_GRPCAction(in *core.GRPCAction, out *v1.GRPCAction, s conversion.Scope) error {
out.Port = in.Port
out.Service = (*string)(unsafe.Pointer(in.Service))
return nil
}
// Convert_core_GRPCAction_To_v1_GRPCAction is an autogenerated conversion function.
func Convert_core_GRPCAction_To_v1_GRPCAction(in *core.GRPCAction, out *v1.GRPCAction, s conversion.Scope) error {
return autoConvert_core_GRPCAction_To_v1_GRPCAction(in, out, s)
}
func autoConvert_v1_GitRepoVolumeSource_To_core_GitRepoVolumeSource(in *v1.GitRepoVolumeSource, out *core.GitRepoVolumeSource, s conversion.Scope) error {
out.Repository = in.Repository
out.Revision = in.Revision
@ -3930,30 +3983,6 @@ func Convert_core_HTTPHeader_To_v1_HTTPHeader(in *core.HTTPHeader, out *v1.HTTPH
return autoConvert_core_HTTPHeader_To_v1_HTTPHeader(in, out, s)
}
func autoConvert_v1_Handler_To_core_Handler(in *v1.Handler, out *core.Handler, s conversion.Scope) error {
out.Exec = (*core.ExecAction)(unsafe.Pointer(in.Exec))
out.HTTPGet = (*core.HTTPGetAction)(unsafe.Pointer(in.HTTPGet))
out.TCPSocket = (*core.TCPSocketAction)(unsafe.Pointer(in.TCPSocket))
return nil
}
// Convert_v1_Handler_To_core_Handler is an autogenerated conversion function.
func Convert_v1_Handler_To_core_Handler(in *v1.Handler, out *core.Handler, s conversion.Scope) error {
return autoConvert_v1_Handler_To_core_Handler(in, out, s)
}
func autoConvert_core_Handler_To_v1_Handler(in *core.Handler, out *v1.Handler, s conversion.Scope) error {
out.Exec = (*v1.ExecAction)(unsafe.Pointer(in.Exec))
out.HTTPGet = (*v1.HTTPGetAction)(unsafe.Pointer(in.HTTPGet))
out.TCPSocket = (*v1.TCPSocketAction)(unsafe.Pointer(in.TCPSocket))
return nil
}
// Convert_core_Handler_To_v1_Handler is an autogenerated conversion function.
func Convert_core_Handler_To_v1_Handler(in *core.Handler, out *v1.Handler, s conversion.Scope) error {
return autoConvert_core_Handler_To_v1_Handler(in, out, s)
}
func autoConvert_v1_HostAlias_To_core_HostAlias(in *v1.HostAlias, out *core.HostAlias, s conversion.Scope) error {
out.IP = in.IP
out.Hostnames = *(*[]string)(unsafe.Pointer(&in.Hostnames))
@ -4103,8 +4132,8 @@ func Convert_core_KeyToPath_To_v1_KeyToPath(in *core.KeyToPath, out *v1.KeyToPat
}
func autoConvert_v1_Lifecycle_To_core_Lifecycle(in *v1.Lifecycle, out *core.Lifecycle, s conversion.Scope) error {
out.PostStart = (*core.Handler)(unsafe.Pointer(in.PostStart))
out.PreStop = (*core.Handler)(unsafe.Pointer(in.PreStop))
out.PostStart = (*core.LifecycleHandler)(unsafe.Pointer(in.PostStart))
out.PreStop = (*core.LifecycleHandler)(unsafe.Pointer(in.PreStop))
return nil
}
@ -4114,8 +4143,8 @@ func Convert_v1_Lifecycle_To_core_Lifecycle(in *v1.Lifecycle, out *core.Lifecycl
}
func autoConvert_core_Lifecycle_To_v1_Lifecycle(in *core.Lifecycle, out *v1.Lifecycle, s conversion.Scope) error {
out.PostStart = (*v1.Handler)(unsafe.Pointer(in.PostStart))
out.PreStop = (*v1.Handler)(unsafe.Pointer(in.PreStop))
out.PostStart = (*v1.LifecycleHandler)(unsafe.Pointer(in.PostStart))
out.PreStop = (*v1.LifecycleHandler)(unsafe.Pointer(in.PreStop))
return nil
}
@ -4124,6 +4153,30 @@ func Convert_core_Lifecycle_To_v1_Lifecycle(in *core.Lifecycle, out *v1.Lifecycl
return autoConvert_core_Lifecycle_To_v1_Lifecycle(in, out, s)
}
func autoConvert_v1_LifecycleHandler_To_core_LifecycleHandler(in *v1.LifecycleHandler, out *core.LifecycleHandler, s conversion.Scope) error {
out.Exec = (*core.ExecAction)(unsafe.Pointer(in.Exec))
out.HTTPGet = (*core.HTTPGetAction)(unsafe.Pointer(in.HTTPGet))
out.TCPSocket = (*core.TCPSocketAction)(unsafe.Pointer(in.TCPSocket))
return nil
}
// Convert_v1_LifecycleHandler_To_core_LifecycleHandler is an autogenerated conversion function.
func Convert_v1_LifecycleHandler_To_core_LifecycleHandler(in *v1.LifecycleHandler, out *core.LifecycleHandler, s conversion.Scope) error {
return autoConvert_v1_LifecycleHandler_To_core_LifecycleHandler(in, out, s)
}
func autoConvert_core_LifecycleHandler_To_v1_LifecycleHandler(in *core.LifecycleHandler, out *v1.LifecycleHandler, s conversion.Scope) error {
out.Exec = (*v1.ExecAction)(unsafe.Pointer(in.Exec))
out.HTTPGet = (*v1.HTTPGetAction)(unsafe.Pointer(in.HTTPGet))
out.TCPSocket = (*v1.TCPSocketAction)(unsafe.Pointer(in.TCPSocket))
return nil
}
// Convert_core_LifecycleHandler_To_v1_LifecycleHandler is an autogenerated conversion function.
func Convert_core_LifecycleHandler_To_v1_LifecycleHandler(in *core.LifecycleHandler, out *v1.LifecycleHandler, s conversion.Scope) error {
return autoConvert_core_LifecycleHandler_To_v1_LifecycleHandler(in, out, s)
}
func autoConvert_v1_LimitRange_To_core_LimitRange(in *v1.LimitRange, out *core.LimitRange, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1_LimitRangeSpec_To_core_LimitRangeSpec(&in.Spec, &out.Spec, s); err != nil {
@ -5150,6 +5203,8 @@ func autoConvert_v1_PersistentVolumeClaimStatus_To_core_PersistentVolumeClaimSta
out.AccessModes = *(*[]core.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes))
out.Capacity = *(*core.ResourceList)(unsafe.Pointer(&in.Capacity))
out.Conditions = *(*[]core.PersistentVolumeClaimCondition)(unsafe.Pointer(&in.Conditions))
out.AllocatedResources = *(*core.ResourceList)(unsafe.Pointer(&in.AllocatedResources))
out.ResizeStatus = (*core.PersistentVolumeClaimResizeStatus)(unsafe.Pointer(in.ResizeStatus))
return nil
}
@ -5163,6 +5218,8 @@ func autoConvert_core_PersistentVolumeClaimStatus_To_v1_PersistentVolumeClaimSta
out.AccessModes = *(*[]v1.PersistentVolumeAccessMode)(unsafe.Pointer(&in.AccessModes))
out.Capacity = *(*v1.ResourceList)(unsafe.Pointer(&in.Capacity))
out.Conditions = *(*[]v1.PersistentVolumeClaimCondition)(unsafe.Pointer(&in.Conditions))
out.AllocatedResources = *(*v1.ResourceList)(unsafe.Pointer(&in.AllocatedResources))
out.ResizeStatus = (*v1.PersistentVolumeClaimResizeStatus)(unsafe.Pointer(in.ResizeStatus))
return nil
}
@ -5894,6 +5951,26 @@ func Convert_url_Values_To_v1_PodLogOptions(in *url.Values, out *v1.PodLogOption
return autoConvert_url_Values_To_v1_PodLogOptions(in, out, s)
}
func autoConvert_v1_PodOS_To_core_PodOS(in *v1.PodOS, out *core.PodOS, s conversion.Scope) error {
out.Name = core.OSName(in.Name)
return nil
}
// Convert_v1_PodOS_To_core_PodOS is an autogenerated conversion function.
func Convert_v1_PodOS_To_core_PodOS(in *v1.PodOS, out *core.PodOS, s conversion.Scope) error {
return autoConvert_v1_PodOS_To_core_PodOS(in, out, s)
}
func autoConvert_core_PodOS_To_v1_PodOS(in *core.PodOS, out *v1.PodOS, s conversion.Scope) error {
out.Name = v1.OSName(in.Name)
return nil
}
// Convert_core_PodOS_To_v1_PodOS is an autogenerated conversion function.
