mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 18:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

vendor update for CSI 0.3.0

Browse Source
This commit is contained in:
gman
2018-07-18 16:47:22 +02:00
parent 6f484f92fc
commit 8ea659f0d5
6810 changed files with 438061 additions and 193861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
vendor/k8s.io/kubernetes/api/swagger-spec/extensions_v1beta1.json generated vendored
View File

@ -7385,6 +7385,13 @@
"dnsConfig": {
"$ref": "v1.PodDNSConfig",
"description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy."
},
"readinessGates": {
"type": "array",
"items": {
"$ref": "v1.PodReadinessGate"
},
"description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md"
}
}
},
@ -7417,7 +7424,7 @@
},
"gitRepo": {
"$ref": "v1.GitRepoVolumeSource",
"description": "GitRepo represents a git repository at a particular revision."
"description": "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container."
},
"secret": {
"$ref": "v1.SecretVolumeSource",
@ -7598,7 +7605,7 @@
},
"v1.GitRepoVolumeSource": {
"id": "v1.GitRepoVolumeSource",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.",
"description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.",
"required": [
"repository"
],
@ -7888,6 +7895,10 @@
"readOnly": {
"type": "boolean",
"description": "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md"
},
"secretRef": {
"$ref": "v1.LocalObjectReference",
"description": "Optional: points to a secret object containing parameters used to connect to OpenStack."
}
}
},
@ -8254,6 +8265,10 @@
"configMap": {
"$ref": "v1.ConfigMapProjection",
"description": "information about the configMap data to project"
},
"serviceAccountToken": {
"$ref": "v1.ServiceAccountTokenProjection",
"description": "information about the serviceAccountToken data to project"
}
}
},
@ -8312,6 +8327,28 @@
}
}
},
"v1.ServiceAccountTokenProjection": {
"id": "v1.ServiceAccountTokenProjection",
"description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).",
"required": [
"path"
],
"properties": {
"audience": {
"type": "string",
"description": "Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver."
},
"expirationSeconds": {
"type": "integer",
"format": "int64",
"description": "ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes."
},
"path": {
"type": "string",
"description": "Path is the path relative to the mount point of the file to project the token into."
}
}
},
"v1.PortworxVolumeSource": {
"id": "v1.PortworxVolumeSource",
"description": "PortworxVolumeSource represents a Portworx volume resource.",
@ -8726,7 +8763,7 @@
},
"mountPropagation": {
"$ref": "v1.MountPropagationMode",
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationHostToContainer is used. This field is alpha in 1.8 and can be reworked or removed in a future release."
"description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10."
}
}
},
@ -8928,6 +8965,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -9001,6 +9043,11 @@
"format": "int64",
"description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsGroup": {
"type": "integer",
"format": "int64",
"description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container."
},
"runAsNonRoot": {
"type": "boolean",
"description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."
@ -9016,6 +9063,31 @@
"type": "integer",
"format": "int64",
"description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw "
},
"sysctls": {
"type": "array",
"items": {
"$ref": "v1.Sysctl"
},
"description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch."
}
}
},
"v1.Sysctl": {
"id": "v1.Sysctl",
"description": "Sysctl defines a kernel parameter to be set",
"required": [
"name",
"value"
],
"properties": {
"name": {
"type": "string",
"description": "Name of a property to set"
},
"value": {
"type": "string",
"description": "Value of a property to set"
}
}
},
@ -9072,17 +9144,21 @@
},
"v1.NodeSelectorTerm": {
"id": "v1.NodeSelectorTerm",
"description": "A null or empty node selector term matches no objects.",
"required": [
"matchExpressions"
],
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"properties": {
"matchExpressions": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "Required. A list of node selector requirements. The requirements are ANDed."
"description": "A list of node selector requirements by node's labels."
},
"matchFields": {
"type": "array",
"items": {
"$ref": "v1.NodeSelectorRequirement"
},
"description": "A list of node selector requirements by node's fields."
}
}
},
@ -9297,6 +9373,19 @@
}
}
},
"v1.PodReadinessGate": {
"id": "v1.PodReadinessGate",
"description": "PodReadinessGate contains the reference to a pod condition",
"required": [
"conditionType"
],
"properties": {
"conditionType": {
"type": "string",
"description": "ConditionType refers to a condition in the pod's condition list with matching type."
