mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 10:33:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

vendor update for CSI 0.3.0

Browse Source
This commit is contained in:
gman
2018-07-18 16:47:22 +02:00
parent 6f484f92fc
commit 8ea659f0d5
6810 changed files with 438061 additions and 193861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
vendor/k8s.io/kubernetes/api/BUILD generated vendored
View File

@ -1,18 +0,0 @@
package(default_visibility = ["//visibility:public"])
filegroup(
name = "package-srcs",
srcs = glob(["**"]),
tags = ["automanaged"],
visibility = ["//visibility:private"],
)
filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//api/openapi-spec:all-srcs",
"//api/swagger-spec:all-srcs",
],
tags = ["automanaged"],
)

1901
vendor/k8s.io/kubernetes/api/openapi-spec/swagger.json generated vendored
View File

File diff suppressed because it is too large Load Diff

3
vendor/k8s.io/kubernetes/api/swagger-spec/admissionregistration.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

4
vendor/k8s.io/kubernetes/api/swagger-spec/admissionregistration.k8s.io_v1beta1.json generated vendored
View File

@ -1751,7 +1751,7 @@
"items": {
"$ref": "v1beta1.RuleWithOperations"
},
"description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule."
"description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects."
},
"failurePolicy": {
"$ref": "v1beta1.FailurePolicyType",
@ -1777,7 +1777,7 @@
},
"service": {
"$ref": "v1beta1.ServiceReference",
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nIf there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error."
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error."
},
"caBundle": {
"type": "string",

3
vendor/k8s.io/kubernetes/api/swagger-spec/apis.json generated vendored
View File

@ -62,8 +62,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

3
vendor/k8s.io/kubernetes/api/swagger-spec/apps.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

109
vendor/k8s.io/kubernetes/api/swagger-spec/apps_v1.json generated vendored
View File

@ -6743,6 +6743,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -6775,7 +6782,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -6956,7 +6963,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -7246,6 +7253,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -7612,6 +7623,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -7670,6 +7685,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -8084,7 +8121,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -8286,6 +8323,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -8359,6 +8401,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -8374,6 +8421,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -8430,17 +8502,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -8655,6 +8731,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1.DaemonSetUpdateStrategy": {
"id": "v1.DaemonSetUpdateStrategy",
"description": "DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.",
@ -8893,11 +8982,11 @@
"properties": {
"maxUnavailable": {
"type": "string",
"description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
"description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
},
"maxSurge": {
"type": "string",
"description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods."
"description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods."
}
}
},

109
vendor/k8s.io/kubernetes/api/swagger-spec/apps_v1beta1.json generated vendored
View File

@ -4377,6 +4377,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -4409,7 +4416,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -4590,7 +4597,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -4880,6 +4887,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -5246,6 +5257,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -5304,6 +5319,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -5718,7 +5755,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -5920,6 +5957,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -5993,6 +6035,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -6008,6 +6055,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -6064,17 +6136,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -6289,6 +6365,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1beta1.DeploymentStrategy": {
"id": "v1beta1.DeploymentStrategy",
"description": "DeploymentStrategy describes how to replace existing pods with new ones.",
@ -6309,11 +6398,11 @@
"properties": {
"maxUnavailable": {
"type": "string",
"description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
"description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
},
"maxSurge": {
"type": "string",
"description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods."
"description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods."
}
}
},

109
vendor/k8s.io/kubernetes/api/swagger-spec/apps_v1beta2.json generated vendored
View File

@ -6743,6 +6743,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -6775,7 +6782,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -6956,7 +6963,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -7246,6 +7253,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -7612,6 +7623,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -7670,6 +7685,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -8084,7 +8121,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -8286,6 +8323,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -8359,6 +8401,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -8374,6 +8421,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -8430,17 +8502,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -8655,6 +8731,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1beta2.DaemonSetUpdateStrategy": {
"id": "v1beta2.DaemonSetUpdateStrategy",
"description": "DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.",
@ -8893,11 +8982,11 @@
"properties": {
"maxUnavailable": {
"type": "string",
"description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
"description": "The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods."
},
"maxSurge": {
"type": "string",
"description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods."
"description": "The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of desired pods."
}
}
},

3
vendor/k8s.io/kubernetes/api/swagger-spec/authentication.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

3
vendor/k8s.io/kubernetes/api/swagger-spec/authorization.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