func Convert_core_PodOS_To_v1_PodOS(in *core.PodOS, out *v1.PodOS, s conversion.Scope) error {
return autoConvert_core_PodOS_To_v1_PodOS(in, out, s)
}
func autoConvert_v1_PodPortForwardOptions_To_core_PodPortForwardOptions(in *v1.PodPortForwardOptions, out *core.PodPortForwardOptions, s conversion.Scope) error {
out.Ports = *(*[]int32)(unsafe.Pointer(&in.Ports))
return nil
@ -6106,6 +6183,7 @@ func autoConvert_v1_PodSpec_To_core_PodSpec(in *v1.PodSpec, out *core.PodSpec, s
out.Overhead = *(*core.ResourceList)(unsafe.Pointer(&in.Overhead))
out.TopologySpreadConstraints = *(*[]core.TopologySpreadConstraint)(unsafe.Pointer(&in.TopologySpreadConstraints))
out.SetHostnameAsFQDN = (*bool)(unsafe.Pointer(in.SetHostnameAsFQDN))
out.OS = (*core.PodOS)(unsafe.Pointer(in.OS))
return nil
}
@ -6158,6 +6236,7 @@ func autoConvert_core_PodSpec_To_v1_PodSpec(in *core.PodSpec, out *v1.PodSpec, s
out.Overhead = *(*v1.ResourceList)(unsafe.Pointer(&in.Overhead))
out.EnableServiceLinks = (*bool)(unsafe.Pointer(in.EnableServiceLinks))
out.TopologySpreadConstraints = *(*[]v1.TopologySpreadConstraint)(unsafe.Pointer(&in.TopologySpreadConstraints))
out.OS = (*v1.PodOS)(unsafe.Pointer(in.OS))
return nil
}
@ -6429,7 +6508,7 @@ func Convert_core_PreferredSchedulingTerm_To_v1_PreferredSchedulingTerm(in *core
}
func autoConvert_v1_Probe_To_core_Probe(in *v1.Probe, out *core.Probe, s conversion.Scope) error {
if err := Convert_v1_Handler_To_core_Handler(&in.Handler, &out.Handler, s); err != nil {
if err := Convert_v1_ProbeHandler_To_core_ProbeHandler(&in.ProbeHandler, &out.ProbeHandler, s); err != nil {
return err
}
out.InitialDelaySeconds = in.InitialDelaySeconds
@ -6447,7 +6526,7 @@ func Convert_v1_Probe_To_core_Probe(in *v1.Probe, out *core.Probe, s conversion.
}
func autoConvert_core_Probe_To_v1_Probe(in *core.Probe, out *v1.Probe, s conversion.Scope) error {
if err := Convert_core_Handler_To_v1_Handler(&in.Handler, &out.Handler, s); err != nil {
if err := Convert_core_ProbeHandler_To_v1_ProbeHandler(&in.ProbeHandler, &out.ProbeHandler, s); err != nil {
return err
}
out.InitialDelaySeconds = in.InitialDelaySeconds
@ -6464,6 +6543,32 @@ func Convert_core_Probe_To_v1_Probe(in *core.Probe, out *v1.Probe, s conversion.
return autoConvert_core_Probe_To_v1_Probe(in, out, s)
}
func autoConvert_v1_ProbeHandler_To_core_ProbeHandler(in *v1.ProbeHandler, out *core.ProbeHandler, s conversion.Scope) error {
out.Exec = (*core.ExecAction)(unsafe.Pointer(in.Exec))
out.HTTPGet = (*core.HTTPGetAction)(unsafe.Pointer(in.HTTPGet))
out.TCPSocket = (*core.TCPSocketAction)(unsafe.Pointer(in.TCPSocket))
out.GRPC = (*core.GRPCAction)(unsafe.Pointer(in.GRPC))
return nil
}
// Convert_v1_ProbeHandler_To_core_ProbeHandler is an autogenerated conversion function.
func Convert_v1_ProbeHandler_To_core_ProbeHandler(in *v1.ProbeHandler, out *core.ProbeHandler, s conversion.Scope) error {
return autoConvert_v1_ProbeHandler_To_core_ProbeHandler(in, out, s)
}
func autoConvert_core_ProbeHandler_To_v1_ProbeHandler(in *core.ProbeHandler, out *v1.ProbeHandler, s conversion.Scope) error {
out.Exec = (*v1.ExecAction)(unsafe.Pointer(in.Exec))
out.HTTPGet = (*v1.HTTPGetAction)(unsafe.Pointer(in.HTTPGet))
out.TCPSocket = (*v1.TCPSocketAction)(unsafe.Pointer(in.TCPSocket))
out.GRPC = (*v1.GRPCAction)(unsafe.Pointer(in.GRPC))
return nil
}
// Convert_core_ProbeHandler_To_v1_ProbeHandler is an autogenerated conversion function.
func Convert_core_ProbeHandler_To_v1_ProbeHandler(in *core.ProbeHandler, out *v1.ProbeHandler, s conversion.Scope) error {
return autoConvert_core_ProbeHandler_To_v1_ProbeHandler(in, out, s)
}
func autoConvert_v1_ProjectedVolumeSource_To_core_ProjectedVolumeSource(in *v1.ProjectedVolumeSource, out *core.ProjectedVolumeSource, s conversion.Scope) error {
if in.Sources != nil {
in, out := &in.Sources, &out.Sources

272
vendor/k8s.io/kubernetes/pkg/apis/core/v1/zz_generated.defaults.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
@ -154,6 +155,7 @@ func SetObjectDefaults_PersistentVolumeClaim(in *v1.PersistentVolumeClaim) {
SetDefaults_ResourceList(&in.Spec.Resources.Limits)
SetDefaults_ResourceList(&in.Spec.Resources.Requests)
SetDefaults_ResourceList(&in.Status.Capacity)
SetDefaults_ResourceList(&in.Status.AllocatedResources)
}
func SetObjectDefaults_PersistentVolumeClaimList(in *v1.PersistentVolumeClaimList) {
@ -252,20 +254,38 @@ func SetObjectDefaults_Pod(in *v1.Pod) {
SetDefaults_ResourceList(&a.Resources.Requests)
if a.LivenessProbe != nil {
SetDefaults_Probe(a.LivenessProbe)
if a.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.LivenessProbe.ProbeHandler.GRPC != nil {
if a.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.ReadinessProbe != nil {
SetDefaults_Probe(a.ReadinessProbe)
if a.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.StartupProbe != nil {
SetDefaults_Probe(a.StartupProbe)
if a.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
if a.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
}
if a.StartupProbe.ProbeHandler.GRPC != nil {
if a.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.Lifecycle != nil {
@ -302,20 +322,38 @@ func SetObjectDefaults_Pod(in *v1.Pod) {
SetDefaults_ResourceList(&a.Resources.Requests)
if a.LivenessProbe != nil {
SetDefaults_Probe(a.LivenessProbe)
if a.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.LivenessProbe.ProbeHandler.GRPC != nil {
if a.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.ReadinessProbe != nil {
SetDefaults_Probe(a.ReadinessProbe)
if a.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.StartupProbe != nil {
SetDefaults_Probe(a.StartupProbe)
if a.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
if a.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
}
if a.StartupProbe.ProbeHandler.GRPC != nil {
if a.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.Lifecycle != nil {
@ -352,20 +390,38 @@ func SetObjectDefaults_Pod(in *v1.Pod) {
SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests)
if a.EphemeralContainerCommon.LivenessProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe)
if a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.ReadinessProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe)
if a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.StartupProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe)
if a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.Lifecycle != nil {
@ -472,20 +528,38 @@ func SetObjectDefaults_PodTemplate(in *v1.PodTemplate) {
SetDefaults_ResourceList(&a.Resources.Requests)
if a.LivenessProbe != nil {
SetDefaults_Probe(a.LivenessProbe)
if a.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.LivenessProbe.ProbeHandler.GRPC != nil {
if a.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.ReadinessProbe != nil {
SetDefaults_Probe(a.ReadinessProbe)
if a.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.StartupProbe != nil {
SetDefaults_Probe(a.StartupProbe)
if a.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
if a.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
}
if a.StartupProbe.ProbeHandler.GRPC != nil {
if a.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.Lifecycle != nil {
@ -522,20 +596,38 @@ func SetObjectDefaults_PodTemplate(in *v1.PodTemplate) {
SetDefaults_ResourceList(&a.Resources.Requests)
if a.LivenessProbe != nil {
SetDefaults_Probe(a.LivenessProbe)
if a.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.LivenessProbe.ProbeHandler.GRPC != nil {
if a.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.ReadinessProbe != nil {
SetDefaults_Probe(a.ReadinessProbe)
if a.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.StartupProbe != nil {
SetDefaults_Probe(a.StartupProbe)