}
}
},
"v1beta1.DaemonSetUpdateStrategy": {
"id": "v1beta1.DaemonSetUpdateStrategy",
"properties": {
@ -10120,15 +10209,15 @@
"properties": {
"podSelector": {
"$ref": "v1.LabelSelector",
"description": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace."
"description": "This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.\n\nIf NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy's own Namespace."
},
"namespaceSelector": {
"$ref": "v1.LabelSelector",
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
"description": "Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.\n\nIf PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector."
},
"ipBlock": {
"$ref": "v1beta1.IPBlock",
"description": "IPBlock defines policy on a particular IPBlock"
"description": "IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be."
}
}
},
@ -10178,7 +10267,7 @@
},
"v1beta1.PodSecurityPolicyList": {
"id": "v1beta1.PodSecurityPolicyList",
"description": "Pod Security Policy List is a list of PodSecurityPolicy objects.",
"description": "PodSecurityPolicyList is a list of PodSecurityPolicy objects. Deprecated: use PodSecurityPolicyList from policy API Group instead.",
"required": [
"items"
],
@ -10200,13 +10289,13 @@
"items": {
"$ref": "v1beta1.PodSecurityPolicy"
},
"description": "Items is a list of schema objects."
"description": "items is a list of schema objects."
}
}
},
"v1beta1.PodSecurityPolicy": {
"id": "v1beta1.PodSecurityPolicy",
"description": "Pod Security Policy governs the ability to make requests that affect the Security Context that will be applied to a pod and container.",
"description": "PodSecurityPolicy governs the ability to make requests that affect the Security Context that will be applied to a pod and container. Deprecated: use PodSecurityPolicy from policy API Group instead.",
"properties": {
"kind": {
"type": "string",
@ -10228,7 +10317,7 @@
},
"v1beta1.PodSecurityPolicySpec": {
"id": "v1beta1.PodSecurityPolicySpec",
"description": "Pod Security Policy Spec defines the policy enforced.",
"description": "PodSecurityPolicySpec defines the policy enforced. Deprecated: use PodSecurityPolicySpec from policy API Group instead.",
"required": [
"seLinux",
"runAsUser",
@ -10245,28 +10334,28 @@
"items": {
"$ref": "v1.Capability"
},
"description": "DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both DefaultAddCapabilities and RequiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the AllowedCapabilities list."
"description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list."
},
"requiredDropCapabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added."
"description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added."
},
"allowedCapabilities": {
"type": "array",
"items": {
"$ref": "v1.Capability"
},
"description": "AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities."
"description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author's discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities."
},
"volumes": {
"type": "array",
"items": {
"$ref": "v1beta1.FSType"
},
"description": "volumes is a white list of allowed volume plugins. Empty indicates that all plugins may be used."
"description": "volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'."
},
"hostNetwork": {
"type": "boolean",
@ -10297,37 +10386,51 @@
},
"supplementalGroups": {
"$ref": "v1beta1.SupplementalGroupsStrategyOptions",
"description": "SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
"description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext."
},
"fsGroup": {
"$ref": "v1beta1.FSGroupStrategyOptions",
"description": "FSGroup is the strategy that will dictate what fs group is used by the SecurityContext."
"description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext."
},
"readOnlyRootFilesystem": {
"type": "boolean",
"description": "ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
"description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to."
},
"defaultAllowPrivilegeEscalation": {
"type": "boolean",
"description": "DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
"description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process."
},
"allowPrivilegeEscalation": {
"type": "boolean",
"description": "AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
"description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true."
},
"allowedHostPaths": {
"type": "array",
"items": {
"$ref": "v1beta1.AllowedHostPath"
},
"description": "is a white list of allowed host paths. Empty indicates that all host paths may be used."
"description": "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used."
},
"allowedFlexVolumes": {
"type": "array",
"items": {
"$ref": "v1beta1.AllowedFlexVolume"
},
"description": "AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field."
"description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field."
},
"allowedUnsafeSysctls": {
"type": "array",
"items": {
"type": "string"
},
"description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc."
},
"forbiddenSysctls": {
"type": "array",
"items": {
"type": "string"
},
"description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc."