3
vendor/k8s.io/kubernetes/api/swagger-spec/autoscaling.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

3
vendor/k8s.io/kubernetes/api/swagger-spec/batch.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

105
vendor/k8s.io/kubernetes/api/swagger-spec/batch_v1.json generated vendored
View File

@ -1717,6 +1717,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -1749,7 +1756,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -1930,7 +1937,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -2220,6 +2227,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -2586,6 +2597,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -2644,6 +2659,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -3058,7 +3095,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -3260,6 +3297,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -3333,6 +3375,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -3348,6 +3395,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -3404,17 +3476,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -3629,6 +3705,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1.JobStatus": {
"id": "v1.JobStatus",
"description": "JobStatus represents the current state of a Job.",

105
vendor/k8s.io/kubernetes/api/swagger-spec/batch_v1beta1.json generated vendored
View File

@ -1772,6 +1772,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -1804,7 +1811,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -1985,7 +1992,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -2275,6 +2282,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -2641,6 +2652,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -2699,6 +2714,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -3113,7 +3150,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -3315,6 +3352,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -3388,6 +3430,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -3403,6 +3450,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -3459,17 +3531,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -3684,6 +3760,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1beta1.CronJobStatus": {
"id": "v1beta1.CronJobStatus",
"description": "CronJobStatus represents the current state of a cron job.",

105
vendor/k8s.io/kubernetes/api/swagger-spec/batch_v2alpha1.json generated vendored
View File

@ -1772,6 +1772,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -1804,7 +1811,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -1985,7 +1992,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -2275,6 +2282,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -2641,6 +2652,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -2699,6 +2714,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -3113,7 +3150,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -3315,6 +3352,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -3388,6 +3430,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -3403,6 +3450,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -3459,17 +3531,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -3684,6 +3760,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v2alpha1.CronJobStatus": {
"id": "v2alpha1.CronJobStatus",
"description": "CronJobStatus represents the current state of a cron job.",

3
vendor/k8s.io/kubernetes/api/swagger-spec/certificates.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

88
vendor/k8s.io/kubernetes/api/swagger-spec/certificates.k8s.io_v1beta1.json generated vendored
View File

@ -764,6 +764,45 @@
"path": "/apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}/status",
"description": "API at /apis/certificates.k8s.io/v1beta1",
"operations": [
{
"type": "v1beta1.CertificateSigningRequest",
"method": "GET",
"summary": "read status of the specified CertificateSigningRequest",
"nickname": "readCertificateSigningRequestStatus",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the CertificateSigningRequest",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.CertificateSigningRequest"
}
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"consumes": [
"*/*"
]
},
{
"type": "v1beta1.CertificateSigningRequest",
"method": "PUT",
@ -815,6 +854,55 @@
"consumes": [
"*/*"
]
},
{
"type": "v1beta1.CertificateSigningRequest",
"method": "PATCH",
"summary": "partially update status of the specified CertificateSigningRequest",
"nickname": "patchCertificateSigningRequestStatus",
"parameters": [
{
"type": "string",
"paramType": "query",
"name": "pretty",
"description": "If 'true', then the output is pretty printed.",
"required": false,
"allowMultiple": false
},
{
"type": "v1.Patch",
"paramType": "body",
"name": "body",
"description": "",
"required": true,
"allowMultiple": false
},
{
"type": "string",
"paramType": "path",
"name": "name",
"description": "name of the CertificateSigningRequest",
"required": true,
"allowMultiple": false
}
],
"responseMessages": [
{
"code": 200,
"message": "OK",
"responseModel": "v1beta1.CertificateSigningRequest"
}
],
"produces": [
"application/json",
"application/yaml",
"application/vnd.kubernetes.protobuf"
],
"consumes": [
"application/json-patch+json",
"application/merge-patch+json",
"application/strategic-merge-patch+json"
]
}
]
},

3
vendor/k8s.io/kubernetes/api/swagger-spec/events.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

3
vendor/k8s.io/kubernetes/api/swagger-spec/extensions.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

197
vendor/k8s.io/kubernetes/api/swagger-spec/extensions_v1beta1.json generated vendored
View File