if a.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
if a.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
}
if a.StartupProbe.ProbeHandler.GRPC != nil {
if a.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.Lifecycle != nil {
@ -572,20 +664,38 @@ func SetObjectDefaults_PodTemplate(in *v1.PodTemplate) {
SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests)
if a.EphemeralContainerCommon.LivenessProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe)
if a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.ReadinessProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe)
if a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.StartupProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe)
if a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.Lifecycle != nil {
@ -694,20 +804,38 @@ func SetObjectDefaults_ReplicationController(in *v1.ReplicationController) {
SetDefaults_ResourceList(&a.Resources.Requests)
if a.LivenessProbe != nil {
SetDefaults_Probe(a.LivenessProbe)
if a.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.LivenessProbe.ProbeHandler.GRPC != nil {
if a.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.ReadinessProbe != nil {
SetDefaults_Probe(a.ReadinessProbe)
if a.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.StartupProbe != nil {
SetDefaults_Probe(a.StartupProbe)
if a.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
if a.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
}
if a.StartupProbe.ProbeHandler.GRPC != nil {
if a.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.Lifecycle != nil {
@ -744,20 +872,38 @@ func SetObjectDefaults_ReplicationController(in *v1.ReplicationController) {
SetDefaults_ResourceList(&a.Resources.Requests)
if a.LivenessProbe != nil {
SetDefaults_Probe(a.LivenessProbe)
if a.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.Handler.HTTPGet)
if a.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.LivenessProbe.ProbeHandler.GRPC != nil {
if a.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.ReadinessProbe != nil {
SetDefaults_Probe(a.ReadinessProbe)
if a.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.Handler.HTTPGet)
if a.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.StartupProbe != nil {
SetDefaults_Probe(a.StartupProbe)
if a.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.Handler.HTTPGet)
if a.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.StartupProbe.ProbeHandler.HTTPGet)
}
if a.StartupProbe.ProbeHandler.GRPC != nil {
if a.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.Lifecycle != nil {
@ -794,20 +940,38 @@ func SetObjectDefaults_ReplicationController(in *v1.ReplicationController) {
SetDefaults_ResourceList(&a.EphemeralContainerCommon.Resources.Requests)
if a.EphemeralContainerCommon.LivenessProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.LivenessProbe)
if a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.LivenessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.ReadinessProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.ReadinessProbe)
if a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.ReadinessProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.StartupProbe != nil {
SetDefaults_Probe(a.EphemeralContainerCommon.StartupProbe)
if a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.Handler.HTTPGet)
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet != nil {
SetDefaults_HTTPGetAction(a.EphemeralContainerCommon.StartupProbe.ProbeHandler.HTTPGet)
}
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC != nil {
if a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service == nil {
var ptrVar1 string = ""
a.EphemeralContainerCommon.StartupProbe.ProbeHandler.GRPC.Service = &ptrVar1
}
}
}
if a.EphemeralContainerCommon.Lifecycle != nil {

446
vendor/k8s.io/kubernetes/pkg/apis/core/validation/validation.go generated vendored
View File

@ -45,6 +45,7 @@ import (
schedulinghelper "k8s.io/component-helpers/scheduling/corev1"
apiservice "k8s.io/kubernetes/pkg/api/service"
"k8s.io/kubernetes/pkg/apis/core"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/apis/core/helper"
podshelper "k8s.io/kubernetes/pkg/apis/core/pods"
corev1 "k8s.io/kubernetes/pkg/apis/core/v1"
@ -78,9 +79,16 @@ var allowedEphemeralContainerFields = map[string]bool{
"Command": true,
"Args": true,
"WorkingDir": true,
"Ports": false,
"EnvFrom": true,
"Env": true,
"Resources": false,
"VolumeMounts": true,
"VolumeDevices": true,
"LivenessProbe": false,
"ReadinessProbe": false,
"StartupProbe": false,
"Lifecycle": false,
"TerminationMessagePath": true,
"TerminationMessagePolicy": true,
"ImagePullPolicy": true,
@ -90,6 +98,12 @@ var allowedEphemeralContainerFields = map[string]bool{
"TTY": true,
}
// validOS stores the set of valid OSes within pod spec.
// The valid values currently are linux, windows.
// In future, they can be expanded to values from
// https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
var validOS = sets.NewString(string(core.Linux), string(core.Windows))
// ValidateHasLabel requires that metav1.ObjectMeta has a Label with key and expectedValue
func ValidateHasLabel(meta metav1.ObjectMeta, fldPath *field.Path, key, expectedValue string) field.ErrorList {
allErrs := field.ErrorList{}
@ -415,9 +429,12 @@ func IsMatchedVolume(name string, volumes map[string]core.VolumeSource) bool {
return false
}
func isMatchedDevice(name string, volumes map[string]core.VolumeSource) (bool, bool) {
// isMatched checks whether the volume with the given name is used by a
// container and if so, if it involves a PVC.
func isMatchedDevice(name string, volumes map[string]core.VolumeSource) (isMatched bool, isPVC bool) {
if source, ok := volumes[name]; ok {
if source.PersistentVolumeClaim != nil {
if source.PersistentVolumeClaim != nil ||
source.Ephemeral != nil {
return true, true
}
return true, false
@ -2003,20 +2020,26 @@ func ValidatePersistentVolumeStatusUpdate(newPv, oldPv *core.PersistentVolume) f
return allErrs
}
// PersistentVolumeClaimSpecValidationOptions contains the different settings for PersistentVolumeClaim validation
type PersistentVolumeClaimSpecValidationOptions struct {
// Allow spec to contain the "ReadWiteOncePod" access mode
AllowReadWriteOncePod bool
// Allow pvc expansion after PVC is created and bound to a PV
EnableExpansion bool
// Allow users to recover from previously failing expansion operation
EnableRecoverFromExpansionFailure bool
}
func ValidationOptionsForPersistentVolumeClaim(pvc, oldPvc *core.PersistentVolumeClaim) PersistentVolumeClaimSpecValidationOptions {
opts := PersistentVolumeClaimSpecValidationOptions{
AllowReadWriteOncePod: utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod),
AllowReadWriteOncePod: utilfeature.DefaultFeatureGate.Enabled(features.ReadWriteOncePod),
EnableExpansion: utilfeature.DefaultFeatureGate.Enabled(features.ExpandPersistentVolumes),
EnableRecoverFromExpansionFailure: utilfeature.DefaultFeatureGate.Enabled(features.RecoverVolumeExpansionFailure),
}
if oldPvc == nil {
// If there's no old PVC, use the options based solely on feature enablement
return opts
}
if helper.ContainsAccessMode(oldPvc.Spec.AccessModes, core.ReadWriteOncePod) {
// If the old object allowed "ReadWriteOncePod", continue to allow it in the new object
opts.AllowReadWriteOncePod = true
@ -2156,7 +2179,7 @@ func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *core.PersistentVolumeCl
allErrs = append(allErrs, ValidateImmutableAnnotation(newPvc.ObjectMeta.Annotations[v1.BetaStorageClassAnnotation], oldPvc.ObjectMeta.Annotations[v1.BetaStorageClassAnnotation], v1.BetaStorageClassAnnotation, field.NewPath("metadata"))...)