}
}
},
@ -10337,7 +10440,7 @@
},
"v1beta1.HostPortRange": {
"id": "v1beta1.HostPortRange",
"description": "Host Port Range defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined.",
"description": "HostPortRange defines a range of host ports that will be enabled by a policy for pods to use. It requires both the start and end to be defined. Deprecated: use HostPortRange from policy API Group instead.",
"required": [
"min",
"max"
@ -10357,14 +10460,14 @@
},
"v1beta1.SELinuxStrategyOptions": {
"id": "v1beta1.SELinuxStrategyOptions",
"description": "SELinux Strategy Options defines the strategy type and any options used to create the strategy.",
"description": "SELinuxStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use SELinuxStrategyOptions from policy API Group instead.",
"required": [
"rule"
],
"properties": {
"rule": {
"type": "string",
"description": "type is the strategy that will dictate the allowable labels that may be set."
"description": "rule is the strategy that will dictate the allowable labels that may be set."
},
"seLinuxOptions": {
"$ref": "v1.SELinuxOptions",
@ -10374,27 +10477,27 @@
},
"v1beta1.RunAsUserStrategyOptions": {
"id": "v1beta1.RunAsUserStrategyOptions",
"description": "Run A sUser Strategy Options defines the strategy type and any options used to create the strategy.",
"description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy. Deprecated: use RunAsUserStrategyOptions from policy API Group instead.",
"required": [
"rule"
],
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate the allowable RunAsUser values that may be set."
"description": "rule is the strategy that will dictate the allowable RunAsUser values that may be set."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of uids that may be used."
"description": "ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.IDRange": {
"id": "v1beta1.IDRange",
"description": "ID Range provides a min/max of an allowed range of IDs.",
"description": "IDRange provides a min/max of an allowed range of IDs. Deprecated: use IDRange from policy API Group instead.",
"required": [
"min",
"max"
@ -10403,69 +10506,73 @@
"min": {
"type": "integer",
"format": "int64",
"description": "Min is the start of the range, inclusive."
"description": "min is the start of the range, inclusive."
},
"max": {
"type": "integer",
"format": "int64",
"description": "Max is the end of the range, inclusive."
"description": "max is the end of the range, inclusive."
}
}
},
"v1beta1.SupplementalGroupsStrategyOptions": {
"id": "v1beta1.SupplementalGroupsStrategyOptions",
"description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.",
"description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.",
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate what supplemental groups is used in the SecurityContext."
"description": "rule is the strategy that will dictate what supplemental groups is used in the SecurityContext."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end."
"description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.FSGroupStrategyOptions": {
"id": "v1beta1.FSGroupStrategyOptions",
"description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.",
"description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy. Deprecated: use FSGroupStrategyOptions from policy API Group instead.",
"properties": {
"rule": {
"type": "string",
"description": "Rule is the strategy that will dictate what FSGroup is used in the SecurityContext."
"description": "rule is the strategy that will dictate what FSGroup is used in the SecurityContext."
},
"ranges": {
"type": "array",
"items": {
"$ref": "v1beta1.IDRange"
},
"description": "Ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end."
"description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs."
}
}
},
"v1beta1.AllowedHostPath": {
"id": "v1beta1.AllowedHostPath",
"description": "defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined.",
"description": "AllowedHostPath defines the host volume conditions that will be enabled by a policy for pods to use. It requires the path prefix to be defined. Deprecated: use AllowedHostPath from policy API Group instead.",
"properties": {
"pathPrefix": {
"type": "string",
"description": "is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`"
"description": "pathPrefix is the path prefix that the host volume must match. It does not support `*`. Trailing slashes are trimmed when validating the path prefix with a host path.\n\nExamples: `/foo` would allow `/foo`, `/foo/` and `/foo/bar` `/foo` would not allow `/food` or `/etc/foo`"
},
"readOnly": {
"type": "boolean",
"description": "when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly."
}
}
},
"v1beta1.AllowedFlexVolume": {
"id": "v1beta1.AllowedFlexVolume",
"description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.",
"description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used. Deprecated: use AllowedFlexVolume from policy API Group instead.",
"required": [
"driver"
],
"properties": {
"driver": {
"type": "string",
"description": "Driver is the name of the Flexvolume driver."
"description": "driver is the name of the Flexvolume driver."
}
}
},