@ -7385,6 +7385,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -7417,7 +7424,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -7598,7 +7605,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -7888,6 +7895,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -8254,6 +8265,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -8312,6 +8327,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -8726,7 +8763,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -8928,6 +8965,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -9001,6 +9043,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -9016,6 +9063,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -9072,17 +9144,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -9297,6 +9373,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1beta1.DaemonSetUpdateStrategy": {
"id": "v1beta1.DaemonSetUpdateStrategy",
"properties": {
@ -10120,15 +10209,15 @@
"properties": {
"podSelector": {
"$ref": "v1.LabelSelector",
"description": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace."
"description": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.\n\nIf NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace."
},
"namespaceSelector": {
"$ref": "v1.LabelSelector",
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
"description": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.\n\nIf PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector."
},
"ipBlock": {
"$ref": "v1beta1.IPBlock",
"description": "IPBlock defines policy on a particular IPBlock"
"description": "IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be."
}
}
},
@ -10178,7 +10267,7 @@
},
"v1beta1.PodSecurityPolicyList": {
"id": "v1beta1.PodSecurityPolicyList",
"description": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
"description": "PodSecurityPolicyList is a list of PodSecurityPolicy objects. Deprecated: use PodSecurityPolicyList from policy API Group instead.",
"required": [
"items"
],
@ -10200,13 +10289,13 @@
"items": {
"$ref": "v1beta1.PodSecurityPolicy"
},
"description": "Items is a list of schema objects."
"description": "items is a list of schema objects."
}
}
},
"v1beta1.PodSecurityPolicy": {
"id": "v1beta1.PodSecurityPolicy",
"description": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated: use PodSecurityPolicy from policy API Group instead.",
"properties": {
"kind": {
"type": "string",
@ -10228,7 +10317,7 @@
},
"v1beta1.PodSecurityPolicySpec": {
"id": "v1beta1.PodSecurityPolicySpec",
"description": "Pod Security Policy Spec defines the policy enforced.",
"description": "PodSecurityPolicySpec defines the policy enforced. Deprecated: use PodSecurityPolicySpec from policy API Group instead.",
"required": [
"seLinux",
"runAsUser",
@ -10245,28 +10334,28 @@
"items": {
"$ref": "v1.Capability"
},
"description": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list."
"description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list."
},
"requiredDropCapabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added."
"description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added."
},
"allowedCapabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities."
"description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities."
},
"volumes": {
"type": "array",
"items": {
"$ref": "v1beta1.FSType"
},
"description": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used."
"description": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'."
},
"hostNetwork": {
"type": "boolean",
@ -10297,37 +10386,51 @@
},
"supplementalGroups": {
"$ref": "v1beta1.SupplementalGroupsStrategyOptions",
"description": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
"description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
},
"fsGroup": {
"$ref": "v1beta1.FSGroupStrategyOptions",
"description": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext."
"description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext."
},
"readOnlyRootFilesystem": {
"type": "boolean",
"description": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
"description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
},
"defaultAllowPrivilegeEscalation": {
"type": "boolean",
"description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
"description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
},
"allowPrivilegeEscalation": {
"type": "boolean",
"description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
"description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
},
"allowedHostPaths": {
"type": "array",
"items": {
"$ref": "v1beta1.AllowedHostPath"
},
"description": "is a white list of allowed host paths. Empty indicates that all host paths may be used."
"description": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used."
},
"allowedFlexVolumes": {
"type": "array",
"items": {
"$ref": "v1beta1.AllowedFlexVolume"
},
"description": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field."
"description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field."
},
"allowedUnsafeSysctls": {
"type": "array",
"items": {
"type": "string"
},
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc."
},
"forbiddenSysctls": {
"type": "array",
"items": {
"type": "string"
},
"description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc."
}
}
},
@ -10337,7 +10440,7 @@
},
"v1beta1.HostPortRange": {
"id": "v1beta1.HostPortRange",
"description": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"description": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined. Deprecated: use HostPortRange from policy API Group instead.",
"required": [
"min",
"max"
@ -10357,14 +10460,14 @@
},
"v1beta1.SELinuxStrategyOptions": {
"id": "v1beta1.SELinuxStrategyOptions",
"description": "SELinux Strategy Options defines the strategy type and any options used to create the strategy.",
"description": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use SELinuxStrategyOptions from policy API Group instead.",
"required": [
"rule"
],
"properties": {
"rule": {
"type": "string",
"description": "type is the strategy that will dictate the allowable labels that may be set."
"description": "rule is the strategy that will dictate the allowable labels that may be set."
},
"seLinuxOptions": {
"$ref": "v1.SELinuxOptions",
@ -10374,27 +10477,27 @@
},
"v1beta1.RunAsUserStrategyOptions": {
"id": "v1beta1.RunAsUserStrategyOptions",
"description": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
"description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"required": [
"rule"
],
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate the allowable RunAsUser values that may be set."
"description": "rule is the strategy that will dictate the allowable RunAsUser values that may be set."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of uids that may be used."
"description": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.IDRange": {
"id": "v1beta1.IDRange",
"description": "ID Range provides a min/max of an allowed range of IDs.",
"description": "IDRange provides a min/max of an allowed range of IDs. Deprecated: use IDRange from policy API Group instead.",
"required": [
"min",
"max"
@ -10403,69 +10506,73 @@
"min": {
"type": "integer",
"format": "int64",
"description": "Min is the start of the range, inclusive."
"description": "min is the start of the range, inclusive."
},
"max": {
"type": "integer",
"format": "int64",
"description": "Max is the end of the range, inclusive."
"description": "max is the end of the range, inclusive."
}
}
},
"v1beta1.SupplementalGroupsStrategyOptions": {
"id": "v1beta1.SupplementalGroupsStrategyOptions",
"description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
"description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.",
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext."
"description": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end."
"description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.FSGroupStrategyOptions": {
"id": "v1beta1.FSGroupStrategyOptions",
"description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.",
"description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use FSGroupStrategyOptions from policy API Group instead.",
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext."
"description": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end."
"description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.AllowedHostPath": {
"id": "v1beta1.AllowedHostPath",
"description": "defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"description": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined. Deprecated: use AllowedHostPath from policy API Group instead.",
"properties": {
"pathPrefix": {
"type": "string",
"description": "is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`"
"description": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`"
},
"readOnly": {
"type": "boolean",
"description": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly."
}
}
},
"v1beta1.AllowedFlexVolume": {
"id": "v1beta1.AllowedFlexVolume",
"description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.",
"description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used. Deprecated: use AllowedFlexVolume from policy API Group instead.",
"required": [
"driver"
],
"properties": {
"driver": {
"type": "string",
"description": "Driver is the name of the Flexvolume driver."
"description": "driver is the name of the Flexvolume driver."
}
}
},