}
if utilfeature.DefaultFeatureGate.Enabled(features.ExpandPersistentVolumes) {
if opts.EnableExpansion {
// lets make sure storage values are same.
if newPvc.Status.Phase == core.ClaimBound && newPvcClone.Spec.Resources.Requests != nil {
newPvcClone.Spec.Resources.Requests["storage"] = oldPvc.Spec.Resources.Requests["storage"] // +k8s:verify-mutation:reason=clone
@ -2164,13 +2187,23 @@ func ValidatePersistentVolumeClaimUpdate(newPvc, oldPvc *core.PersistentVolumeCl
oldSize := oldPvc.Spec.Resources.Requests["storage"]
newSize := newPvc.Spec.Resources.Requests["storage"]
statusSize := oldPvc.Status.Capacity["storage"]
if !apiequality.Semantic.DeepEqual(newPvcClone.Spec, oldPvcClone.Spec) {
specDiff := diff.ObjectDiff(newPvcClone.Spec, oldPvcClone.Spec)
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), fmt.Sprintf("spec is immutable after creation except resources.requests for bound claims\n%v", specDiff)))
}
if newSize.Cmp(oldSize) < 0 {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "resources", "requests", "storage"), "field can not be less than previous value"))
if !opts.EnableRecoverFromExpansionFailure {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "resources", "requests", "storage"), "field can not be less than previous value"))
} else {
// This validation permits reducing pvc requested size up to capacity recorded in pvc.status
// so that users can recover from volume expansion failure, but Kubernetes does not actually
// support volume shrinking
if newSize.Cmp(statusSize) <= 0 {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "resources", "requests", "storage"), "field can not be less than status.capacity"))
}
}
}
} else {
@ -2203,8 +2236,15 @@ func validateStorageClassUpgrade(oldAnnotations, newAnnotations map[string]strin
(!newAnnotationExist || newScInAnnotation == oldSc) /* condition 4 */
}
var resizeStatusSet = sets.NewString(string(core.PersistentVolumeClaimNoExpansionInProgress),
string(core.PersistentVolumeClaimControllerExpansionInProgress),
string(core.PersistentVolumeClaimControllerExpansionFailed),
string(core.PersistentVolumeClaimNodeExpansionPending),
string(core.PersistentVolumeClaimNodeExpansionInProgress),
string(core.PersistentVolumeClaimNodeExpansionFailed))
// ValidatePersistentVolumeClaimStatusUpdate validates an update to status of a PersistentVolumeClaim
func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVolumeClaim) field.ErrorList {
func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVolumeClaim, validationOpts PersistentVolumeClaimSpecValidationOptions) field.ErrorList {
allErrs := ValidateObjectMetaUpdate(&newPvc.ObjectMeta, &oldPvc.ObjectMeta, field.NewPath("metadata"))
if len(newPvc.ResourceVersion) == 0 {
allErrs = append(allErrs, field.Required(field.NewPath("resourceVersion"), ""))
@ -2212,10 +2252,32 @@ func ValidatePersistentVolumeClaimStatusUpdate(newPvc, oldPvc *core.PersistentVo
if len(newPvc.Spec.AccessModes) == 0 {
allErrs = append(allErrs, field.Required(field.NewPath("Spec", "accessModes"), ""))
}
capPath := field.NewPath("status", "capacity")
for r, qty := range newPvc.Status.Capacity {
allErrs = append(allErrs, validateBasicResource(qty, capPath.Key(string(r)))...)
}
if validationOpts.EnableRecoverFromExpansionFailure {
resizeStatusPath := field.NewPath("status", "resizeStatus")
if newPvc.Status.ResizeStatus != nil {
resizeStatus := *newPvc.Status.ResizeStatus
if !resizeStatusSet.Has(string(resizeStatus)) {
allErrs = append(allErrs, field.NotSupported(resizeStatusPath, resizeStatus, resizeStatusSet.List()))
}
}
allocPath := field.NewPath("status", "allocatedResources")
for r, qty := range newPvc.Status.AllocatedResources {
if r != core.ResourceStorage {
allErrs = append(allErrs, field.NotSupported(allocPath, r, []string{string(core.ResourceStorage)}))
continue
}
if errs := validateBasicResource(qty, allocPath.Key(string(r))); len(errs) > 0 {
allErrs = append(allErrs, errs...)
} else {
allErrs = append(allErrs, ValidateResourceQuantityValue(string(core.ResourceStorage), qty, allocPath.Key(string(r)))...)
}
}
}
return allErrs
}
@ -2285,8 +2347,6 @@ var validEnvDownwardAPIFieldPathExpressions = sets.NewString(
"spec.serviceAccountName",
"status.hostIP",
"status.podIP",
// status.podIPs is populated even if IPv6DualStack feature gate
// is not enabled. This will work for single stack and dual stack.
"status.podIPs")
var validContainerResourceFieldPathExpressions = sets.NewString("limits.cpu", "limits.memory", "limits.ephemeral-storage", "requests.cpu", "requests.memory", "requests.ephemeral-storage")
@ -2610,9 +2670,9 @@ func ValidateVolumeDevices(devices []core.VolumeDevice, volmounts map[string]str
if devicename.Has(devName) {
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "must be unique"))
}
// Must be PersistentVolumeClaim volume source
// Must be based on PersistentVolumeClaim (PVC reference or generic ephemeral inline volume)
if didMatch && !isPVC {
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "can only use volume source type of PersistentVolumeClaim for block mode"))
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "can only use volume source type of PersistentVolumeClaim or Ephemeral for block mode"))
}
if !didMatch {
allErrs = append(allErrs, field.NotFound(idxPath.Child("name"), devName))
@ -2648,7 +2708,7 @@ func validateProbe(probe *core.Probe, fldPath *field.Path) field.ErrorList {
if probe == nil {
return allErrs
}
allErrs = append(allErrs, validateHandler(&probe.Handler, fldPath)...)
allErrs = append(allErrs, validateHandler(handlerFromProbe(&probe.ProbeHandler), fldPath)...)
allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.InitialDelaySeconds), fldPath.Child("initialDelaySeconds"))...)
allErrs = append(allErrs, ValidateNonnegativeField(int64(probe.TimeoutSeconds), fldPath.Child("timeoutSeconds"))...)
@ -2661,6 +2721,30 @@ func validateProbe(probe *core.Probe, fldPath *field.Path) field.ErrorList {
return allErrs
}
type commonHandler struct {
Exec *core.ExecAction
HTTPGet *core.HTTPGetAction
TCPSocket *core.TCPSocketAction
GRPC *core.GRPCAction
}
func handlerFromProbe(ph *core.ProbeHandler) commonHandler {
return commonHandler{
Exec: ph.Exec,
HTTPGet: ph.HTTPGet,
TCPSocket: ph.TCPSocket,
GRPC: ph.GRPC,
}
}
func handlerFromLifecycle(lh *core.LifecycleHandler) commonHandler {
return commonHandler{
Exec: lh.Exec,
HTTPGet: lh.HTTPGet,
TCPSocket: lh.TCPSocket,
}
}
func validateClientIPAffinityConfig(config *core.SessionAffinityConfig, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if config == nil {
@ -2766,8 +2850,10 @@ func ValidatePortNumOrName(port intstr.IntOrString, fldPath *field.Path) field.E
func validateTCPSocketAction(tcp *core.TCPSocketAction, fldPath *field.Path) field.ErrorList {
return ValidatePortNumOrName(tcp.Port, fldPath.Child("port"))
}
func validateHandler(handler *core.Handler, fldPath *field.Path) field.ErrorList {
func validateGRPCAction(grpc *core.GRPCAction, fldPath *field.Path) field.ErrorList {
return ValidatePortNumOrName(intstr.FromInt(int(grpc.Port)), fldPath.Child("port"))
}
func validateHandler(handler commonHandler, fldPath *field.Path) field.ErrorList {
numHandlers := 0
allErrors := field.ErrorList{}
if handler.Exec != nil {
@ -2794,6 +2880,14 @@ func validateHandler(handler *core.Handler, fldPath *field.Path) field.ErrorList
allErrors = append(allErrors, validateTCPSocketAction(handler.TCPSocket, fldPath.Child("tcpSocket"))...)
}
}
if handler.GRPC != nil {
if numHandlers > 0 {
allErrors = append(allErrors, field.Forbidden(fldPath.Child("grpc"), "may not specify more than 1 handler type"))
} else {
numHandlers++
allErrors = append(allErrors, validateGRPCAction(handler.GRPC, fldPath.Child("grpc"))...)
}
}
if numHandlers == 0 {
allErrors = append(allErrors, field.Required(fldPath, "must specify a handler type"))
}
@ -2803,10 +2897,10 @@ func validateHandler(handler *core.Handler, fldPath *field.Path) field.ErrorList
func validateLifecycle(lifecycle *core.Lifecycle, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if lifecycle.PostStart != nil {
allErrs = append(allErrs, validateHandler(lifecycle.PostStart, fldPath.Child("postStart"))...)
allErrs = append(allErrs, validateHandler(handlerFromLifecycle(lifecycle.PostStart), fldPath.Child("postStart"))...)
}
if lifecycle.PreStop != nil {
allErrs = append(allErrs, validateHandler(lifecycle.PreStop, fldPath.Child("preStop"))...)
allErrs = append(allErrs, validateHandler(handlerFromLifecycle(lifecycle.PreStop), fldPath.Child("preStop"))...)
}
return allErrs
}
@ -2874,6 +2968,18 @@ func validateEphemeralContainers(ephemeralContainers []core.EphemeralContainer,
// Lifecycle, probes, resources and ports should be disallowed. This is implemented as a list
// of allowed fields so that new fields will be given consideration prior to inclusion in Ephemeral Containers.
allErrs = append(allErrs, validateFieldAllowList(ec.EphemeralContainerCommon, allowedEphemeralContainerFields, "cannot be set for an Ephemeral Container", idxPath)...)
// VolumeMount subpaths have the potential to leak resources since they're implemented with bind mounts
// that aren't cleaned up until the pod exits. Since they also imply that the container is being used
// as part of the workload, they're disallowed entirely.
for i, vm := range ec.VolumeMounts {
if vm.SubPath != "" {
allErrs = append(allErrs, field.Forbidden(idxPath.Child("volumeMounts").Index(i).Child("subPath"), "cannot be set for an Ephemeral Container"))
}
if vm.SubPathExpr != "" {
allErrs = append(allErrs, field.Forbidden(idxPath.Child("volumeMounts").Index(i).Child("subPathExpr"), "cannot be set for an Ephemeral Container"))
}
}
}
return allErrs
@ -2902,7 +3008,7 @@ func validateFieldAllowList(value interface{}, allowedFields map[string]bool, er
return allErrs
}
func validateInitContainers(containers, otherContainers []core.Container, deviceVolumes map[string]core.VolumeSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList {
func validateInitContainers(containers []core.Container, otherContainers []core.Container, deviceVolumes map[string]core.VolumeSource, fldPath *field.Path, opts PodValidationOptions) field.ErrorList {
var allErrs field.ErrorList
if len(containers) > 0 {
allErrs = append(allErrs, validateContainers(containers, true, deviceVolumes, fldPath, opts)...)
@ -3112,7 +3218,7 @@ func validatePodDNSConfig(dnsConfig *core.PodDNSConfig, dnsPolicy *core.DNSPolic
allErrs = append(allErrs, field.Invalid(fldPath.Child("nameservers"), dnsConfig.Nameservers, fmt.Sprintf("must not have more than %v nameservers", MaxDNSNameservers)))
}
for i, ns := range dnsConfig.Nameservers {
if ip := net.ParseIP(ns); ip == nil {
if ip := netutils.ParseIPSloppy(ns); ip == nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("nameservers").Index(i), ns, "must be valid IP address"))
}
}
@ -3246,7 +3352,7 @@ func validateOnlyAddedTolerations(newTolerations []core.Toleration, oldToleratio
func ValidateHostAliases(hostAliases []core.HostAlias, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
for _, hostAlias := range hostAliases {
if ip := net.ParseIP(hostAlias.IP); ip == nil {
if ip := netutils.ParseIPSloppy(hostAlias.IP); ip == nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("ip"), hostAlias.IP, "must be valid IP address"))
}
for _, hostname := range hostAlias.Hostnames {
@ -3326,6 +3432,10 @@ type PodValidationOptions struct {
AllowWindowsHostProcessField bool
// Allow more DNSSearchPaths and longer DNSSearchListChars
AllowExpandedDNSConfig bool
// Allow OSField to be set in the pod spec
AllowOSField bool
// Allow sysctl name to contain a slash
AllowSysctlRegexContainSlash bool
}
// validatePodMetadataAndSpec tests if required fields in the pod.metadata and pod.spec are set,
@ -3422,7 +3532,7 @@ func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *fi
allErrs = append(allErrs, validateRestartPolicy(&spec.RestartPolicy, fldPath.Child("restartPolicy"))...)
allErrs = append(allErrs, validateDNSPolicy(&spec.DNSPolicy, fldPath.Child("dnsPolicy"))...)
allErrs = append(allErrs, unversionedvalidation.ValidateLabels(spec.NodeSelector, fldPath.Child("nodeSelector"))...)
allErrs = append(allErrs, ValidatePodSecurityContext(spec.SecurityContext, spec, fldPath, fldPath.Child("securityContext"))...)
allErrs = append(allErrs, ValidatePodSecurityContext(spec.SecurityContext, spec, fldPath, fldPath.Child("securityContext"), opts)...)
allErrs = append(allErrs, validateImagePullSecrets(spec.ImagePullSecrets, fldPath.Child("imagePullSecrets"))...)
allErrs = append(allErrs, validateAffinity(spec.Affinity, fldPath.Child("affinity"))...)
allErrs = append(allErrs, validatePodDNSConfig(spec.DNSConfig, &spec.DNSPolicy, fldPath.Child("dnsConfig"), opts)...)
@ -3482,6 +3592,115 @@ func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *fi
allErrs = append(allErrs, validateOverhead(spec.Overhead, fldPath.Child("overhead"), opts)...)
}
if spec.OS != nil {
osErrs := validateOS(spec, fldPath.Child("os"), opts)
switch {
case len(osErrs) > 0:
allErrs = append(allErrs, osErrs...)
case spec.OS.Name == core.Linux:
allErrs = append(allErrs, validateLinux(spec, fldPath)...)
case spec.OS.Name == core.Windows:
allErrs = append(allErrs, validateWindows(spec, fldPath)...)
}
}
return allErrs
}
func validateLinux(spec *core.PodSpec, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
securityContext := spec.SecurityContext
if securityContext != nil && securityContext.WindowsOptions != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("windowsOptions"), "windows options cannot be set for a linux pod"))
}
podshelper.VisitContainersWithPath(spec, fldPath, func(c *core.Container, cFldPath *field.Path) bool {
sc := c.SecurityContext
if sc != nil && sc.WindowsOptions != nil {
fldPath := cFldPath.Child("securityContext")
allErrs = append(allErrs, field.Forbidden(fldPath.Child("windowsOptions"), "windows options cannot be set for a linux pod"))
}
return true
})
return allErrs
}
func validateWindows(spec *core.PodSpec, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
securityContext := spec.SecurityContext
// validate Pod SecurityContext
if securityContext != nil {
if securityContext.SELinuxOptions != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("seLinuxOptions"), "cannot be set for a windows pod"))
}
if securityContext.HostPID {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostPID"), "cannot be set for a windows pod"))
}
if securityContext.HostIPC {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostIPC"), "cannot be set for a windows pod"))
}
if securityContext.SeccompProfile != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("seccompProfile"), "cannot be set for a windows pod"))
}
if securityContext.FSGroup != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("fsGroup"), "cannot be set for a windows pod"))
}
if securityContext.FSGroupChangePolicy != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("fsGroupChangePolicy"), "cannot be set for a windows pod"))
}
if len(securityContext.Sysctls) > 0 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("sysctls"), "cannot be set for a windows pod"))
}
if securityContext.ShareProcessNamespace != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("shareProcessNamespace"), "cannot be set for a windows pod"))
}
if securityContext.RunAsUser != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("runAsUser"), "cannot be set for a windows pod"))
}
if securityContext.RunAsGroup != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("runAsGroup"), "cannot be set for a windows pod"))
}
if securityContext.SupplementalGroups != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("securityContext").Child("supplementalGroups"), "cannot be set for a windows pod"))
}
}
podshelper.VisitContainersWithPath(spec, fldPath, func(c *core.Container, cFldPath *field.Path) bool {
// validate container security context
sc := c.SecurityContext
// OS based podSecurityContext validation
// There is some naming overlap between Windows and Linux Security Contexts but all the Windows Specific options
// are set via securityContext.WindowsOptions which we validate below
// TODO: Think if we need to relax this restriction or some of the restrictions
if sc != nil {
fldPath := cFldPath.Child("securityContext")
if sc.SELinuxOptions != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("seLinuxOptions"), "cannot be set for a windows pod"))
}
if sc.SeccompProfile != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("seccompProfile"), "cannot be set for a windows pod"))
}
if sc.Capabilities != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("capabilities"), "cannot be set for a windows pod"))
}
if sc.ReadOnlyRootFilesystem != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("readOnlyRootFilesystem"), "cannot be set for a windows pod"))
}
if sc.Privileged != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("privileged"), "cannot be set for a windows pod"))
}
if sc.AllowPrivilegeEscalation != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("allowPrivilegeEscalation"), "cannot be set for a windows pod"))
}
if sc.ProcMount != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("procMount"), "cannot be set for a windows pod"))
}
if sc.RunAsUser != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("runAsUser"), "cannot be set for a windows pod"))
}
if sc.RunAsGroup != nil {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("runAsGroup"), "cannot be set for a windows pod"))
}
}
return true
})
return allErrs
}
@ -3868,29 +4087,48 @@ const (
// a sysctl name regex
SysctlFmt string = "(" + SysctlSegmentFmt + "\\.)*" + SysctlSegmentFmt
// a sysctl name regex with slash allowed
SysctlContainSlashFmt string = "(" + SysctlSegmentFmt + "[\\./])*" + SysctlSegmentFmt
// the maximal length of a sysctl name
SysctlMaxLength int = 253
)
var sysctlRegexp = regexp.MustCompile("^" + SysctlFmt + "$")
var sysctlContainSlashRegexp = regexp.MustCompile("^" + SysctlContainSlashFmt + "$")
// IsValidSysctlName checks that the given string is a valid sysctl name,
// i.e. matches SysctlFmt.
func IsValidSysctlName(name string) bool {
// i.e. matches SysctlFmt (or SysctlContainSlashFmt if canContainSlash is true).