3
vendor/k8s.io/kubernetes/api/swagger-spec/networking.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

8
vendor/k8s.io/kubernetes/api/swagger-spec/networking.k8s.io_v1.json generated vendored
View File

@ -1427,19 +1427,19 @@
},
"v1.NetworkPolicyPeer": {
"id": "v1.NetworkPolicyPeer",
"description": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
"description": "NetworkPolicyPeer describes a peer to allow traffic from. Only certain combinations of fields are allowed",
"properties": {
"podSelector": {
"$ref": "v1.LabelSelector",
"description": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace."
"description": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.\n\nIf NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace."
},
"namespaceSelector": {
"$ref": "v1.LabelSelector",
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
"description": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.\n\nIf PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector."
},
"ipBlock": {
"$ref": "v1.IPBlock",
"description": "IPBlock defines policy on a particular IPBlock"
"description": "IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be."
}
}
},

3
vendor/k8s.io/kubernetes/api/swagger-spec/policy.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

80
vendor/k8s.io/kubernetes/api/swagger-spec/policy_v1beta1.json generated vendored
View File

@ -2349,7 +2349,7 @@
},
"v1beta1.PodSecurityPolicyList": {
"id": "v1beta1.PodSecurityPolicyList",
"description": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
"description": "PodSecurityPolicyList is a list of PodSecurityPolicy objects.",
"required": [
"items"
],
@ -2371,13 +2371,13 @@
"items": {
"$ref": "v1beta1.PodSecurityPolicy"
},
"description": "Items is a list of schema objects."
"description": "items is a list of schema objects."
}
}
},
"v1beta1.PodSecurityPolicy": {
"id": "v1beta1.PodSecurityPolicy",
"description": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"properties": {
"kind": {
"type": "string",
@ -2399,7 +2399,7 @@
},
"v1beta1.PodSecurityPolicySpec": {
"id": "v1beta1.PodSecurityPolicySpec",
"description": "Pod Security Policy Spec defines the policy enforced.",
"description": "PodSecurityPolicySpec defines the policy enforced.",
"required": [
"seLinux",
"runAsUser",
@ -2416,28 +2416,28 @@
"items": {
"$ref": "v1.Capability"
},
"description": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list."
"description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list."
},
"requiredDropCapabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added."
"description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added."
},
"allowedCapabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities."
"description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities."
},
"volumes": {
"type": "array",
"items": {
"$ref": "v1beta1.FSType"
},
"description": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used."
"description": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'."
},
"hostNetwork": {
"type": "boolean",
@ -2468,37 +2468,51 @@
},
"supplementalGroups": {
"$ref": "v1beta1.SupplementalGroupsStrategyOptions",
"description": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
"description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
},
"fsGroup": {
"$ref": "v1beta1.FSGroupStrategyOptions",
"description": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext."
"description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext."
},
"readOnlyRootFilesystem": {
"type": "boolean",
"description": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
"description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
},
"defaultAllowPrivilegeEscalation": {
"type": "boolean",
"description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
"description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
},
"allowPrivilegeEscalation": {
"type": "boolean",
"description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
"description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
},
"allowedHostPaths": {
"type": "array",
"items": {
"$ref": "v1beta1.AllowedHostPath"
},
"description": "is a white list of allowed host paths. Empty indicates that all host paths may be used."
"description": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used."
},
"allowedFlexVolumes": {
"type": "array",
"items": {
"$ref": "v1beta1.AllowedFlexVolume"
},
"description": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field."
"description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field."
},
"allowedUnsafeSysctls": {
"type": "array",
"items": {
"type": "string"
},
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc."
},
"forbiddenSysctls": {
"type": "array",
"items": {
"type": "string"
},
"description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc."
}
}
},
@ -2512,7 +2526,7 @@
},
"v1beta1.HostPortRange": {
"id": "v1beta1.HostPortRange",
"description": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"description": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"required": [
"min",
"max"
@ -2532,14 +2546,14 @@
},
"v1beta1.SELinuxStrategyOptions": {
"id": "v1beta1.SELinuxStrategyOptions",
"description": "SELinux Strategy Options defines the strategy type and any options used to create the strategy.",
"description": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.",
"required": [
"rule"
],
"properties": {
"rule": {
"type": "string",
"description": "type is the strategy that will dictate the allowable labels that may be set."
"description": "rule is the strategy that will dictate the allowable labels that may be set."
},
"seLinuxOptions": {
"$ref": "v1.SELinuxOptions",
@ -2571,27 +2585,27 @@
},
"v1beta1.RunAsUserStrategyOptions": {
"id": "v1beta1.RunAsUserStrategyOptions",
"description": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
"description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.",
"required": [
"rule"
],
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate the allowable RunAsUser values that may be set."
"description": "rule is the strategy that will dictate the allowable RunAsUser values that may be set."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of uids that may be used."
"description": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.IDRange": {
"id": "v1beta1.IDRange",
"description": "ID Range provides a min/max of an allowed range of IDs.",
"description": "IDRange provides a min/max of an allowed range of IDs.",
"required": [
"min",
"max"
@ -2600,12 +2614,12 @@
"min": {
"type": "integer",
"format": "int64",
"description": "Min is the start of the range, inclusive."
"description": "min is the start of the range, inclusive."
},
"max": {
"type": "integer",
"format": "int64",
"description": "Max is the end of the range, inclusive."
"description": "max is the end of the range, inclusive."
}
}
},
@ -2615,14 +2629,14 @@
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext."
"description": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end."
"description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
@ -2632,24 +2646,28 @@
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext."
"description": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end."
"description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.AllowedHostPath": {
"id": "v1beta1.AllowedHostPath",
"description": "defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"description": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"properties": {
"pathPrefix": {
"type": "string",
"description": "is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`"
"description": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`"
},
"readOnly": {
"type": "boolean",
"description": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly."
}
}
},
@ -2662,7 +2680,7 @@
"properties": {
"driver": {
"type": "string",
"description": "Driver is the name of the Flexvolume driver."
"description": "driver is the name of the Flexvolume driver."
}
}
},

3
vendor/k8s.io/kubernetes/api/swagger-spec/rbac.authorization.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

2
vendor/k8s.io/kubernetes/api/swagger-spec/rbac.authorization.k8s.io_v1.json generated vendored
View File

@ -3351,7 +3351,6 @@
"id": "v1.ClusterRoleBinding",
"description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
"required": [
"subjects",
"roleRef"
],
"properties": {
@ -3927,7 +3926,6 @@
"id": "v1.RoleBinding",
"description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.",
"required": [
"subjects",
"roleRef"
],
"properties": {

2
vendor/k8s.io/kubernetes/api/swagger-spec/rbac.authorization.k8s.io_v1alpha1.json generated vendored
View File

@ -3351,7 +3351,6 @@
"id": "v1alpha1.ClusterRoleBinding",
"description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
"required": [
"subjects",
"roleRef"
],
"properties": {
@ -3927,7 +3926,6 @@
"id": "v1alpha1.RoleBinding",
"description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.",
"required": [
"subjects",
"roleRef"
],
"properties": {

2
vendor/k8s.io/kubernetes/api/swagger-spec/rbac.authorization.k8s.io_v1beta1.json generated vendored
View File

@ -3351,7 +3351,6 @@
"id": "v1beta1.ClusterRoleBinding",
"description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.",
"required": [
"subjects",
"roleRef"
],
"properties": {
@ -3927,7 +3926,6 @@
"id": "v1beta1.RoleBinding",
"description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.",
"required": [
"subjects",
"roleRef"
],
"properties": {

4
vendor/k8s.io/kubernetes/api/swagger-spec/resourceListing.json generated vendored
View File

@ -121,6 +121,10 @@
"path": "/apis/rbac.authorization.k8s.io",
"description": "get information of a group"
},
{
"path": "/apis/scheduling.k8s.io/v1beta1",
"description": "API at /apis/scheduling.k8s.io/v1beta1"
},
{
"path": "/apis/scheduling.k8s.io/v1alpha1",
"description": "API at /apis/scheduling.k8s.io/v1alpha1"

3
vendor/k8s.io/kubernetes/api/swagger-spec/scheduling.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

1205
vendor/k8s.io/kubernetes/api/swagger-spec/scheduling.k8s.io_v1beta1.json generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

3
vendor/k8s.io/kubernetes/api/swagger-spec/settings.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

36
vendor/k8s.io/kubernetes/api/swagger-spec/settings.k8s.io_v1alpha1.json generated vendored
View File

@ -1587,7 +1587,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -1768,7 +1768,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -2058,6 +2058,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -2386,6 +2390,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -2444,6 +2452,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -2568,7 +2598,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},

3
vendor/k8s.io/kubernetes/api/swagger-spec/storage.k8s.io.json generated vendored
View File

@ -38,8 +38,7 @@
"description": "APIGroup contains the name, the supported versions, and the preferred version of a group.",
"required": [
"name",
"versions",
"serverAddressByClientCIDRs"
"versions"
],
"properties": {
"kind": {

41
vendor/k8s.io/kubernetes/api/swagger-spec/storage.k8s.io_v1.json generated vendored
View File

@ -818,6 +818,13 @@
"volumeBindingMode": {
"$ref": "v1.VolumeBindingMode",
"description": "VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is alpha-level and is only honored by servers that enable the VolumeScheduling feature."
},
"allowedTopologies": {
"type": "array",
"items": {
"$ref": "v1.TopologySelectorTerm"
},
"description": "Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is alpha-level and is only honored by servers that enable the DynamicProvisioningScheduling feature."
}
}
},
@ -1067,6 +1074,40 @@
"id": "v1.VolumeBindingMode",
"properties": {}
},
"v1.TopologySelectorTerm": {
"id": "v1.TopologySelectorTerm",
"description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.",
"properties": {
"matchLabelExpressions": {
"type": "array",
"items": {
"$ref": "v1.TopologySelectorLabelRequirement"
},
"description": "A list of topology selector requirements by labels."
}
}
},
"v1.TopologySelectorLabelRequirement": {
"id": "v1.TopologySelectorLabelRequirement",
"description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.",
"required": [
"key",
"values"
],
"properties": {
"key": {
"type": "string",
"description": "The label key that the selector applies to."
},
"values": {
"type": "array",
"items": {
"type": "string"
},
"description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed."
}
}
},
"v1.WatchEvent": {
"id": "v1.WatchEvent",
"required": [

41
vendor/k8s.io/kubernetes/api/swagger-spec/storage.k8s.io_v1beta1.json generated vendored
View File