// More info:
// https://man7.org/linux/man-pages/man8/sysctl.8.html
// https://man7.org/linux/man-pages/man5/sysctl.d.5.html
func IsValidSysctlName(name string, canContainSlash bool) bool {
if len(name) > SysctlMaxLength {
return false
}
if canContainSlash {
return sysctlContainSlashRegexp.MatchString(name)
}
return sysctlRegexp.MatchString(name)
}
func validateSysctls(sysctls []core.Sysctl, fldPath *field.Path) field.ErrorList {
func getSysctlFmt(canContainSlash bool) string {
if canContainSlash {
// use relaxed validation everywhere in 1.24
return SysctlContainSlashFmt
}
// Will be removed in 1.24
return SysctlFmt
}
func validateSysctls(sysctls []core.Sysctl, fldPath *field.Path, allowSysctlRegexContainSlash bool) field.ErrorList {
allErrs := field.ErrorList{}
names := make(map[string]struct{})
for i, s := range sysctls {
if len(s.Name) == 0 {
allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("name"), ""))
} else if !IsValidSysctlName(s.Name) {
allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("name"), s.Name, fmt.Sprintf("must have at most %d characters and match regex %s", SysctlMaxLength, SysctlFmt)))
} else if !IsValidSysctlName(s.Name, allowSysctlRegexContainSlash) {
allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("name"), s.Name, fmt.Sprintf("must have at most %d characters and match regex %s", SysctlMaxLength, getSysctlFmt(allowSysctlRegexContainSlash))))
} else if _, ok := names[s.Name]; ok {
allErrs = append(allErrs, field.Duplicate(fldPath.Index(i).Child("name"), s.Name))
}
@ -3900,7 +4138,7 @@ func validateSysctls(sysctls []core.Sysctl, fldPath *field.Path) field.ErrorList
}
// ValidatePodSecurityContext test that the specified PodSecurityContext has valid data.
func ValidatePodSecurityContext(securityContext *core.PodSecurityContext, spec *core.PodSpec, specPath, fldPath *field.Path) field.ErrorList {
func ValidatePodSecurityContext(securityContext *core.PodSecurityContext, spec *core.PodSpec, specPath, fldPath *field.Path, opts PodValidationOptions) field.ErrorList {
allErrs := field.ErrorList{}
if securityContext != nil {
@ -3930,7 +4168,7 @@ func ValidatePodSecurityContext(securityContext *core.PodSecurityContext, spec *
}
if len(securityContext.Sysctls) != 0 {
allErrs = append(allErrs, validateSysctls(securityContext.Sysctls, fldPath.Child("sysctls"))...)
allErrs = append(allErrs, validateSysctls(securityContext.Sysctls, fldPath.Child("sysctls"), opts.AllowSysctlRegexContainSlash)...)
}
if securityContext.FSGroupChangePolicy != nil {
@ -4166,7 +4404,7 @@ func ValidateContainerStateTransition(newStatuses, oldStatuses []core.ContainerS
return allErrs
}
// ValidatePodStatusUpdate tests to see if the update is legal for an end user to make.
// ValidatePodStatusUpdate checks for changes to status that shouldn't occur in normal operation.
func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList {
fldPath := field.NewPath("metadata")
allErrs := ValidateObjectMetaUpdate(&newPod.ObjectMeta, &oldPod.ObjectMeta, fldPath)
@ -4188,6 +4426,8 @@ func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions
// any terminated containers to a non-terminated state.
allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.ContainerStatuses, oldPod.Status.ContainerStatuses, fldPath.Child("containerStatuses"), oldPod.Spec.RestartPolicy)...)
allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.InitContainerStatuses, oldPod.Status.InitContainerStatuses, fldPath.Child("initContainerStatuses"), oldPod.Spec.RestartPolicy)...)
// The kubelet will never restart ephemeral containers, so treat them like they have an implicit RestartPolicyNever.
allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.EphemeralContainerStatuses, oldPod.Status.EphemeralContainerStatuses, fldPath.Child("ephemeralContainerStatuses"), core.RestartPolicyNever)...)
if newIPErrs := validatePodIPs(newPod); len(newIPErrs) > 0 {
allErrs = append(allErrs, newIPErrs...)
@ -4214,17 +4454,18 @@ func validatePodConditions(conditions []core.PodCondition, fldPath *field.Path)
// ValidatePodEphemeralContainersUpdate tests that a user update to EphemeralContainers is valid.
// newPod and oldPod must only differ in their EphemeralContainers.
func ValidatePodEphemeralContainersUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions) field.ErrorList {
spec := newPod.Spec
specPath := field.NewPath("spec").Child("ephemeralContainers")
vols := make(map[string]core.VolumeSource)
for _, vol := range spec.Volumes {
vols[vol.Name] = vol.VolumeSource
}
allErrs := validateEphemeralContainers(spec.EphemeralContainers, spec.Containers, spec.InitContainers, vols, specPath, opts)
// Part 1: Validate newPod's spec and updates to metadata
fldPath := field.NewPath("metadata")
allErrs := ValidateObjectMetaUpdate(&newPod.ObjectMeta, &oldPod.ObjectMeta, fldPath)
allErrs = append(allErrs, validatePodMetadataAndSpec(newPod, opts)...)
allErrs = append(allErrs, ValidatePodSpecificAnnotationUpdates(newPod, oldPod, fldPath.Child("annotations"), opts)...)
// Part 2: Validate that the changes between oldPod.Spec.EphemeralContainers and
// newPod.Spec.EphemeralContainers are allowed.
//
// Existing EphemeralContainers may not be changed. Order isn't preserved by patch, so check each individually.
newContainerIndex := make(map[string]*core.EphemeralContainer)
specPath := field.NewPath("spec").Child("ephemeralContainers")
for i := range newPod.Spec.EphemeralContainers {
newContainerIndex[newPod.Spec.EphemeralContainers[i].Name] = &newPod.Spec.EphemeralContainers[i]
}
@ -4357,7 +4598,7 @@ func ValidateService(service *core.Service) field.ErrorList {
}
// dualstack <-> ClusterIPs <-> ipfamilies
allErrs = append(allErrs, validateServiceClusterIPsRelatedFields(service)...)
allErrs = append(allErrs, ValidateServiceClusterIPsRelatedFields(service)...)
ipPath := specPath.Child("externalIPs")
for i, ip := range service.Spec.ExternalIPs {
@ -4453,8 +4694,8 @@ func ValidateService(service *core.Service) field.ErrorList {
// validate LoadBalancerClass field
allErrs = append(allErrs, validateLoadBalancerClassField(nil, service)...)
// external traffic fields
allErrs = append(allErrs, validateServiceExternalTrafficFieldsValue(service)...)
// external traffic policy fields
allErrs = append(allErrs, validateServiceExternalTrafficPolicy(service)...)
// internal traffic policy field
allErrs = append(allErrs, validateServiceInternalTrafficFieldsValue(service)...)
@ -4506,22 +4747,58 @@ func validateServicePort(sp *core.ServicePort, requireName, isHeadlessService bo
return allErrs
}
// validateServiceExternalTrafficFieldsValue validates ExternalTraffic related annotations
// have legal value.
func validateServiceExternalTrafficFieldsValue(service *core.Service) field.ErrorList {
func needsExternalTrafficPolicy(svc *api.Service) bool {
return svc.Spec.Type == core.ServiceTypeLoadBalancer || svc.Spec.Type == core.ServiceTypeNodePort
}
var validExternalTrafficPolicies = sets.NewString(
string(core.ServiceExternalTrafficPolicyTypeCluster),
string(core.ServiceExternalTrafficPolicyTypeLocal))
func validateServiceExternalTrafficPolicy(service *core.Service) field.ErrorList {
allErrs := field.ErrorList{}
// Check first class fields.