@ -1512,6 +1512,13 @@
"volumeBindingMode": {
"$ref": "v1beta1.VolumeBindingMode",
"description": "VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is alpha-level and is only honored by servers that enable the VolumeScheduling feature."
},
"allowedTopologies": {
"type": "array",
"items": {
"$ref": "v1.TopologySelectorTerm"
},
"description": "Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is alpha-level and is only honored by servers that enable the DynamicProvisioningScheduling feature."
}
}
},
@ -1761,6 +1768,40 @@
"id": "v1beta1.VolumeBindingMode",
"properties": {}
},
"v1.TopologySelectorTerm": {
"id": "v1.TopologySelectorTerm",
"description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.",
"properties": {
"matchLabelExpressions": {
"type": "array",
"items": {
"$ref": "v1.TopologySelectorLabelRequirement"
},
"description": "A list of topology selector requirements by labels."
}
}
},
"v1.TopologySelectorLabelRequirement": {
"id": "v1.TopologySelectorLabelRequirement",
"description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.",
"required": [
"key",
"values"
],
"properties": {
"key": {
"type": "string",
"description": "The label key that the selector applies to."
},
"values": {
"type": "array",
"items": {
"type": "string"
},
"description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed."
}
}
},
"v1.WatchEvent": {
"id": "v1.WatchEvent",
"required": [

264
vendor/k8s.io/kubernetes/api/swagger-spec/v1.json generated vendored
View File

@ -18663,10 +18663,6 @@
"type": "string",
"description": "PodCIDR represents the pod IP range assigned to the node."
},
"externalID": {
"type": "string",
"description": "External ID of the node assigned by some machine database (e.g. a cloud provider). Deprecated."
},
"providerID": {
"type": "string",
"description": "ID of the node assigned by the cloud provider in the format: \u003cProviderName\u003e://\u003cProviderSpecificNodeID\u003e"
@ -18685,6 +18681,10 @@
"configSource": {
"$ref": "v1.NodeConfigSource",
"description": "If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field"
},
"externalID": {
"type": "string",
"description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966"
}
}
},
@ -18718,16 +18718,40 @@
"id": "v1.NodeConfigSource",
"description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil.",
"properties": {
"kind": {
"configMap": {
"$ref": "v1.ConfigMapNodeConfigSource",
"description": "ConfigMap is a reference to a Node's ConfigMap"
}
}
},
"v1.ConfigMapNodeConfigSource": {
"id": "v1.ConfigMapNodeConfigSource",
"description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node.",
"required": [
"namespace",
"name",
"kubeletConfigKey"
],
"properties": {
"namespace": {
"type": "string",
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds"
"description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases."
},
"apiVersion": {
"name": {
"type": "string",
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources"
"description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases."
},
"configMapRef": {
"$ref": "v1.ObjectReference"
"uid": {
"type": "string",
"description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status."
},
"resourceVersion": {
"type": "string",
"description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status."
},
"kubeletConfigKey": {
"type": "string",
"description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases."
}
}
},
@ -18789,6 +18813,10 @@
"$ref": "v1.AttachedVolume"
},
"description": "List of volumes that are attached to the node."
},
"config": {
"$ref": "v1.NodeConfigStatus",
"description": "Status of the config assigned to the node via the dynamic Kubelet config feature."
}
}
},
@ -18969,6 +18997,28 @@
}
}
},
"v1.NodeConfigStatus": {
"id": "v1.NodeConfigStatus",
"description": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.",
"properties": {
"assigned": {
"$ref": "v1.NodeConfigSource",
"description": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned."
},
"active": {
"$ref": "v1.NodeConfigSource",
"description": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error."
},
"lastKnownGood": {
"$ref": "v1.NodeConfigSource",
"description": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future."
},
"error": {
"type": "string",
"description": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions."
}
}
},
"v1.PersistentVolumeClaimList": {
"id": "v1.PersistentVolumeClaimList",
"description": "PersistentVolumeClaimList is a list of PersistentVolumeClaim items.",
@ -19271,7 +19321,7 @@
"description": "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin."
},
"cinder": {
"$ref": "v1.CinderVolumeSource",
"$ref": "v1.CinderPersistentVolumeSource",
"description": "Cinder represents a cinder volume attached and mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"cephfs": {
@ -19601,8 +19651,8 @@
}
}
},
"v1.CinderVolumeSource": {
"id": "v1.CinderVolumeSource",
"v1.CinderPersistentVolumeSource": {
"id": "v1.CinderPersistentVolumeSource",
"description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.",
"required": [
"volumeID"
@ -19619,6 +19669,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.SecretReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -19949,14 +20003,14 @@
},
"v1.LocalVolumeSource": {
"id": "v1.LocalVolumeSource",
"description": "Local represents directly-attached storage with node affinity",
"description": "Local represents directly-attached storage with node affinity (Beta feature)",
"required": [
"path"
],
"properties": {
"path": {
"type": "string",
"description": "The full path to the volume on the node For alpha, this path must be a directory Once block as a source is supported, then this path can point to a block device"
"description": "The full path to the volume on the node. It can be either a directory or block device (disk, partition, ...). Directories can be represented only by PersistentVolume with VolumeMode=Filesystem. Block devices can be represented only by VolumeMode=Block, which also requires the BlockVolume alpha feature gate to be enabled."