if service.Spec.ExternalTrafficPolicy != "" &&
service.Spec.ExternalTrafficPolicy != core.ServiceExternalTrafficPolicyTypeCluster &&
service.Spec.ExternalTrafficPolicy != core.ServiceExternalTrafficPolicyTypeLocal {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("externalTrafficPolicy"), service.Spec.ExternalTrafficPolicy,
fmt.Sprintf("ExternalTrafficPolicy must be empty, %v or %v", core.ServiceExternalTrafficPolicyTypeCluster, core.ServiceExternalTrafficPolicyTypeLocal)))
fldPath := field.NewPath("spec")
if !needsExternalTrafficPolicy(service) {
if service.Spec.ExternalTrafficPolicy != "" {
allErrs = append(allErrs, field.Invalid(fldPath.Child("externalTrafficPolicy"), service.Spec.ExternalTrafficPolicy,
"may only be set when `type` is 'NodePort' or 'LoadBalancer'"))
}
} else {
if service.Spec.ExternalTrafficPolicy == "" {
allErrs = append(allErrs, field.Required(fldPath.Child("externalTrafficPolicy"), ""))
} else if !validExternalTrafficPolicies.Has(string(service.Spec.ExternalTrafficPolicy)) {
allErrs = append(allErrs, field.NotSupported(fldPath.Child("externalTrafficPolicy"),
service.Spec.ExternalTrafficPolicy, validExternalTrafficPolicies.List()))
}
}
if service.Spec.HealthCheckNodePort < 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("healthCheckNodePort"), service.Spec.HealthCheckNodePort,
"HealthCheckNodePort must be not less than 0"))
if !apiservice.NeedsHealthCheck(service) {
if service.Spec.HealthCheckNodePort != 0 {
allErrs = append(allErrs, field.Invalid(fldPath.Child("healthCheckNodePort"), service.Spec.HealthCheckNodePort,
"may only be set when `type` is 'LoadBalancer' and `externalTrafficPolicy` is 'Local'"))
}
} else {
if service.Spec.HealthCheckNodePort == 0 {
allErrs = append(allErrs, field.Required(fldPath.Child("healthCheckNodePort"), ""))
} else {
for _, msg := range validation.IsValidPortNum(int(service.Spec.HealthCheckNodePort)) {
allErrs = append(allErrs, field.Invalid(fldPath.Child("healthCheckNodePort"), service.Spec.HealthCheckNodePort, msg))
}
}
}
return allErrs
}
func validateServiceExternalTrafficFieldsUpdate(before, after *api.Service) field.ErrorList {
allErrs := field.ErrorList{}
if apiservice.NeedsHealthCheck(before) && apiservice.NeedsHealthCheck(after) {
if after.Spec.HealthCheckNodePort != before.Spec.HealthCheckNodePort {
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "healthCheckNodePort"), "field is immutable"))
}
}
return allErrs
@ -4545,29 +4822,6 @@ func validateServiceInternalTrafficFieldsValue(service *core.Service) field.Erro
return allErrs
}
// ValidateServiceExternalTrafficFieldsCombination validates if ExternalTrafficPolicy,
// HealthCheckNodePort and Type combination are legal. For update, it should be called
// after clearing externalTraffic related fields for the ease of transitioning between
// different service types.
func ValidateServiceExternalTrafficFieldsCombination(service *core.Service) field.ErrorList {
allErrs := field.ErrorList{}
if service.Spec.Type != core.ServiceTypeLoadBalancer &&
service.Spec.Type != core.ServiceTypeNodePort &&
service.Spec.ExternalTrafficPolicy != "" {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "externalTrafficPolicy"), service.Spec.ExternalTrafficPolicy,
"ExternalTrafficPolicy can only be set on NodePort and LoadBalancer service"))
}
if !apiservice.NeedsHealthCheck(service) &&
service.Spec.HealthCheckNodePort != 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "healthCheckNodePort"), service.Spec.HealthCheckNodePort,
"HealthCheckNodePort can only be set on LoadBalancer service with ExternalTrafficPolicy=Local"))
}
return allErrs
}
// ValidateServiceCreate validates Services as they are created.
func ValidateServiceCreate(service *core.Service) field.ErrorList {
return ValidateService(service)
@ -4591,6 +4845,8 @@ func ValidateServiceUpdate(service, oldService *core.Service) field.ErrorList {
upgradeDowngradeLoadBalancerClassErrs := validateLoadBalancerClassField(oldService, service)
allErrs = append(allErrs, upgradeDowngradeLoadBalancerClassErrs...)
allErrs = append(allErrs, validateServiceExternalTrafficFieldsUpdate(oldService, service)...)
return append(allErrs, ValidateService(service)...)
}
@ -5840,7 +6096,7 @@ func validateEndpointAddress(address *core.EndpointAddress, fldPath *field.Path)
// - https://www.iana.org/assignments/ipv6-multicast-addresses/ipv6-multicast-addresses.xhtml
func ValidateNonSpecialIP(ipAddress string, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
ip := net.ParseIP(ipAddress)
ip := netutils.ParseIPSloppy(ipAddress)
if ip == nil {
allErrs = append(allErrs, field.Invalid(fldPath, ipAddress, "must be a valid IP address"))
return allErrs
@ -6135,6 +6391,26 @@ func validateWindowsHostProcessPod(podSpec *core.PodSpec, fieldPath *field.Path,
return allErrs
}
// validateOS validates the OS field within pod spec
func validateOS(podSpec *core.PodSpec, fldPath *field.Path, opts PodValidationOptions) field.ErrorList {
allErrs := field.ErrorList{}
os := podSpec.OS
if os == nil {
return allErrs
}
if !opts.AllowOSField {
return append(allErrs, field.Forbidden(fldPath, "cannot be set when IdentifyPodOS feature is not enabled"))
}
if len(os.Name) == 0 {
return append(allErrs, field.Required(fldPath.Child("name"), "cannot be empty"))
}
osName := string(os.Name)
if !validOS.Has(osName) {
allErrs = append(allErrs, field.NotSupported(fldPath, osName, validOS.List()))
}
return allErrs
}
func ValidatePodLogOptions(opts *core.PodLogOptions) field.ErrorList {
allErrs := field.ErrorList{}
if opts.TailLines != nil && *opts.TailLines < 0 {
@ -6160,7 +6436,7 @@ func ValidateLoadBalancerStatus(status *core.LoadBalancerStatus, fldPath *field.
for i, ingress := range status.Ingress {
idxPath := fldPath.Child("ingress").Index(i)
if len(ingress.IP) > 0 {
if isIP := (net.ParseIP(ingress.IP) != nil); !isIP {
if isIP := (netutils.ParseIPSloppy(ingress.IP) != nil); !isIP {
allErrs = append(allErrs, field.Invalid(idxPath.Child("ip"), ingress.IP, "must be a valid IP address"))
}
}
@ -6168,7 +6444,7 @@ func ValidateLoadBalancerStatus(status *core.LoadBalancerStatus, fldPath *field.
for _, msg := range validation.IsDNS1123Subdomain(ingress.Hostname) {
allErrs = append(allErrs, field.Invalid(idxPath.Child("hostname"), ingress.Hostname, msg))
}
if isIP := (net.ParseIP(ingress.Hostname) != nil); isIP {
if isIP := (netutils.ParseIPSloppy(ingress.Hostname) != nil); isIP {
allErrs = append(allErrs, field.Invalid(idxPath.Child("hostname"), ingress.Hostname, "must be a DNS name, not an IP address"))
}
}
@ -6198,7 +6474,7 @@ func validateVolumeNodeAffinity(nodeAffinity *core.VolumeNodeAffinity, fldPath *
// ValidateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
func ValidateCIDR(cidr string) (*net.IPNet, error) {
_, net, err := net.ParseCIDR(cidr)
_, net, err := netutils.ParseCIDRSloppy(cidr)
if err != nil {
return nil, err
}
@ -6289,8 +6565,10 @@ func ValidateSpreadConstraintNotRepeat(fldPath *field.Path, constraint core.Topo
return nil
}
// validateServiceClusterIPsRelatedFields validates .spec.ClusterIPs,, .spec.IPFamilies, .spec.ipFamilyPolicy
func validateServiceClusterIPsRelatedFields(service *core.Service) field.ErrorList {
// ValidateServiceClusterIPsRelatedFields validates .spec.ClusterIPs,,
// .spec.IPFamilies, .spec.ipFamilyPolicy. This is exported because it is used
// during IP init and allocation.
func ValidateServiceClusterIPsRelatedFields(service *core.Service) field.ErrorList {
// ClusterIP, ClusterIPs, IPFamilyPolicy and IPFamilies are validated prior (all must be unset) for ExternalName service
if service.Spec.Type == core.ServiceTypeExternalName {
return field.ErrorList{}
@ -6312,12 +6590,12 @@ func validateServiceClusterIPsRelatedFields(service *core.Service) field.ErrorLi
if len(service.Spec.ClusterIPs) == 0 {
allErrs = append(allErrs, field.Required(clusterIPsField, ""))
} else if service.Spec.ClusterIPs[0] != service.Spec.ClusterIP {
allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "element [0] must match clusterIP"))
allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "first value must match `clusterIP`"))
}
} else { // ClusterIP == ""
// If ClusterIP is not set, ClusterIPs must also be unset.