}
}
},
@ -20008,7 +20062,7 @@
},
"fsType": {
"type": "string",
"description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified."
"description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\"."
},
"volumeAttributes": {
"type": "object",
@ -20056,17 +20110,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -20302,6 +20360,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -20334,7 +20399,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -20442,7 +20507,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -20670,6 +20735,31 @@
}
}
},
"v1.CinderVolumeSource": {
"id": "v1.CinderVolumeSource",
"description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.",
"required": [
"volumeID"
],
"properties": {
"volumeID": {
"type": "string",
"description": "volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"fsType": {
"type": "string",
"description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
"v1.CephFSVolumeSource": {
"id": "v1.CephFSVolumeSource",
"description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.",
@ -20872,6 +20962,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -20930,6 +21024,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.ScaleIOVolumeSource": {
"id": "v1.ScaleIOVolumeSource",
"description": "ScaleIOVolumeSource represents a persistent ScaleIO volume",
@ -21309,7 +21425,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -21511,6 +21627,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -21584,6 +21705,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -21599,6 +21725,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -21823,13 +21974,26 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1.PodStatus": {
"id": "v1.PodStatus",
"description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system.",
"description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.",
"properties": {
"phase": {
"type": "string",
"description": "Current condition of the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase"
"description": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase"
},
"conditions": {
"type": "array",
@ -21892,7 +22056,7 @@
"properties": {
"type": {
"type": "string",
"description": "Type is the type of the condition. Currently only Ready. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions"
"description": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions"
},
"status": {
"type": "string",
@ -22393,7 +22557,7 @@
"properties": {
"hard": {
"type": "object",
"description": "Hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/"
"description": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/"
},
"scopes": {
"type": "array",
@ -22401,6 +22565,10 @@
"$ref": "v1.ResourceQuotaScope"
},
"description": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects."
},
"scopeSelector": {
"$ref": "v1.ScopeSelector",
"description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched."
}
}
},
@ -22408,6 +22576,44 @@
"id": "v1.ResourceQuotaScope",
"properties": {}
},
"v1.ScopeSelector": {
"id": "v1.ScopeSelector",
"description": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.ScopedResourceSelectorRequirement"
},
"description": "A list of scope selector requirements by scope of the resources."
}
}
},
"v1.ScopedResourceSelectorRequirement": {
"id": "v1.ScopedResourceSelectorRequirement",
"description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.",
"required": [
"scopeName",
"operator"
],
"properties": {
"scopeName": {
"type": "string",
"description": "The name of the scope that the selector applies to."
},
"operator": {
"type": "string",
"description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist."
},
"values": {
"type": "array",
"items": {
"type": "string"
},
"description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch."
}
}
},
"v1.ResourceQuotaStatus": {
"id": "v1.ResourceQuotaStatus",
"description": "ResourceQuotaStatus defines the enforced hard limits and observed use.",
@ -22658,7 +22864,7 @@
},
"publishNotReadyAddresses": {
"type": "boolean",
"description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery. This field will replace the service.alpha.kubernetes.io/tolerate-unready-endpoints when that annotation is deprecated and all clients have been converted to use this field."
"description": "publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet's Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery."
},
"sessionAffinityConfig": {
"$ref": "v1.SessionAffinityConfig",