if len(service.Spec.ClusterIPs) != 0 {
allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "must be empty when clusterIP is empty"))
allErrs = append(allErrs, field.Invalid(clusterIPsField, service.Spec.ClusterIPs, "must be empty when `clusterIP` is not specified"))
}
}
@ -6454,7 +6732,7 @@ func validateUpgradeDowngradeClusterIPs(oldService, service *core.Service) field
// user *must* set IPFamilyPolicy == SingleStack
if len(service.Spec.ClusterIPs) == 1 {
if service.Spec.IPFamilyPolicy == nil || *(service.Spec.IPFamilyPolicy) != core.IPFamilyPolicySingleStack {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "clusterIPs").Index(0), service.Spec.ClusterIPs, "`ipFamilyPolicy` must be set to 'SingleStack' when releasing the secondary clusterIP"))
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, "must be set to 'SingleStack' when releasing the secondary clusterIP"))
}
}
case len(oldService.Spec.ClusterIPs) < len(service.Spec.ClusterIPs):
@ -6518,7 +6796,7 @@ func validateUpgradeDowngradeIPFamilies(oldService, service *core.Service) field
// user *must* set IPFamilyPolicy == SingleStack
if len(service.Spec.IPFamilies) == 1 {
if service.Spec.IPFamilyPolicy == nil || *(service.Spec.IPFamilyPolicy) != core.IPFamilyPolicySingleStack {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "clusterIPs").Index(0), service.Spec.ClusterIPs, "`ipFamilyPolicy` must be set to 'SingleStack' when releasing the secondary ipFamily"))
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "ipFamilyPolicy"), service.Spec.IPFamilyPolicy, "must be set to 'SingleStack' when releasing the secondary ipFamily"))
}
}
case len(oldService.Spec.IPFamilies) < len(service.Spec.IPFamilies):

159
vendor/k8s.io/kubernetes/pkg/apis/core/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*
@ -1668,6 +1669,27 @@ func (in *GCEPersistentDiskVolumeSource) DeepCopy() *GCEPersistentDiskVolumeSour
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GRPCAction) DeepCopyInto(out *GRPCAction) {
*out = *in
if in.Service != nil {
in, out := &in.Service, &out.Service
*out = new(string)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GRPCAction.
func (in *GRPCAction) DeepCopy() *GRPCAction {
if in == nil {
return nil
}
out := new(GRPCAction)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *GitRepoVolumeSource) DeepCopyInto(out *GitRepoVolumeSource) {
*out = *in
@ -1759,37 +1781,6 @@ func (in *HTTPHeader) DeepCopy() *HTTPHeader {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Handler) DeepCopyInto(out *Handler) {
*out = *in
if in.Exec != nil {
in, out := &in.Exec, &out.Exec
*out = new(ExecAction)
(*in).DeepCopyInto(*out)
}
if in.HTTPGet != nil {
in, out := &in.HTTPGet, &out.HTTPGet
*out = new(HTTPGetAction)
(*in).DeepCopyInto(*out)
}
if in.TCPSocket != nil {
in, out := &in.TCPSocket, &out.TCPSocket
*out = new(TCPSocketAction)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Handler.
func (in *Handler) DeepCopy() *Handler {
if in == nil {
return nil
}
out := new(Handler)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *HostAlias) DeepCopyInto(out *HostAlias) {
*out = *in
@ -1920,12 +1911,12 @@ func (in *Lifecycle) DeepCopyInto(out *Lifecycle) {
*out = *in
if in.PostStart != nil {
in, out := &in.PostStart, &out.PostStart
*out = new(Handler)
*out = new(LifecycleHandler)
(*in).DeepCopyInto(*out)
}
if in.PreStop != nil {
in, out := &in.PreStop, &out.PreStop
*out = new(Handler)
*out = new(LifecycleHandler)
(*in).DeepCopyInto(*out)
}
return
@ -1941,6 +1932,37 @@ func (in *Lifecycle) DeepCopy() *Lifecycle {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LifecycleHandler) DeepCopyInto(out *LifecycleHandler) {
*out = *in
if in.Exec != nil {
in, out := &in.Exec, &out.Exec
*out = new(ExecAction)
(*in).DeepCopyInto(*out)
}
if in.HTTPGet != nil {
in, out := &in.HTTPGet, &out.HTTPGet
*out = new(HTTPGetAction)
(*in).DeepCopyInto(*out)
}
if in.TCPSocket != nil {
in, out := &in.TCPSocket, &out.TCPSocket
*out = new(TCPSocketAction)
**out = **in
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LifecycleHandler.
func (in *LifecycleHandler) DeepCopy() *LifecycleHandler {
if in == nil {
return nil
}
out := new(LifecycleHandler)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *LimitRange) DeepCopyInto(out *LimitRange) {
*out = *in
@ -2976,6 +2998,18 @@ func (in *PersistentVolumeClaimStatus) DeepCopyInto(out *PersistentVolumeClaimSt
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.AllocatedResources != nil {
in, out := &in.AllocatedResources, &out.AllocatedResources
*out = make(ResourceList, len(*in))
for key, val := range *in {
(*out)[key] = val.DeepCopy()
}
}
if in.ResizeStatus != nil {
in, out := &in.ResizeStatus, &out.ResizeStatus
*out = new(PersistentVolumeClaimResizeStatus)
**out = **in
}
return
}
@ -3602,6 +3636,22 @@ func (in *PodLogOptions) DeepCopyObject() runtime.Object {
return nil
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodOS) DeepCopyInto(out *PodOS) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodOS.
func (in *PodOS) DeepCopy() *PodOS {
if in == nil {
return nil
}
out := new(PodOS)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PodPortForwardOptions) DeepCopyInto(out *PodPortForwardOptions) {
*out = *in
@ -3896,6 +3946,11 @@ func (in *PodSpec) DeepCopyInto(out *PodSpec) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
if in.OS != nil {
in, out := &in.OS, &out.OS
*out = new(PodOS)
**out = **in
}
return
}
@ -4163,7 +4218,7 @@ func (in *PreferredSchedulingTerm) DeepCopy() *PreferredSchedulingTerm {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Probe) DeepCopyInto(out *Probe) {
*out = *in
in.Handler.DeepCopyInto(&out.Handler)
in.ProbeHandler.DeepCopyInto(&out.ProbeHandler)
if in.TerminationGracePeriodSeconds != nil {
in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds
*out = new(int64)
@ -4182,6 +4237,42 @@ func (in *Probe) DeepCopy() *Probe {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProbeHandler) DeepCopyInto(out *ProbeHandler) {
*out = *in
if in.Exec != nil {
in, out := &in.Exec, &out.Exec
*out = new(ExecAction)
(*in).DeepCopyInto(*out)
}
if in.HTTPGet != nil {
in, out := &in.HTTPGet, &out.HTTPGet
*out = new(HTTPGetAction)
(*in).DeepCopyInto(*out)
}
if in.TCPSocket != nil {
in, out := &in.TCPSocket, &out.TCPSocket
*out = new(TCPSocketAction)
**out = **in
}
if in.GRPC != nil {
in, out := &in.GRPC, &out.GRPC
*out = new(GRPCAction)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProbeHandler.
func (in *ProbeHandler) DeepCopy() *ProbeHandler {
if in == nil {
return nil
}
out := new(ProbeHandler)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProjectedVolumeSource) DeepCopyInto(out *ProjectedVolumeSource) {
*out = *in

1
vendor/k8s.io/kubernetes/pkg/apis/extensions/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*

3
vendor/k8s.io/kubernetes/pkg/apis/networking/types.go generated vendored
View File

@ -339,15 +339,12 @@ type IngressClassParametersReference struct {
Name string
// Scope represents if this refers to a cluster or namespace scoped resource.
// This may be set to "Cluster" (default) or "Namespace".
// Field can be enabled with IngressClassNamespacedParams feature gate.
// +optional
// +featureGate=IngressClassNamespacedParams
Scope *string
// Namespace is the namespace of the resource being referenced. This field is
// required when scope is set to "Namespace" and must be unset when scope is set to
// "Cluster".
// +optional
// +featureGate=IngressClassNamespacedParams
Namespace *string
}

1
vendor/k8s.io/kubernetes/pkg/apis/networking/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*

1
vendor/k8s.io/kubernetes/pkg/apis/policy/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*

1
vendor/k8s.io/kubernetes/pkg/apis/scheduling/zz_generated.deepcopy.go generated vendored
View File

@ -1,3 +1,4 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
/*